diff --git a/assets/bitnami/kafka-22.0.0.tgz b/assets/bitnami/kafka-22.0.0.tgz new file mode 100644 index 000000000..7e3171d3f Binary files /dev/null and b/assets/bitnami/kafka-22.0.0.tgz differ diff --git a/assets/bitnami/mariadb-12.0.0.tgz b/assets/bitnami/mariadb-12.0.0.tgz new file mode 100644 index 000000000..62fc91d2f Binary files /dev/null and b/assets/bitnami/mariadb-12.0.0.tgz differ diff --git a/assets/bitnami/postgresql-12.3.1.tgz b/assets/bitnami/postgresql-12.3.1.tgz new file mode 100644 index 000000000..3719fd59a Binary files /dev/null and b/assets/bitnami/postgresql-12.3.1.tgz differ diff --git a/assets/bitnami/wordpress-16.0.0.tgz b/assets/bitnami/wordpress-16.0.0.tgz new file mode 100644 index 000000000..cadbdb9fa Binary files /dev/null and b/assets/bitnami/wordpress-16.0.0.tgz differ diff --git a/assets/dh2i/dxemssql-1.0.3.tgz b/assets/dh2i/dxemssql-1.0.3.tgz new file mode 100644 index 000000000..b823b4abd Binary files /dev/null and b/assets/dh2i/dxemssql-1.0.3.tgz differ diff --git a/assets/gitlab/gitlab-6.11.0.tgz b/assets/gitlab/gitlab-6.11.0.tgz new file mode 100644 index 000000000..ee7787b70 Binary files /dev/null and b/assets/gitlab/gitlab-6.11.0.tgz differ diff --git a/assets/kasten/k10-5.5.801.tgz b/assets/kasten/k10-5.5.801.tgz index f668d5412..33f4381ba 100644 Binary files a/assets/kasten/k10-5.5.801.tgz and b/assets/kasten/k10-5.5.801.tgz differ diff --git a/assets/kasten/k10-5.5.901.tgz b/assets/kasten/k10-5.5.901.tgz new file mode 100644 index 000000000..f39b7c3ae Binary files /dev/null and b/assets/kasten/k10-5.5.901.tgz differ diff --git a/assets/kong/kong-2.19.1.tgz b/assets/kong/kong-2.19.1.tgz new file mode 100644 index 000000000..ad477bb02 Binary files /dev/null and b/assets/kong/kong-2.19.1.tgz differ diff --git a/assets/minio/minio-operator-5.0.4.tgz b/assets/minio/minio-operator-5.0.4.tgz new file mode 100644 index 000000000..fe0c30065 Binary files /dev/null and b/assets/minio/minio-operator-5.0.4.tgz differ diff --git a/assets/pixie/pixie-operator-chart-0.1.1.tgz b/assets/pixie/pixie-operator-chart-0.1.1.tgz index b15ed8660..5af46e0aa 100644 Binary files a/assets/pixie/pixie-operator-chart-0.1.1.tgz and b/assets/pixie/pixie-operator-chart-0.1.1.tgz differ diff --git a/assets/redpanda/redpanda-4.0.5.tgz b/assets/redpanda/redpanda-4.0.5.tgz new file mode 100644 index 000000000..43d23584d Binary files /dev/null and b/assets/redpanda/redpanda-4.0.5.tgz differ diff --git a/assets/traefik/traefik-22.2.0.tgz b/assets/traefik/traefik-22.2.0.tgz new file mode 100644 index 000000000..2e0ec3024 Binary files /dev/null and b/assets/traefik/traefik-22.2.0.tgz differ diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index 7f620c052..29f6552f0 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper - repository: https://charts.bitnami.com/bitnami - version: 11.1.5 + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.2.1 - name: common - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts version: 2.2.4 -digest: sha256:a9cc33255fae632899c931e89126a7a0e9cec72fa758d499dd75f1ab752d1b0e -generated: "2023-03-22T03:12:46.460010968Z" +digest: sha256:6096760893ee2efeb54e10f7ecc20450eeb1265ee0ce451c07db11f4b025a9b5 +generated: "2023-04-20T22:55:33.801527+02:00" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index 6074ac3b9..45b5cb031 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -35,4 +35,4 @@ name: kafka sources: - https://github.com/bitnami/containers/tree/main/bitnami/kafka - https://kafka.apache.org/ -version: 21.4.6 +version: 22.0.0 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index 5681111e2..7f2f32b27 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/kafka +helm install my-release oci://registry-1.docker.io/bitnamicharts/kafka ``` ## Introduction @@ -32,8 +31,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/kafka +helm install my-release oci://registry-1.docker.io/bitnamicharts/kafka ``` These commands deploy Kafka on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -82,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r15` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r22` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -166,12 +164,12 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | | `replicaCount` | Number of Kafka nodes | `1` | -| `minBrokerId` | Minimal broker.id value, nodes increment their `broker.id` respectively | `0` | +| `minId` | Minimal node.id or broker.id values, nodes increment their value respectively | `0` | | `brokerRackAssignment` | Set Broker Assignment for multi tenant environment Allowed values: `aws-az` | `""` | | `containerPorts.client` | Kafka client container port | `9092` | -| `containerPorts.internal` | Kafka inter-broker container port | `9093` | -| `containerPorts.external` | Kafka external container port | `9094` | -| `containerPorts.controller` | Kafka Controller listener port. It is used if "kraft.enabled: true" | `9095` | +| `containerPorts.controller` | Kafka Controller listener port. It is used if "kraft.enabled: true" | `9093` | +| `containerPorts.internal` | Kafka inter-broker container port | `9094` | +| `containerPorts.external` | Kafka external container port | `9095` | | `livenessProbe.enabled` | Enable livenessProbe on Kafka containers | `true` | | `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | | `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | @@ -236,8 +234,9 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | `service.type` | Kubernetes Service type | `ClusterIP` | | `service.ports.client` | Kafka svc port for client connections | `9092` | -| `service.ports.internal` | Kafka svc port for inter-broker connections | `9093` | -| `service.ports.external` | Kafka svc port for external connections | `9094` | +| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` | +| `service.ports.internal` | Kafka svc port for inter-broker connections | `9094` | +| `service.ports.external` | Kafka svc port for external connections | `9095` | | `service.nodePorts.client` | Node port for the Kafka client connections | `""` | | `service.nodePorts.external` | Node port for the Kafka external connections | `""` | | `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | @@ -255,7 +254,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | | `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | | `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.8-debian-11-r2` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.9-debian-11-r2` | | `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | @@ -311,7 +310,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -336,7 +335,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r73` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r80` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -384,7 +383,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r5` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r12` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -473,7 +472,7 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | ------------------------------- | --------------------------------------------------------------------------------------- | ------------------------ | -| `kraft.enabled` | Switch to enable or disable the Kraft mode for Kafka | `false` | +| `kraft.enabled` | Switch to enable or disable the Kraft mode for Kafka | `true` | | `kraft.processRoles` | Roles of your Kafka nodes. Nodes can have 'broker', 'controller' roles or both of them. | `broker,controller` | | `kraft.controllerListenerNames` | Controller listener names | `CONTROLLER` | | `kraft.clusterId` | Kafka ClusterID. You must set it if your cluster contains more than one node. | `kafka_cluster_id_test1` | @@ -483,7 +482,7 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `zookeeper.enabled` | Switch to enable or disable the ZooKeeper helm chart. Must be false if you use Kraft mode. | `true` | +| `zookeeper.enabled` | Switch to enable or disable the ZooKeeper helm chart. Must be false if you use Kraft mode. | `false` | | `zookeeper.replicaCount` | Number of ZooKeeper nodes | `1` | | `zookeeper.auth.client.enabled` | Enable ZooKeeper auth | `false` | | `zookeeper.auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` | @@ -499,7 +498,7 @@ The command removes all the Kubernetes components associated with the chart and ```console helm install my-release \ --set replicaCount=3 \ - my-repo/kafka + oci://registry-1.docker.io/bitnamicharts/kafka ``` The above command deploys Kafka with 3 brokers (replicas). @@ -507,7 +506,7 @@ The above command deploys Kafka with 3 brokers (replicas). Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/kafka +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/kafka ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -864,6 +863,13 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 22.0.0 + +This major updates the Kafka's configuration to use Kraft by default. You can learn more about this configuration [here](https://developer.confluent.io/learn/kraft). Apart from seting the `kraft.enabled` parameter to `true`, we also made the following changes: + +- Renamed `minBrokerId` parameter to `minId` to set the minimum ID to use when configuring the node.id or broker.id parameter depending on the Kafka's configuration. This parameter sets the `KAFKA_CFG_NODE_ID` env var in the container. +- Updated the `containerPorts` and `service.ports` parameters to include the new controller port. + ### To 21.0.0 This major updates Kafka to its newest version, 3.4.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/34/documentation.html#upgrade). @@ -1026,8 +1032,8 @@ Backwards compatibility is not guaranteed when Kafka metrics are enabled, unless Use the workaround below to upgrade from versions previous to 7.0.0. The following example assumes that the release name is kafka: ```console -helm upgrade kafka my-repo/kafka --version 6.1.8 --set metrics.kafka.enabled=false -helm upgrade kafka my-repo/kafka --version 7.0.0 --set metrics.kafka.enabled=true +helm upgrade kafka oci://registry-1.docker.io/bitnamicharts/kafka --version 6.1.8 --set metrics.kafka.enabled=false +helm upgrade kafka oci://registry-1.docker.io/bitnamicharts/kafka --version 7.0.0 --set metrics.kafka.enabled=true ``` ### To 2.0.0 @@ -1064,4 +1070,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.lock b/charts/bitnami/kafka/charts/zookeeper/Chart.lock index 4cd9a8ba3..ecae1354a 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.lock +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 2.2.4 digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b -generated: "2023-03-19T02:06:13.108650823Z" +generated: "2023-04-20T13:54:08.945266062Z" diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml index 4db28d256..40930f908 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml @@ -22,4 +22,4 @@ name: zookeeper sources: - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper - https://zookeeper.apache.org/ -version: 11.1.5 +version: 11.2.1 diff --git a/charts/bitnami/kafka/charts/zookeeper/README.md b/charts/bitnami/kafka/charts/zookeeper/README.md index eebf64f34..98b4959b4 100644 --- a/charts/bitnami/kafka/charts/zookeeper/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/README.md @@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/zookeeper +helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper ``` ## Introduction @@ -32,8 +31,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/zookeeper +helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper ``` These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -82,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r15` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r25` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -248,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -319,7 +317,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console helm install my-release \ --set auth.clientUser=newUser \ - my-repo/zookeeper + oci://registry-1.docker.io/bitnamicharts/zookeeper ``` The above command sets the ZooKeeper user to `newUser`. @@ -329,7 +327,7 @@ The above command sets the ZooKeeper user to `newUser`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/zookeeper +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper ``` > **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/bitnami/kafka/charts/zookeeper/values.yaml b/charts/bitnami/kafka/charts/zookeeper/values.yaml index 617febf4a..66c857f41 100644 --- a/charts/bitnami/kafka/charts/zookeeper/values.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.1-debian-11-r15 + tag: 3.8.1-debian-11-r25 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r98 + tag: 11-debian-11-r108 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/templates/scripts-configmap.yaml b/charts/bitnami/kafka/templates/scripts-configmap.yaml index 472483c2f..155914bd1 100644 --- a/charts/bitnami/kafka/templates/scripts-configmap.yaml +++ b/charts/bitnami/kafka/templates/scripts-configmap.yaml @@ -83,14 +83,18 @@ data: if [[ $KAFKA_CFG_PROCESS_ROLES == "" ]]; then export KAFKA_CFG_BROKER_ID="$(grep "broker.id" "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" | awk -F '=' '{print $2}')" else - export KAFKA_CFG_BROKER_ID="$(grep "node.id" "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" | awk -F '=' '{print $2}')" + export KAFKA_CFG_NODE_ID="$(grep "node.id" "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" | awk -F '=' '{print $2}')" fi else - export KAFKA_CFG_BROKER_ID="$((ID + {{ .Values.minBrokerId }}))" + if [[ $KAFKA_CFG_PROCESS_ROLES == "" ]]; then + export KAFKA_CFG_BROKER_ID="$((ID + {{ .Values.minId }}))" + else + export KAFKA_CFG_NODE_ID="$((ID + {{ .Values.minId }}))" + fi fi if [[ $KAFKA_CFG_PROCESS_ROLES == *"controller"* ]]; then - node_id={{ .Values.minBrokerId }} + node_id={{ .Values.minId }} pod_id=0 while : do diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index 77aa0f565..e0f153687 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -77,7 +77,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.4.0-debian-11-r15 + tag: 3.4.0-debian-11-r22 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -437,25 +437,25 @@ extraEnvVarsSecret: "" ## @param replicaCount Number of Kafka nodes ## replicaCount: 1 -## @param minBrokerId Minimal broker.id value, nodes increment their `broker.id` respectively -## Brokers increment their ID starting at this minimal value. -## E.g., with `minBrokerId=100` and 3 nodes, IDs will be 100, 101, 102 for brokers 0, 1, and 2, respectively. +## @param minId Minimal node.id or broker.id values, nodes increment their value respectively +## Nodes or Brokers idncrement their ID starting at this minimal value. +## E.g., with `minId=100` and 3 nodes, IDs will be 100, 101, 102 for brokers 0, 1, and 2, respectively. ## -minBrokerId: 0 +minId: 0 ## @param brokerRackAssignment Set Broker Assignment for multi tenant environment Allowed values: `aws-az` ## ref: https://cwiki.apache.org/confluence/display/KAFKA/KIP-392%3A+Allow+consumers+to+fetch+from+closest+replica ## brokerRackAssignment: "" ## @param containerPorts.client Kafka client container port +## @param containerPorts.controller Kafka Controller listener port. It is used if "kraft.enabled: true" ## @param containerPorts.internal Kafka inter-broker container port ## @param containerPorts.external Kafka external container port -## @param containerPorts.controller Kafka Controller listener port. It is used if "kraft.enabled: true" ## containerPorts: client: 9092 - internal: 9093 - external: 9094 - controller: 9095 + controller: 9093 + internal: 9094 + external: 9095 ## Configure extra options for Kafka containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe on Kafka containers @@ -689,13 +689,15 @@ service: ## type: ClusterIP ## @param service.ports.client Kafka svc port for client connections + ## @param service.ports.controller Kafka svc port for controller connections. It is used if "kraft.enabled: true" ## @param service.ports.internal Kafka svc port for inter-broker connections ## @param service.ports.external Kafka svc port for external connections ## ports: client: 9092 - internal: 9093 - external: 9094 + controller: 9093 + internal: 9094 + external: 9095 ## @param service.nodePorts.client Node port for the Kafka client connections ## @param service.nodePorts.external Node port for the Kafka external connections ## NOTE: choose port between <30000-32767> @@ -779,7 +781,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.25.8-debian-11-r2 + tag: 1.25.9-debian-11-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1028,7 +1030,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r102 + tag: 11-debian-11-r108 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1110,7 +1112,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.6.0-debian-11-r73 + tag: 1.6.0-debian-11-r80 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1346,7 +1348,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.18.0-debian-11-r5 + tag: 0.18.0-debian-11-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1740,7 +1742,7 @@ provisioning: kraft: ## @param kraft.enabled Switch to enable or disable the Kraft mode for Kafka ## - enabled: false + enabled: true ## @param kraft.processRoles Roles of your Kafka nodes. Nodes can have 'broker', 'controller' roles or both of them. ## processRoles: broker,controller @@ -1766,7 +1768,7 @@ kraft: zookeeper: ## @param zookeeper.enabled Switch to enable or disable the ZooKeeper helm chart. Must be false if you use Kraft mode. ## - enabled: true + enabled: false ## @param zookeeper.replicaCount Number of ZooKeeper nodes ## replicaCount: 1 diff --git a/charts/bitnami/mariadb/Chart.lock b/charts/bitnami/mariadb/Chart.lock index ea921218d..cbbf21f4e 100644 --- a/charts/bitnami/mariadb/Chart.lock +++ b/charts/bitnami/mariadb/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 2.2.4 digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b -generated: "2023-03-18T22:59:57.930574974Z" +generated: "2023-04-21T12:42:37.885250564Z" diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index 37d46af8e..848143a47 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Database licenses: Apache-2.0 apiVersion: v2 -appVersion: 10.6.12 +appVersion: 10.11.2 dependencies: - name: common repository: file://./charts/common @@ -32,4 +32,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 11.5.7 +version: 12.0.0 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index fe38ddec2..865353862 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/mariadb +helm install my-release oci://registry-1.docker.io/bitnamicharts/mariadb ``` ## Introduction @@ -34,8 +33,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/mariadb +helm install my-release oci://registry-1.docker.io/bitnamicharts/mariadb ``` The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -86,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | MariaDB image registry | `docker.io` | | `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r16` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.2-debian-11-r18` | | `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -308,7 +306,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -322,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r103` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r110` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -387,7 +385,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ - my-repo/mariadb + oci://registry-1.docker.io/bitnamicharts/mariadb ``` The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`. @@ -397,7 +395,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/mariadb +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/mariadb ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -457,7 +455,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: ```console -helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] +helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=[ROOT_PASSWORD] ``` | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. @@ -514,7 +512,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: ```console -helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +helm install mariadb oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` | Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. diff --git a/charts/bitnami/mariadb/templates/NOTES.txt b/charts/bitnami/mariadb/templates/NOTES.txt index c1039e6ff..ba55fd85a 100644 --- a/charts/bitnami/mariadb/templates/NOTES.txt +++ b/charts/bitnami/mariadb/templates/NOTES.txt @@ -62,7 +62,7 @@ To upgrade this helm chart: 1. Obtain the password as described on the 'Administrator credentials' section and set the 'auth.rootPassword' parameter as shown below: ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 -d) - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/mariadb --set auth.rootPassword=$ROOT_PASSWORD + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=$ROOT_PASSWORD {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.metrics.image }} diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index a9da0b674..6d13cda4f 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -87,7 +87,7 @@ serviceBindings: image: registry: docker.io repository: bitnami/mariadb - tag: 10.6.12-debian-11-r16 + tag: 10.11.2-debian-11-r18 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1001,7 +1001,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r102 + tag: 11-debian-11-r108 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1037,7 +1037,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r103 + tag: 0.14.0-debian-11-r110 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/postgresql/Chart.lock b/charts/bitnami/postgresql/Chart.lock index 2b9dadc72..23c5b109c 100644 --- a/charts/bitnami/postgresql/Chart.lock +++ b/charts/bitnami/postgresql/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 2.2.4 digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b -generated: "2023-03-14T07:26:55.449518929Z" +generated: "2023-04-21T21:43:08.326299866Z" diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 1649d12f6..2eeb202e4 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -32,4 +32,4 @@ name: postgresql sources: - https://github.com/bitnami/containers/tree/main/bitnami/postgresql - https://www.postgresql.org/ -version: 12.2.8 +version: 12.3.1 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index 324baa5c4..0ee995c23 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/postgresql +helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql ``` ## Introduction @@ -34,8 +33,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/postgresql +helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql ``` The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -100,7 +98,7 @@ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r21` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r24` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -377,7 +375,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r106` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -405,7 +403,7 @@ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r77` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r79` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | @@ -462,7 +460,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console helm install my-release \ --set auth.postgresPassword=secretpassword - my-repo/postgresql + oci://registry-1.docker.io/bitnamicharts/postgresql ``` The above command sets the PostgreSQL `postgres` account password to `secretpassword`. @@ -473,7 +471,7 @@ The above command sets the PostgreSQL `postgres` account password to `secretpass Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/postgresql +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/postgresql ``` > **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index b7039b1b1..e035a84c0 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.2.0-debian-11-r21 + tag: 15.2.0-debian-11-r24 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1136,7 +1136,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r106 + tag: 11-debian-11-r108 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1231,7 +1231,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.12.0-debian-11-r77 + tag: 0.12.0-debian-11-r79 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index fd5540145..be1712185 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: memcached - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts version: 6.3.14 - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 11.5.7 + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.0.0 - name: common - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts version: 2.2.4 -digest: sha256:01241e73d02fd59a1bf377fbe248b7b00cfc188997da512fa84dbc64e62d0784 -generated: "2023-04-13T17:50:13.616024636Z" +digest: sha256:b42b42cbc7149d985731a08baccce83f4378552b173183929390487c4c885151 +generated: "2023-04-21T17:12:34.80075+02:00" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index d64711974..50b1d90f8 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -15,7 +15,7 @@ dependencies: - condition: mariadb.enabled name: mariadb repository: file://./charts/mariadb - version: 11.x.x + version: 12.x.x - name: common repository: file://./charts/common tags: @@ -41,4 +41,4 @@ name: wordpress sources: - https://github.com/bitnami/containers/tree/main/bitnami/wordpress - https://wordpress.org/ -version: 15.4.1 +version: 16.0.0 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index db5b508f1..4388abdfe 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -9,8 +9,7 @@ WordPress is the world's most popular blogging and content management platform. ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/wordpress +helm install my-release oci://registry-1.docker.io/bitnamicharts/wordpress ``` ## Introduction @@ -33,8 +32,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/wordpress +helm install my-release oci://registry-1.docker.io/bitnamicharts/wordpress ``` The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -376,7 +374,7 @@ helm install my-release \ --set wordpressUsername=admin \ --set wordpressPassword=password \ --set mariadb.auth.rootPassword=secretpassword \ - my-repo/wordpress + oci://registry-1.docker.io/bitnamicharts/wordpress ``` The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. @@ -386,7 +384,7 @@ The above command sets the WordPress administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/wordpress +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/wordpress ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -512,6 +510,10 @@ To enable the new features, it is not possible to do it by upgrading an existing ## Upgrading +### To 16.0.0 + +This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade. + ### To 14.0.0 This major release bumps the MariaDB version to 10.6. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-105-to-mariadb-106/) for upgrading from MariaDB 10.5 to 10.6. No major issues are expected during the upgrade. @@ -565,13 +567,13 @@ export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=wordpress,app Upgrade your release (maintaining the version) disabling MariaDB and scaling WordPress replicas to 0: ```console -helm upgrade wordpress my-repo/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4 +helm upgrade wordpress oci://registry-1.docker.io/bitnamicharts/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4 ``` Finally, upgrade you release to `10.0.0` reusing the existing PVC, and enabling back MariaDB: ```console -helm upgrade wordpress my-repo/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD +helm upgrade wordpress oci://registry-1.docker.io/bitnamicharts/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD ``` You should see the lines below in MariaDB container logs: diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.lock b/charts/bitnami/wordpress/charts/mariadb/Chart.lock index ea921218d..cbbf21f4e 100644 --- a/charts/bitnami/wordpress/charts/mariadb/Chart.lock +++ b/charts/bitnami/wordpress/charts/mariadb/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 2.2.4 digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b -generated: "2023-03-18T22:59:57.930574974Z" +generated: "2023-04-21T12:42:37.885250564Z" diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml index 08f15f5b1..cfba49f5d 100644 --- a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Database licenses: Apache-2.0 apiVersion: v2 -appVersion: 10.6.12 +appVersion: 10.11.2 dependencies: - name: common repository: https://charts.bitnami.com/bitnami @@ -28,4 +28,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 11.5.7 +version: 12.0.0 diff --git a/charts/bitnami/wordpress/charts/mariadb/README.md b/charts/bitnami/wordpress/charts/mariadb/README.md index fe38ddec2..865353862 100644 --- a/charts/bitnami/wordpress/charts/mariadb/README.md +++ b/charts/bitnami/wordpress/charts/mariadb/README.md @@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/mariadb +helm install my-release oci://registry-1.docker.io/bitnamicharts/mariadb ``` ## Introduction @@ -34,8 +33,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/mariadb +helm install my-release oci://registry-1.docker.io/bitnamicharts/mariadb ``` The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -86,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | MariaDB image registry | `docker.io` | | `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r16` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.2-debian-11-r18` | | `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -308,7 +306,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -322,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r103` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r110` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -387,7 +385,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```console helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ - my-repo/mariadb + oci://registry-1.docker.io/bitnamicharts/mariadb ``` The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`. @@ -397,7 +395,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/mariadb +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/mariadb ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -457,7 +455,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: ```console -helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] +helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=[ROOT_PASSWORD] ``` | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. @@ -514,7 +512,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: ```console -helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +helm install mariadb oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` | Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. diff --git a/charts/bitnami/wordpress/charts/mariadb/templates/NOTES.txt b/charts/bitnami/wordpress/charts/mariadb/templates/NOTES.txt index c1039e6ff..ba55fd85a 100644 --- a/charts/bitnami/wordpress/charts/mariadb/templates/NOTES.txt +++ b/charts/bitnami/wordpress/charts/mariadb/templates/NOTES.txt @@ -62,7 +62,7 @@ To upgrade this helm chart: 1. Obtain the password as described on the 'Administrator credentials' section and set the 'auth.rootPassword' parameter as shown below: ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 -d) - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} my-repo/mariadb --set auth.rootPassword=$ROOT_PASSWORD + helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/mariadb --set auth.rootPassword=$ROOT_PASSWORD {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.metrics.image }} diff --git a/charts/bitnami/wordpress/charts/mariadb/values.yaml b/charts/bitnami/wordpress/charts/mariadb/values.yaml index a9da0b674..6d13cda4f 100644 --- a/charts/bitnami/wordpress/charts/mariadb/values.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/values.yaml @@ -87,7 +87,7 @@ serviceBindings: image: registry: docker.io repository: bitnami/mariadb - tag: 10.6.12-debian-11-r16 + tag: 10.11.2-debian-11-r18 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1001,7 +1001,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r102 + tag: 11-debian-11-r108 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1037,7 +1037,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r103 + tag: 0.14.0-debian-11-r110 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.lock b/charts/bitnami/wordpress/charts/memcached/Chart.lock deleted file mode 100644 index dcda6c34c..000000000 --- a/charts/bitnami/wordpress/charts/memcached/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 2.2.4 -digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b -generated: "2023-03-09T01:05:12.462737684Z" diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml index d3315fcb8..9c20d87de 100644 --- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml +++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml @@ -5,10 +5,10 @@ apiVersion: v2 appVersion: 1.6.19 dependencies: - name: common - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts tags: - bitnami-common - version: 2.x.x + version: 2.2.4 description: Memcached is an high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md index 458c10f30..4b4e8f52c 100644 --- a/charts/bitnami/wordpress/charts/memcached/README.md +++ b/charts/bitnami/wordpress/charts/memcached/README.md @@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/memcached +helm install my-release oci://registry-1.docker.io/bitnamicharts/memcached ``` ## Introduction @@ -31,8 +30,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -helm repo add my-repo https://charts.bitnami.com/bitnami -helm install my-release my-repo/memcached +helm install my-release oci://registry-1.docker.io/bitnamicharts/memcached ``` These commands deploy Memcached on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -269,7 +267,7 @@ The above parameters map to the environment variables defined in the [bitnami/me Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -helm install my-release --set auth.username=user,auth.password=password my-repo/memcached +helm install my-release --set auth.username=user,auth.password=password oci://registry-1.docker.io/bitnamicharts/memcached ``` The above command sets the Memcached admin account username and password to `user` and `password` respectively. @@ -279,7 +277,7 @@ The above command sets the Memcached admin account username and password to `use Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -helm install my-release -f values.yaml my-repo/memcached +helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/memcached ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -351,7 +349,7 @@ Use the workaround below to upgrade from versions previous to 4.0.0. The followi ```console kubectl delete deployment memcached --cascade=false -helm upgrade memcached my-repo/memcached +helm upgrade memcached oci://registry-1.docker.io/bitnamicharts/memcached ``` ### To 3.0.0 diff --git a/charts/dh2i/dxemssql/Chart.yaml b/charts/dh2i/dxemssql/Chart.yaml index 17719c10f..7d002bff0 100644 --- a/charts/dh2i/dxemssql/Chart.yaml +++ b/charts/dh2i/dxemssql/Chart.yaml @@ -8,7 +8,7 @@ apiVersion: v2 appVersion: "22.0" description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server availability groups -icon: https://clients.dh2i.com/images/DH2i_Logo_Icon.png +icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png kubeVersion: '>= 1.20.0' maintainers: - email: support@dh2i.com @@ -16,4 +16,4 @@ maintainers: url: https://dh2i.com name: dxemssql type: application -version: 1.0.2 +version: 1.0.3 diff --git a/charts/gitlab/gitlab/CHANGELOG.md b/charts/gitlab/gitlab/CHANGELOG.md index ecacb38fd..71e8c99ac 100644 --- a/charts/gitlab/gitlab/CHANGELOG.md +++ b/charts/gitlab/gitlab/CHANGELOG.md @@ -2,6 +2,38 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 6.11.0 (2023-04-21) + +### Added (7 changes) + +- [Add the ability to install the ebs_csi_driver](gitlab-org/charts/gitlab@5c978d41d7cb528eef7f90a520d73b0ce83c7dcf) ([merge request](gitlab-org/charts/gitlab!3083)) +- [Adding containerSecurityContext logic to sidekiq chart](gitlab-org/charts/gitlab@64e60de58e4c2ead512856a605bd30de273321c5) by @rgarcia65201 ([merge request](gitlab-org/charts/gitlab!3044)) +- [Add support for the workhorse GCS client](gitlab-org/charts/gitlab@70f6ea0c037bcc0343ae7fd7da258d8e43a087bd) ([merge request](gitlab-org/charts/gitlab!3060)) +- [Configurations for duo auth](gitlab-org/charts/gitlab@40b28a67dab49bd29f5b3c7604d323db58f958cb) ([merge request](gitlab-org/charts/gitlab!3043)) +- [Bump gitlab-zoekt version to 0.2.0](gitlab-org/charts/gitlab@05b450d0a28b1bfb46245d4e88ee47157f092eca) ([merge request](gitlab-org/charts/gitlab!3049)) +- [Add kubeval for Kubernetes 1.25](gitlab-org/charts/gitlab@973d2080aca68789a5ee061499f2d07a2eecf47a) ([merge request](gitlab-org/charts/gitlab!3031)) +- [Add the gitlab/gitlab-zoekt chart as optional (disabled) dependency](gitlab-org/charts/gitlab@4f02bb948502de173beec97bc436df84202e34af) ([merge request](gitlab-org/charts/gitlab!3018)) + +### Fixed (2 changes) + +- [Add Prometheus annotations to postgres-metrics service](gitlab-org/charts/gitlab@a8ca140916db03aed9309760f68a944bdcc83098) by @remram44 ([merge request](gitlab-org/charts/gitlab!3079)) +- [Webservice: make Workhorse stick around for SHUTDOWN_BLACKOUT_SECONDS](gitlab-org/charts/gitlab@2a14d9b3e7034520cfaa63f9e4af1f60800820dd) ([merge request](gitlab-org/charts/gitlab!3084)) + +### Changed (5 changes) + +- [Update gitlab-org/container-registry from 3.71.0-gitlab to 3.71.0-gitlab](gitlab-org/charts/gitlab@d716d2db682ba941c44481172773b12a8844384a) ([merge request](gitlab-org/charts/gitlab!3100)) +- [Bump Container Registry to v3.71.0-gitlab](gitlab-org/charts/gitlab@170b162a33c1c8727cbcf137c38388e0c3b1cb78) ([merge request](gitlab-org/charts/gitlab!3096)) +- [Update NLB example for AWS Load Balancer Controller](gitlab-org/charts/gitlab@03859fa3c19b41bdeb717eda7bc08c6c4118f669) ([merge request](gitlab-org/charts/gitlab!3014)) +- [Update gitlab-org/container-registry from 3.69.0-gitlab to 3.70.0-gitlab](gitlab-org/charts/gitlab@8b1c2eb3db3a00e738fbbd127ff7259579c2c4d9) ([merge request](gitlab-org/charts/gitlab!3069)) +- [Update gitlab-org/charts/gitlab-runner from 0.51.0 to 0.51.1](gitlab-org/charts/gitlab@3fc3b1280511b6c614d981cba6d27ca862fb1bb0) ([merge request](gitlab-org/charts/gitlab!3061)) + +### Other (4 changes) + +- [Docs: Clarify `global.serviceAccount` usage](gitlab-org/charts/gitlab@e794742aabc27893b3e4c465fc27aa3fc744843c) ([merge request](gitlab-org/charts/gitlab!3110)) +- [Bump gitlab-zoekt to v0.3.0](gitlab-org/charts/gitlab@418f28559cbb547d2cb36b7e56c08bc6046f05c3) ([merge request](gitlab-org/charts/gitlab!3094)) +- [Remove references to unused 'fullnameOverride' key](gitlab-org/charts/gitlab@34b9c0d5d1f5227b8bb1b2496e3be6f9ff3a9ec0) ([merge request](gitlab-org/charts/gitlab!3092)) +- [checkConfig: verify format of omniauth provider content](gitlab-org/charts/gitlab@f419b34386799a83587eeecfea142070477e8029) ([merge request](gitlab-org/charts/gitlab!3054)) + ## 6.10.3 (2023-04-14) No changes. @@ -47,6 +79,10 @@ No changes. - [Add more context to sidekiq pod deprecation notices](gitlab-org/charts/gitlab@fdaef9d08c68beac06b0bcff16d0ec6b1bc274aa) ([merge request](gitlab-org/charts/gitlab!2966)) - [Add more context to sidekiq pod deprecation notices](gitlab-org/charts/gitlab@378fd9116dc5147d9d4c23d81a72e0e8089f138e) ([merge request](gitlab-org/charts/gitlab!2972)) +## 6.9.4 (2023-03-30) + +No changes. + ## 6.9.3 (2023-03-09) No changes. @@ -99,6 +135,14 @@ No changes. - [Moved minio config to global in example config](gitlab-org/charts/gitlab@973557e4cf0c5ec1e0c399fcce557fae2a87de17) ([merge request](gitlab-org/charts/gitlab!2952)) - [Doc - configure the GitLab chart with an decomposed database](gitlab-org/charts/gitlab@af72661b6f82f8f16dab591c8af67e44baf0b998) ([merge request](gitlab-org/charts/gitlab!2890)) +## 6.8.6 (2023-04-18) + +No changes. + +## 6.8.5 (2023-03-30) + +No changes. + ## 6.8.4 (2023-03-02) No changes. @@ -137,6 +181,10 @@ No changes. - [Update gitlab-org/gitlab-exporter from 11.18.2 to 12.1.0](gitlab-org/charts/gitlab@428de3dd7c208a0469b18b927fece2bc54029b19) ([merge request](gitlab-org/charts/gitlab!2911)) - [Update gitlab-org/container-registry from 3.63.0-gitlab to 3.64.0-gitlab](gitlab-org/charts/gitlab@a1edaea5f4d9d2a6d972b7412deafe6a2b50aedb) ([merge request](gitlab-org/charts/gitlab!2904)) +## 6.7.9 (2023-04-20) + +No changes. + ## 6.7.8 (2023-03-02) No changes. diff --git a/charts/gitlab/gitlab/Chart.yaml b/charts/gitlab/gitlab/Chart.yaml index dca635cb0..113f37007 100644 --- a/charts/gitlab/gitlab/Chart.yaml +++ b/charts/gitlab/gitlab/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: GitLab catalog.cattle.io/release-name: gitlab apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: The One DevOps Platform home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png @@ -15,4 +15,4 @@ maintainers: name: gitlab sources: - https://gitlab.com/gitlab-org/charts/gitlab -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/.gitignore b/charts/gitlab/gitlab/charts/gitlab-zoekt/.gitignore new file mode 100644 index 000000000..e43b0f988 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/.gitlab-ci.yml b/charts/gitlab/gitlab/charts/gitlab-zoekt/.gitlab-ci.yml new file mode 100644 index 000000000..b3620a6c1 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/.gitlab-ci.yml @@ -0,0 +1,54 @@ +include: + - template: Workflows/MergeRequest-Pipelines.gitlab-ci.yml + +stages: + - test + - publish + +variables: + HELM_INSTALL_IMAGE: registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image:helm-3.10.2-kube-1.24.8-alpine-3.15 + +lint:helm: + image: $HELM_INSTALL_IMAGE + script: + - helm lint + +publish: + stage: publish + script: + - chart_clone_subpath=${CI_PROJECT_PATH#"gitlab-org/"} # Strip leading gitlab-org/ + - curl --request POST + --form "token=${CHARTS_TRIGGER_TOKEN}" + --form ref=master + --form "variables[CHART_NAME]=${CI_PROJECT_NAME}" + --form "variables[RELEASE_REF]=${CI_COMMIT_REF_NAME}" + --form "variables[CHART_CLONE_SUBPATH]=${chart_clone_subpath}" + https://gitlab.com/api/v4/projects/2860651/trigger/pipeline + rules: + - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/cloud-native/charts/gitlab-zoekt"' + +test:install: + extends: .k3s + script: + - helm install gitlab-zoekt . --wait + - kubectl exec gitlab-zoekt-0 -- curl --fail -XPOST -d '{"CloneUrl":"https://gitlab.com/gitlab-org/gitlab-development-kit.git","RepoId":74823}' 'http://127.0.0.1:6060/index' | tee /dev/stderr | grep '"Success":true' + - kubectl exec gitlab-zoekt-0 -- curl --fail -XPOST -d '{"Q":"gitaly"}' 'http://127.0.0.1:6070/api/search' | tee /dev/stderr | grep "LineStart" # Some random thing that should appear when there are results + +test:upgrade: + extends: .k3s + script: + - helm install gitlab-zoekt . --wait + - helm upgrade gitlab-zoekt . --wait --reuse-values + +.k3s: + stage: test + image: $HELM_INSTALL_IMAGE + services: + - name: registry.gitlab.com/gitlab-org/cluster-integration/test-utils/k3s-gitlab-ci/releases/v1.26.0-k3s1 + alias: k3s + before_script: + - apk add -u curl + - curl -f k3s:8081 > k3s.yaml + - export KUBECONFIG=$(pwd)/k3s.yaml + - kubectl version + - kubectl cluster-info diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/Chart.yaml new file mode 100644 index 000000000..f15b1c419 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 0.0.1 +description: A Helm chart for deploying Zoekt as a search engine for GitLab +name: gitlab-zoekt +type: application +version: 0.3.0 diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/LICENSE b/charts/gitlab/gitlab/charts/gitlab-zoekt/LICENSE new file mode 100644 index 000000000..eacbe84d1 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2018-2019 GitLab B.V. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/README.md b/charts/gitlab/gitlab/charts/gitlab-zoekt/README.md new file mode 100644 index 000000000..eba706fb5 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/README.md @@ -0,0 +1,15 @@ +# GitLab Zoekt Helm Chart + +For deploying Zoekt as a code search engine to support [GitLab exact code search](https://docs.gitlab.com/ee/user/search/exact_code_search.html). + +## Install the chart + +``` +helm install gitlab-zoekt . +``` + +## Enable Lefthook + +```shell +lefthook install +``` \ No newline at end of file diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/lefthook.yml b/charts/gitlab/gitlab/charts/gitlab-zoekt/lefthook.yml new file mode 100644 index 000000000..6d2a28245 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/lefthook.yml @@ -0,0 +1,6 @@ +pre-push: + parallel: true + commands: + helm_lint: + files: git diff --name-only --diff-filter=d $(git merge-base origin/main HEAD)..HEAD + run: helm lint diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/NOTES.txt b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/NOTES.txt new file mode 100644 index 000000000..da583e337 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/NOTES.txt @@ -0,0 +1,23 @@ +1. Index a repo: + ``` + kubectl exec gitlab-zoekt-0 -- curl -XPOST -d '{"CloneUrl":"https://gitlab.com/gitlab-org/gitlab-development-kit.git","RepoId":74823}' 'http://127.0.0.1:6060/index' + ``` +2. Search: + ``` + kubectl exec gitlab-zoekt-0 -- curl -XPOST -d '{"Q":"gitaly"}' 'http://127.0.0.1:6070/api/search' + ``` +3. Services are exposed for port 6060 (indexserver), 6070 (webserver) for each replica (where the replica number is part of the DNS name) so you can connect from any other pod to index and search: + ``` + kubectl exec -- curl -XPOST -d '{"Q":"gitaly"}' 'http://gitlab-zoekt-0.gitlab-zoekt.default.svc.cluster.local:6070/api/search' + ``` +{{- if .Values.ingress.enabled }} +4. Get the IP of the ingress by running these commands: + ``` + kubectl get ingress gitlab-zoekt + ``` + NOTE: It may take a few minutes for the LoadBalancer IP to be available. +5. Then do a search via the Ingress + ``` + curl -H 'Host: gitlab-zoekt.local' -XPOST -d '{"Q":"gitaly"}' 'http:///api/search' + ``` +{{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/_helpers.tpl b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/_helpers.tpl new file mode 100644 index 000000000..87056242e --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gitlab-zoekt.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitlab-zoekt.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitlab-zoekt.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gitlab-zoekt.labels" -}} +helm.sh/chart: {{ include "gitlab-zoekt.chart" . }} +{{ include "gitlab-zoekt.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gitlab-zoekt.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitlab-zoekt.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gitlab-zoekt.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gitlab-zoekt.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Placeholder label definitions. +These are overridden when this chart is used as a sub-chart of gitlab/gitlab +*/}} +{{- define "gitlab.standardLabels" -}} +{{- end -}} +{{- define "gitlab.commonLabels" -}} +{{- end -}} +{{- define "gitlab.serviceLabels" -}} +{{- end -}} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/ingress.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/ingress.yaml new file mode 100644 index 000000000..907fd1470 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "gitlab-zoekt.fullname" . -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "gitlab-zoekt.labels" . | nindent 4 }} + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.ingress.host | quote }} + http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ .Values.webserver.listen.port }} + - path: / + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ .Values.dynamicIndexserver.listen.port }} +{{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/networkpolicy.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/networkpolicy.yaml new file mode 100644 index 000000000..4a00c7483 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/networkpolicy.yaml @@ -0,0 +1,31 @@ +{{- if .Values.networkpolicy.enabled -}} +{{- $fullName := include "gitlab-zoekt.fullname" . -}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ $fullName }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "gitlab-zoekt.labels" . | nindent 4 }} + annotations: + {{ toYaml .Values.networkpolicy.annotations | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "gitlab-zoekt.selectorLabels" . | nindent 6 }} + policyTypes: + {{- if .Values.networkpolicy.egress.enabled }} + - Egress + {{- end }} + {{- if .Values.networkpolicy.ingress.enabled }} + - Ingress + {{- end }} + {{- if .Values.networkpolicy.ingress.enabled }} + ingress: + {{ toYaml .Values.networkpolicy.ingress.rules | nindent 4 }} + {{- end -}} + {{- if .Values.networkpolicy.egress.enabled }} + egress: + {{ toYaml .Values.networkpolicy.egress.rules | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/service.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/service.yaml new file mode 100644 index 000000000..ab66cfd23 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gitlab-zoekt.fullname" . }} + labels: + {{- include "gitlab-zoekt.labels" . | nindent 4 }} + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + {{- include "gitlab.serviceLabels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} +{{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} + clusterIP: {{ .Values.service.clusterIP }} +{{- end }} +{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} + ports: + - port: {{ .Values.webserver.listen.port }} + name: webserver + - port: {{ .Values.dynamicIndexserver.listen.port }} + name: indexserver + selector: + {{- include "gitlab-zoekt.selectorLabels" . | nindent 4 }} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/serviceaccount.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/serviceaccount.yaml new file mode 100644 index 000000000..e4a26c44d --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitlab-zoekt.serviceAccountName" . }} + labels: + {{- include "gitlab-zoekt.labels" . | nindent 4 }} + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/stateful_sets.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/stateful_sets.yaml new file mode 100644 index 000000000..9d83ad2e4 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/templates/stateful_sets.yaml @@ -0,0 +1,105 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "gitlab-zoekt.fullname" . }} + labels: + {{- include "gitlab-zoekt.labels" . | nindent 4 }} + {{- include "gitlab.standardLabels" . | nindent 4 }} + {{- include "gitlab.commonLabels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "gitlab-zoekt.selectorLabels" . | nindent 6 }} + serviceName: {{ include "gitlab-zoekt.fullname" . }} + replicas: 1 # See https://gitlab.com/gitlab-org/gitlab-build-images/-/issues/118 + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gitlab-zoekt.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gitlab-zoekt.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: 60 + containers: + - name: zoekt-dynamic-indexserver + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ .Values.dynamicIndexserver.image.repository }}:{{ .Values.dynamicIndexserver.image.tag | default "latest" }} + imagePullPolicy: {{ coalesce .Values.dynamicIndexserver.image.pullPolicy .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.dynamicIndexserver.listen.port }} + name: indexserver + livenessProbe: + httpGet: + path: / + port: {{ .Values.dynamicIndexserver.listen.port }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.dynamicIndexserver.listen.port }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: zoekt-data + mountPath: /data/repos + - name: zoekt-index + mountPath: /data/index + - name: zoekt-webserver + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default "latest" }} + imagePullPolicy: {{ coalesce .Values.webserver.image.pullPolicy .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.webserver.listen.port }} + name: webserver + livenessProbe: + httpGet: + path: / + port: {{ .Values.webserver.listen.port }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.webserver.listen.port }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: zoekt-index + mountPath: /data/index + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: zoekt-data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.bareRepoStorageClassName }} + resources: + requests: + storage: {{ .Values.bareRepoStorage }} + - metadata: + name: zoekt-index + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.indexStorageClassName }} + resources: + requests: + storage: {{ .Values.indexStorage }} diff --git a/charts/gitlab/gitlab/charts/gitlab-zoekt/values.yaml b/charts/gitlab/gitlab/charts/gitlab-zoekt/values.yaml new file mode 100644 index 000000000..945107554 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-zoekt/values.yaml @@ -0,0 +1,108 @@ +# -- The size of storage mounted to the zoekt-dynamic-indexserver that will be used to store bare repos.
+# The bare repos are stored as an intermediate step in calculating the +# resulting index and treated like a cache as they will be refetched if +# missing. +# @raw +bareRepoStorage: 5Gi +bareRepoStorageClassName: "" + +# -- The size of storage mounted to the zoekt-dynamic-indexserver and zoekt-webserver that will be used to store index files.
+# The index files are those with the `.zoekt` extension and used to serve +# search results. +# @raw +indexStorage: 2Gi +indexStorageClassName: "" + +image: + pullPolicy: IfNotPresent +dynamicIndexserver: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-zoekt-dynamic-indexserver + tag: v0.0.1-5f25b + # pullPolicy: + listen: + port: 6060 +webserver: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-zoekt-webserver + tag: v0.0.1-5f25b + # pullPolicy: + listen: + port: 6070 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: + fsGroup: 1000 + +securityContext: + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + +service: + type: ClusterIP + clusterIP: None + annotations: {} + # cloud.google.com/load-balancer-type: Internal + # networking.gke.io/internal-load-balancer-allow-global-access: "true" + # loadBalancerIP: 123.123.123.123 + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.regional-static-ip-name: "gitlab-zoekt" + # kubernetes.io/ingress.class: "gce-internal" + host: gitlab-zoekt.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +networkpolicy: + enabled: false + egress: + enabled: false + rules: [] + ingress: + enabled: false + rules: [] + annotations: {} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml index 714459188..699fbfc79 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: GitLab Geo logcursor home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: geo-logcursor sources: - https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/templates/_helpers.tpl b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/templates/_helpers.tpl index 9a606082e..609ac3e7c 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/templates/_helpers.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/templates/_helpers.tpl @@ -6,24 +6,6 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "geo-logcursor.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml index 4fc7d23a2..6d0b8ff3d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: Git RPC service for handling all the git calls made by GitLab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitaly sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 90ea8b2b0..432da6160 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter - https://gitlab.com/gitlab-org/gitlab-exporter -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 2c2537598..fc1e766c5 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: Adapt the Grafana chart to interface to the GitLab App home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitlab-grafana sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml index ad6e2af32..f4265c9b6 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: Daemon for serving static websites from GitLab projects home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages - https://gitlab.com/gitlab-org/gitlab-pages -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml index 849467d6a..f7d775cc4 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -14,4 +14,4 @@ name: gitlab-shell sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml index 88dba8ae2..5ef304bda 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.10.0 +appVersion: v15.11.0 description: GitLab Agent Server home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -17,4 +17,4 @@ name: kas sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml index 3aaeba943..7674a4c42 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml @@ -13,4 +13,4 @@ name: mailroom sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml index 82ffd7aa3..68594c961 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: Database migrations and other versioning tasks for upgrading Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: migrations sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml index c798d7f4b..c29d1d1fd 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. home: https://about.gitlab.com/ @@ -16,4 +16,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly - https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml index 497a154ce..959e81b7b 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: Gitlab Sidekiq for asynchronous task processing in rails home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: sidekiq sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml index 1a46c5f9a..32225d480 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml @@ -103,6 +103,8 @@ data: {{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.kerberos.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.duo.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.duo.configuration" $ | nindent 6 }} shared: {{- include "gitlab.appConfig.gitaly" . | nindent 6 }} {{- include "gitlab.appConfig.repositories" . | nindent 6 }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 7e02be4aa..4f84db7d5 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -115,6 +115,7 @@ spec: command: ['sh', '/config/configure'] image: {{ include "gitlab.busybox.image" (dict "local" $.Values.init "global" $.Values.global) | quote }} {{- include "gitlab.image.pullPolicy" $initImageCfg | indent 10 }} + {{- include "gitlab.init.containerSecurityContext" $ | indent 10 }} env: {{- include "gitlab.extraEnv" $ | nindent 10 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 10 }} @@ -137,6 +138,7 @@ spec: - name: dependencies image: "{{ $image }}" {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} + {{- include "gitlab.init.containerSecurityContext" $ | indent 10 }} args: - /scripts/wait-for-deps env: @@ -178,6 +180,7 @@ spec: - name: {{ $name }} image: "{{ $image }}" {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} + {{- include "gitlab.containerSecurityContext" $ | indent 10 }} env: {{- if $metricsEnabled }} - name: prometheus_multiproc_dir @@ -350,6 +353,7 @@ spec: {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "dependency_proxy" "config" $.Values.global.appConfig.dependencyProxy) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "pages" "config" $.Values.global.pages.objectStore) | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} + {{- include "gitlab.appConfig.duo.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} {{- if $.Values.global.appConfig.microsoft_graph_mailer.enabled }} - secret: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/values.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/values.yaml index 620f4ddd8..56089cff5 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/values.yaml @@ -15,6 +15,7 @@ init: resources: requests: cpu: 50m + containerSecurityContext: {} # Node labels for pod assignment # nodeSelector: {} @@ -321,12 +322,16 @@ pods: # nodeSelector: {} # tolerations: [] -## Allow to overwrite under which User and Group we're running. +## Allow to overwrite under which User and Group the Pod will be running. securityContext: runAsUser: 1000 fsGroup: 1000 # fsGroupChangePolicy: OnRootMismatch +## Allow to overwrite the specific security context under which the container is running. +containerSecurityContext: + runAsUser: 1000 + ## Enable deployment to use a serviceAccount serviceAccount: enabled: false diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml index c70714829..a5ce8d255 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml @@ -14,4 +14,4 @@ name: spamcheck sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck - https://gitlab.com/gitlab-org/spamcheck -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml index 1ef7f5638..8e62e9be7 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: For manually running rake tasks through kubectl home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: toolbox sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml index 8272e726f..2f38e14cf 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml @@ -90,6 +90,7 @@ data: {{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.kerberos.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.duo.configuration" $ | nindent 6 }} shared: {{- include "gitlab.appConfig.gitaly" . | nindent 6 }} {{- include "gitlab.appConfig.repositories" . | nindent 6 }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml index b692cf237..131c15add 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml @@ -50,6 +50,7 @@ spec: command: ['sh', '/config/configure'] image: {{ include "gitlab.busybox.image" (dict "local" .Values.init "global" $.Values.global) | quote }} {{- include "gitlab.image.pullPolicy" $initImageCfg | indent 10 }} + {{- include "gitlab.init.containerSecurityContext" . | indent 10 }} env: {{- include "gitlab.extraEnv" . | nindent 10 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" (dict)) | nindent 10 }} @@ -107,6 +108,7 @@ spec: {{- end }} image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}{{ include "gitlab.image.tagSuffix" . }}" {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} + {{- include "gitlab.containerSecurityContext" . | indent 10 }} env: - name: ARTIFACTS_BUCKET_NAME value: {{ .Values.global.appConfig.artifacts.bucket }} @@ -250,6 +252,7 @@ spec: {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "dependency_proxy" "config" $.Values.global.appConfig.dependencyProxy) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "pages" "config" $.Values.global.pages.objectStore) | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} + {{- include "gitlab.appConfig.duo.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} {{- if $.Values.global.appConfig.microsoft_graph_mailer.enabled }} - secret: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/values.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/values.yaml index 0212f8a34..7d2692512 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/values.yaml @@ -12,6 +12,7 @@ init: resources: requests: cpu: 50m + containerSecurityContext: {} # Tolerations for pod scheduling tolerations: [] @@ -257,12 +258,16 @@ persistence: ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector matchExpressions: [] -## Allow to overwrite under which User and Group we're running. +## Allow to overwrite under which User and Group the Pod will be running. securityContext: runAsUser: 1000 fsGroup: 1000 # fsGroupChangePolicy: OnRootMismatch +## Allow to overwrite the specific security context under which the container is running. +containerSecurityContext: + runAsUser: 1000 + ## Enable deployment to use a serviceAccount serviceAccount: enabled: false diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml index 38ad4aa82..9050c8b77 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.10.3 +appVersion: 15.11.0 description: HTTP server for Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ name: webservice sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice -version: 6.10.3 +version: 6.11.0 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_datamodel.tpl b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_datamodel.tpl index 31f5df4e0..950960c2d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_datamodel.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_datamodel.tpl @@ -9,7 +9,7 @@ Walks `deployments` and merges `webservice.datamodel.blank` into each item, ensuring presence of all keys. */}} {{- define "webservice.datamodel.prepare" -}} -{{- $fullname := include "webservice.fullname" $ -}} +{{- $fullname := include "fullname" $ -}} {{- $blank := dict -}} {{/* make sure we always have at least one */}} {{- if not $.Values.deployments -}} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_helpers.tpl b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_helpers.tpl index f09deb9c8..fa586466d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_helpers.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/_helpers.tpl @@ -1,23 +1,5 @@ {{/* vim: set filetype=mustache: */}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "webservice.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - {{/* Create the fullname, with suffix of deployment.name Unless `ingress.path: /` or `name: default` @@ -88,49 +70,43 @@ image repository. {{- end -}} {{/* -Returns ERB section for Workhorse direct object storage configuration. +Returns gomplate section for Workhorse direct object storage configuration. If Minio in use, set AWS and keys. If consolidated object storage is in use, read the connection YAML If provider is AWS, render enabled as true. */}} {{- define "workhorse.object_storage.config" -}} -{%- $supported_providers := slice "AWS" "AzureRM" -%} -{%- $provider := "" -%} -{%- $aws_access_key_id := "" -%} -{%- $aws_secret_access_key := "" -%} -{%- $azure_storage_account_name := "" -%} -{%- $azure_storage_access_key := "" -%} +{%- $supported_providers := slice "AWS" "AzureRM" "Google" -%} +{%- $connection := coll.Dict "provider" "" -%} {%- if file.Exists "/etc/gitlab/minio/accesskey" %} - {%- $provider = "AWS" -%} - {%- $aws_access_key_id = file.Read "/etc/gitlab/minio/accesskey" | strings.TrimSpace -%} - {%- $aws_secret_access_key = file.Read "/etc/gitlab/minio/secretkey" | strings.TrimSpace -%} + {%- $aws_access_key_id := file.Read "/etc/gitlab/minio/accesskey" | strings.TrimSpace -%} + {%- $aws_secret_access_key := file.Read "/etc/gitlab/minio/secretkey" | strings.TrimSpace -%} + {%- $connection = coll.Dict "provider" "AWS" "aws_access_key_id" $aws_access_key_id "aws_secret_access_key" $aws_secret_access_key -%} {%- end %} {%- if file.Exists "/etc/gitlab/objectstorage/object_store" %} - {%- $connection := file.Read "/etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%} - {%- $provider = $connection.provider -%} - {%- if has $connection "aws_access_key_id" -%} - {%- $aws_access_key_id = $connection.aws_access_key_id -%} - {%- $aws_secret_access_key = $connection.aws_secret_access_key -%} - {%- else if has $connection "azure_storage_account_name" -%} - {%- $azure_storage_account_name = $connection.azure_storage_account_name -%} - {%- $azure_storage_access_key = $connection.azure_storage_access_key -%} - {%- end -%} + {%- $connection = file.Read "/etc/gitlab/objectstorage/object_store" | strings.TrimSpace | data.YAML -%} {%- end %} -{%- if has $supported_providers $provider %} +{%- if has $supported_providers $connection.provider %} [object_storage] -provider = "{% $provider %}" -{%- if eq $provider "AWS" %} +provider = "{% $connection.provider %}" +{%- if eq $connection.provider "AWS" %} +{%- $connection = coll.Merge $connection (coll.Dict "aws_access_key_id" "" "aws_secret_access_key" "" ) %} # AWS / S3 object storage configuration. [object_storage.s3] # access/secret can be blank! -aws_access_key_id = {% $aws_access_key_id | strings.TrimSpace | data.ToJSON %} -aws_secret_access_key = {% $aws_secret_access_key | strings.TrimSpace | data.ToJSON %} -{%- else if eq $provider "AzureRM" %} +aws_access_key_id = {% $connection.aws_access_key_id | strings.TrimSpace | data.ToJSON %} +aws_secret_access_key = {% $connection.aws_secret_access_key | strings.TrimSpace | data.ToJSON %} +{%- else if eq $connection.provider "AzureRM" %} +{%- $connection = coll.Merge $connection (coll.Dict "azure_storage_account_name" "" "azure_storage_account_name" "" ) %} # Azure Blob storage configuration. [object_storage.azurerm] -azure_storage_account_name = {% $azure_storage_account_name | strings.TrimSpace | data.ToJSON %} -azure_storage_access_key = {% $azure_storage_access_key | strings.TrimSpace | data.ToJSON %} +azure_storage_account_name = {% $connection.azure_storage_account_name | strings.TrimSpace | data.ToJSON %} +azure_storage_access_key = {% $connection.azure_storage_access_key | strings.TrimSpace | data.ToJSON %} +{%- else if eq $connection.provider "Google" %} +# Google storage configuration. +[object_storage.google] +{% $connection | coll.Omit "provider" | data.ToTOML %} {%- end %} {%- end %} {{- end -}} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml index 0e5bd9ab0..62f1807a6 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml @@ -114,6 +114,7 @@ data: {{- include "gitlab.appConfig.ldap.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.omniauth.configuration" $ | nindent 6 }} {{- include "gitlab.appConfig.kerberos.configuration" $ | nindent 6 }} + {{- include "gitlab.appConfig.duo.configuration" $ | nindent 6 }} shared: {{- include "gitlab.appConfig.gitaly" . | nindent 6 }} {{- include "gitlab.appConfig.repositories" . | nindent 6 }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml index 95111a72a..b05816ea7 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -112,6 +112,7 @@ spec: args: [ '-c', 'sh -x /config-webservice/configure ; sh -x /config-workhorse/configure ; mkdir -p -m 3770 /tmp/gitlab'] image: {{ include "gitlab.busybox.image" (dict "local" $.Values.init "global" $.Values.global) | quote }} {{- include "gitlab.image.pullPolicy" $initImageCfg | indent 10 }} + {{- include "gitlab.init.containerSecurityContext" $ | indent 10 }} env: {{- include "webservice.extraEnv" (dict "global" $.Values.global "local" .) | nindent 12 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} @@ -142,6 +143,7 @@ spec: - name: dependencies image: {{ include "webservice.image" $ }} {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} + {{- include "gitlab.init.containerSecurityContext" $ | indent 10 }} args: - /scripts/wait-for-deps env: @@ -179,6 +181,7 @@ spec: - name: {{ $.Chart.Name }} image: {{ include "webservice.image" $ }} {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} + {{- include "gitlab.containerSecurityContext" $ | indent 10 }} ports: {{- if $.Values.http.enabled }} - containerPort: {{ $.Values.service.internalPort }} @@ -337,6 +340,10 @@ spec: - name: gitlab-workhorse image: "{{ coalesce $.Values.workhorse.image (include "workhorse.repository" $) }}:{{ coalesce $.Values.workhorse.tag (include "gitlab.versionTag" $ ) }}{{ include "gitlab.image.tagSuffix" $ }}" {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} + {{- if $.Values.workhorse.containerSecurityContext }} + securityContext: + {{- toYaml $.Values.workhorse.containerSecurityContext | nindent 12 }} + {{- end }} ports: - containerPort: {{ $.Values.service.workhorseInternalPort }} name: http-workhorse @@ -363,6 +370,8 @@ spec: - name: GITLAB_WORKHORSE_SENTRY_DSN value: {{ .workhorse.sentryDSN }} {{- end }} + - name: SHUTDOWN_BLACKOUT_SECONDS + value: "{{ .shutdown.blackoutSeconds }}" {{- include "gitlab.tracing.env" $ | nindent 12 }} {{- include "webservice.extraEnv" (dict "global" $.Values.global "local" .) | nindent 12 }} {{- include "gitlab.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} @@ -385,6 +394,13 @@ spec: startupProbe: {{- toYaml .workhorse.startupProbe | nindent 12 }} {{- end }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - sleep $SHUTDOWN_BLACKOUT_SECONDS livenessProbe: exec: command: @@ -517,6 +533,7 @@ spec: {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "dependency_proxy" "config" $.Values.global.appConfig.dependencyProxy) | nindent 10 }} {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "pages" "config" $.Values.global.pages.objectStore) | nindent 10 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} + {{- include "gitlab.appConfig.duo.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} {{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }} - secret: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml index d5761f5b5..df31a5926 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml @@ -15,6 +15,7 @@ init: resources: requests: cpu: 50m + containerSecurityContext: {} # Tolerations for pod scheduling tolerations: [] @@ -172,6 +173,7 @@ workhorse: requests: cpu: 100m memory: 100M + containerSecurityContext: {} # shutdownTimeout: # image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee startupProbe: {} @@ -424,6 +426,10 @@ securityContext: fsGroup: 1000 # fsGroupChangePolicy: OnRootMismatch +## Allow to overwrite the specific security context under which the container is running. +containerSecurityContext: + runAsUser: 1000 + ## Enable deployment to use a serviceAccount serviceAccount: enabled: false diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl index 22a70a167..74181672d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl @@ -11,7 +11,7 @@ */}} {{- define "gitlab.scripts.configure.secrets" -}} {{- $required := default "shell gitaly registry rails-secrets gitlab-workhorse" $.required | splitList " " -}} -{{- $optional := default "redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer suggested_reviewers" $.optional | splitList " " -}} +{{- $optional := default "redis minio objectstorage postgres ldap duo omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer suggested_reviewers" $.optional | splitList " " -}} {{- range (without $required "none") -}} {{- $optional = without $optional . -}} {{- end -}} diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_duo_auth.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_duo_auth.tpl new file mode 100644 index 000000000..2e5aee3ba --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_duo_auth.tpl @@ -0,0 +1,38 @@ + +{{- define "gitlab.appConfig.duo.secretKey.key" -}} +{{ with $.Values.global.appConfig }} +{{- if .duoAuth.secretKey }} +{{- default "secretKey" $.Values.global.appConfig.duoAuth.secretKey.key -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "gitlab.duo.secretKey.path" -}} +{{ with $.Values.global.appConfig }} +{{- if .duoAuth.secretKey }} + {{- printf "/etc/gitlab/duo/%s/%s" .duoAuth.secretKey.secret ( include "gitlab.appConfig.duo.secretKey.key" $) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "gitlab.appConfig.duo.configuration" -}} +{{ with $.Values.global.appConfig }} +duo_auth: + enabled: {{ eq .duoAuth.enabled true }} + hostname: {{ .duoAuth.hostname }} + integration_key: {{ .duoAuth.integrationKey }} + secret_key: {{ .duoAuth.enabled | ternary (printf "<%= File.read('%s').strip.to_json() %>" (include "gitlab.duo.secretKey.path" $)) "" }} +{{- end -}} +{{- end -}} + +{{- define "gitlab.appConfig.duo.mountSecrets" -}} +{{- with $.Values.global.appConfig -}} +{{- if .duoAuth.secretKey }} +- secret: + name: {{ .duoAuth.secretKey.secret }} + items: + - key: {{ include "gitlab.appConfig.duo.secretKey.key" $ }} + path: {{ printf "duo/%s/%s" .duoAuth.secretKey.secret (include "gitlab.appConfig.duo.secretKey.key" $) }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/gitlab/charts/registry/Chart.yaml b/charts/gitlab/gitlab/charts/registry/Chart.yaml index ddd25099f..9c6ac71e1 100644 --- a/charts/gitlab/gitlab/charts/registry/Chart.yaml +++ b/charts/gitlab/gitlab/charts/registry/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v3.69.0-gitlab +appVersion: v3.71.0-gitlab description: Stateless, highly scalable application that stores and lets you distribute container images home: https://docs.gitlab.com/ee/user/packages/container_registry diff --git a/charts/gitlab/gitlab/charts/registry/values.yaml b/charts/gitlab/gitlab/charts/registry/values.yaml index b75ee1317..f8bb2088b 100644 --- a/charts/gitlab/gitlab/charts/registry/values.yaml +++ b/charts/gitlab/gitlab/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.69.0-gitlab' + tag: 'v3.71.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/charts/gitlab/gitlab/requirements.lock b/charts/gitlab/gitlab/requirements.lock index 431db7ecc..11a8cbdab 100644 --- a/charts/gitlab/gitlab/requirements.lock +++ b/charts/gitlab/gitlab/requirements.lock @@ -32,5 +32,8 @@ dependencies: - name: nginx-ingress repository: "" version: '*.*.*' -digest: sha256:8f337972bae5df24a943da15f5b970b06acbf54881abe61d2c27faa5d8871341 -generated: "2023-04-14T16:35:28.118877654Z" +- name: gitlab-zoekt + repository: https://charts.gitlab.io/ + version: 0.3.0 +digest: sha256:67477d660a351df330393ce9ed84458eafbc419de2c454339ed7539bde9c45ca +generated: "2023-04-22T14:06:15.482471816Z" diff --git a/charts/gitlab/gitlab/requirements.yaml b/charts/gitlab/gitlab/requirements.yaml index 9ed604e12..bbcd142af 100644 --- a/charts/gitlab/gitlab/requirements.yaml +++ b/charts/gitlab/gitlab/requirements.yaml @@ -35,3 +35,7 @@ dependencies: - name: nginx-ingress condition: nginx-ingress.enabled version: '*.*.*' +- name: gitlab-zoekt + version: 0.3.0 + repository: https://charts.gitlab.io/ + condition: gitlab-zoekt.install diff --git a/charts/gitlab/gitlab/templates/_checkConfig.tpl b/charts/gitlab/gitlab/templates/_checkConfig.tpl index 63051c1cb..f27c7dd42 100644 --- a/charts/gitlab/gitlab/templates/_checkConfig.tpl +++ b/charts/gitlab/gitlab/templates/_checkConfig.tpl @@ -96,6 +96,9 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.gitlabShell.proxyPolicy" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.gitlabShell.metrics" .) -}} +{{/* _checkConfig_omniauth.tpl*/}} +{{- $messages = append $messages (include "gitlab.checkConfig.omniauth.providerFormat" .) -}} + {{/* other checks */}} {{- $messages = append $messages (include "gitlab.checkConfig.multipleRedis" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.redisYmlOverride" .) -}} @@ -103,6 +106,9 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.sentry" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.gitlab_docs" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.smtp.openssl_verify_mode" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.globalServiceAccount" .) -}} +{{- $messages = append $messages (include "gitlab.duoAuth.checkConfig" .) -}} + {{- /* prepare output */}} {{- $messages = without $messages "" -}} {{- $message := join "\n" $messages -}} @@ -198,3 +204,18 @@ smtp: {{- end }} {{- end -}} {{/* END gitlab.checkConfig.smtp.openssl_verify_mode */}} + +{{/* +Ensure that global service account settings are correct. +*/}} +{{- define "gitlab.checkConfig.globalServiceAccount" -}} +{{- if and .Values.global.serviceAccount.enabled .Values.global.serviceAccount.create -}} +{{- if .Values.global.serviceAccount.name }} +serviceAccount: + `global.serviceAccount.name` is set to {{ .Values.global.serviceAccount.name | quote }}. + Please set `global.serviceAccount.create=false` and manually create a ServiceAccount + object in the cluster with a matching name. +{{- end -}} +{{- end -}} +{{- end -}} +{{/* END gitlab.checkConfig.globalServiceAccount */}} diff --git a/charts/gitlab/gitlab/templates/_checkConfig_duoAuth.tpl b/charts/gitlab/gitlab/templates/_checkConfig_duoAuth.tpl new file mode 100644 index 000000000..3bf865c9b --- /dev/null +++ b/charts/gitlab/gitlab/templates/_checkConfig_duoAuth.tpl @@ -0,0 +1,22 @@ + +{{- define "gitlab.duoAuth.checkConfig" -}} +{{ with $.Values.global.appConfig }} +{{- if .duoAuth.enabled }} +{{- if (not .duoAuth.hostname) }} +duoAuth: Enabling Duo Auth requires hostname to be present + Duo Auth requires value of hostname acquired from Duo admin panel, which is provided here as string. + Please see https://docs.gitlab.com/charts/charts/globals.html#duoauth +{{- end -}} +{{- if (not .duoAuth.integrationKey) }} +duoAuth: Enabling Duo Auth requires integrationKey to be present + Duo Auth requires an integrationKey acquired from Duo admin panel, which is provided here as a string. + Please see https://docs.gitlab.com/charts/charts/globals.html#duoauth +{{- end -}} +{{- if (not .duoAuth.secretKey) }} +duoAuth: Enabling Duo Auth requires secretKey.secret to be present + Duo Auth requires a secretKey acquired from Duo admin panel, which is provided here via Kubernete Secret. + Please see https://docs.gitlab.com/charts/charts/globals.html#duoauth +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/gitlab/gitlab/templates/_checkConfig_omniauth.tpl b/charts/gitlab/gitlab/templates/_checkConfig_omniauth.tpl new file mode 100644 index 000000000..4d597746a --- /dev/null +++ b/charts/gitlab/gitlab/templates/_checkConfig_omniauth.tpl @@ -0,0 +1,13 @@ +{{/* +Ensure the provided global.appConfig.omniauth.providerFormat value in expected format */}} +{{- define "gitlab.checkConfig.omniauth.providerFormat" -}} +{{- range $index, $provider := .Values.global.appConfig.omniauth.providers }} +{{- $badKeys := omit $provider "secret" "key" }} +{{- if $badKeys }} +omniauth.providers: each provider should only contain 'secret', and optionally 'key' + A current value of global.appConfig.omniauth.providers[{{ $index }}] must be updated. + Please see https://docs.gitlab.com/charts/charts/globals.html#providers +{{- end }} +{{- end }} +{{- end }} +{{/* END gitlab.checkConfig.omniauth.providerFormat */}} \ No newline at end of file diff --git a/charts/gitlab/gitlab/values.yaml b/charts/gitlab/gitlab/values.yaml index 5aed75af4..bd6b2d6e7 100644 --- a/charts/gitlab/gitlab/values.yaml +++ b/charts/gitlab/gitlab/values.yaml @@ -40,7 +40,7 @@ global: edition: ee ## https://docs.gitlab.com/charts/charts/globals#gitlab-version - gitlabVersion: "15.10.3" + gitlabVersion: "15.11.0" ## https://docs.gitlab.com/charts/charts/globals#application-resource application: @@ -438,6 +438,14 @@ global: servers: {} ## See documentation for complete example of a configured LDAP server + duoAuth: + enabled: false + # hostname: + # integrationKey: + # secretKey: + # secret: + # key: + ## https://docs.gitlab.com/charts/charts/globals#kas-settings gitlab_kas: {} # secret: @@ -1072,6 +1080,13 @@ postgresql: postgresql.gitlab/init-revision: "1" metrics: enabled: true + service: + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + gitlab.com/prometheus_scrape: "true" + gitlab.com/prometheus_port: "9187" + ## Optionally define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file @@ -1223,4 +1238,8 @@ gitlab: ## https://docs.gitlab.com/charts/charts/gitlab/kas # kas: ## https://docs.gitlab.com/charts/charts/gitlab/praefect - # praefect: \ No newline at end of file + # praefect: + +## Installation & configuration of gitlab/gitlab-zoekt +gitlab-zoekt: + install: false \ No newline at end of file diff --git a/charts/kasten/k10/Chart.lock b/charts/kasten/k10/Chart.lock index 5e7c9ffbb..abd235102 100644 --- a/charts/kasten/k10/Chart.lock +++ b/charts/kasten/k10/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: "" version: 15.8.5 digest: sha256:4399c78f4e445e4fbb26151707c9b481fece2002ac02ae20612d9f26e6b66643 -generated: "2023-04-08T01:05:36.015004858Z" +generated: "2023-04-22T05:21:02.333738745Z" diff --git a/charts/kasten/k10/Chart.yaml b/charts/kasten/k10/Chart.yaml index 4d065c4c7..1fb5eb8a6 100644 --- a/charts/kasten/k10/Chart.yaml +++ b/charts/kasten/k10/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 5.5.8 +appVersion: 5.5.9 dependencies: - name: grafana repository: file://./charts/grafana @@ -20,4 +20,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 5.5.801 +version: 5.5.901 diff --git a/charts/kasten/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl index 1d3779447..348815453 100644 --- a/charts/kasten/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -1,4 +1,7 @@ {{/* Code generated automatically. DO NOT EDIT. */}} +{{/* K10 services can be disabled by customers via helm value based feature flags. +Therefore, fetching of a list or yaml with service names should be done with the get.enabled* helper functions. +For example, the k10.restServices list can be fetched with get.enabledRestServices */}} {{- define "k10.additionalServices" -}}frontend kanister{{- end -}} {{- define "k10.restServices" -}}admin auth bloblifecyclemanager catalog controllermanager crypto dashboardbff events executor garbagecollector jobs logging metering state vbrintegrationapi{{- end -}} {{- define "k10.services" -}}aggregatedapis{{- end -}} @@ -28,9 +31,9 @@ vbrintegrationapi: {{- end -}} {{- define "k10.colocatedServiceLookup" -}} crypto: -- bloblifecyclemanager - events - garbagecollector +- bloblifecyclemanager dashboardbff: - vbrintegrationapi state: @@ -205,4 +208,4 @@ state-svc: {{- define "k10.multiClusterVersion" -}}2{{- end -}} {{- define "k10.mcExternalPort" -}}18000{{- end -}} {{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}} -{{- define "k10.kanisterToolsImageTag" -}}0.90.0{{- end -}} +{{- define "k10.kanisterToolsImageTag" -}}0.91.0{{- end -}} diff --git a/charts/kasten/k10/templates/_helpers.tpl b/charts/kasten/k10/templates/_helpers.tpl index 686904f24..341bd80b9 100644 --- a/charts/kasten/k10/templates/_helpers.tpl +++ b/charts/kasten/k10/templates/_helpers.tpl @@ -1,3 +1,105 @@ +{{/* Returns a string of the disabled K10 services */}} +{{- define "get.disabledServices" -}} + {{/* Append services to this list based on helm values */}} + {{- $disabledServices := list -}} + + {{- $disabledServices | join " " -}} +{{- end -}} + +{{/* Removes disabled service names from the provided string of service names */}} +{{- define "removeDisabledServicesFromList" -}} + {{- $disabledServices := include "get.disabledServices" .main | splitList " " -}} + {{- $services := .list | splitList " " -}} + + {{- range $disabledServices -}} + {{- $services = without $services . -}} + {{- end -}} + + {{- $services | join " " -}} +{{- end -}} + +{{/* Removes keys with disabled service names from the provided YAML string */}} +{{- define "removeDisabledServicesFromYaml" -}} + {{- $disabledServices := include "get.disabledServices" .main | splitList " " -}} + {{- $services := .yaml | fromYaml -}} + + {{- range $disabledServices -}} + {{- $services = unset $services . -}} + {{- end -}} + + {{- if gt (len $services) 0 -}} + {{- $services | toYaml | trim | nindent 0}} + {{- else -}} + {{- print "" -}} + {{- end -}} +{{- end -}} + +{{/* Returns k10.additionalServices string with disabled services removed */}} +{{- define "get.enabledAdditionalServices" -}} + {{- $list := include "k10.additionalServices" . -}} + {{- dict "main" . "list" $list | include "removeDisabledServicesFromList" -}} +{{- end -}} + +{{/* Returns k10.restServices string with disabled services removed */}} +{{- define "get.enabledRestServices" -}} + {{- $list := include "k10.restServices" . -}} + {{- dict "main" . "list" $list | include "removeDisabledServicesFromList" -}} +{{- end -}} + +{{/* Returns k10.services string with disabled services removed */}} +{{- define "get.enabledServices" -}} + {{- $list := include "k10.services" . -}} + {{- dict "main" . "list" $list | include "removeDisabledServicesFromList" -}} +{{- end -}} + +{{/* Returns k10.exposedServices string with disabled services removed */}} +{{- define "get.enabledExposedServices" -}} + {{- $list := include "k10.exposedServices" . -}} + {{- dict "main" . "list" $list | include "removeDisabledServicesFromList" -}} +{{- end -}} + +{{/* Returns k10.statelessServices string with disabled services removed */}} +{{- define "get.enabledStatelessServices" -}} + {{- $list := include "k10.statelessServices" . -}} + {{- dict "main" . "list" $list | include "removeDisabledServicesFromList" -}} +{{- end -}} + +{{/* Returns k10.colocatedServices string with disabled services removed */}} +{{- define "get.enabledColocatedServices" -}} + {{- $yaml := include "k10.colocatedServices" . -}} + {{- dict "main" . "yaml" $yaml | include "removeDisabledServicesFromYaml" -}} +{{- end -}} + +{{/* Returns YAML of primary services mapped to their secondary services */}} +{{/* The content will only have services which are not disabled */}} +{{- define "get.enabledColocatedServiceLookup" -}} + {{- $colocatedServicesLookup := include "k10.colocatedServiceLookup" . | fromYaml -}} + {{- $disabledServices := include "get.disabledServices" . | splitList " " -}} + {{- $filteredLookup := dict -}} + + {{/* construct filtered lookup */}} + {{- range $primaryService, $secondaryServices := $colocatedServicesLookup -}} + {{/* proceed only if primary service is enabled */}} + {{- if not (has $primaryService $disabledServices) -}} + {{/* filter out secondary services */}} + {{- range $disabledServices -}} + {{- $secondaryServices = without $secondaryServices . -}} + {{- end -}} + {{/* add entry for primary service only if secondary services exist */}} + {{- if gt (len $secondaryServices) 0 -}} + {{- $filteredLookup = set $filteredLookup $primaryService $secondaryServices -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* return filtered lookup */}} + {{- if gt (len $filteredLookup) 0 -}} + {{- $filteredLookup | toYaml | trim | nindent 0 -}} + {{- else -}} + {{- print "" -}} + {{- end -}} +{{- end -}} + {{/* Check if basic auth is needed */}} {{- define "basicauth.check" -}} {{- if .Values.auth.basicAuth.enabled }} @@ -154,8 +256,8 @@ Prometheus scrape config template for k10 services {{- else if eq "aggregatedapis" .k10service }} - {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:443 {{- else }} - {{- $service := default .k10service (index (include "k10.colocatedServices" . | fromYaml) .k10service).primary }} - {{- $port := default .main.Values.service.externalPort (index (include "k10.colocatedServices" . | fromYaml) .k10service).port }} + {{- $service := default .k10service (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).primary }} + {{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).port }} - {{ $service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $port }} {{- end }} labels: @@ -187,8 +289,8 @@ Prometheus scrape config template for k10 services {{- $serviceFqdn = printf "%s-svc.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}} {{- $servicePort = "443" -}} {{- else -}} - {{- $service := default .k10service (index (include "k10.colocatedServices" . | fromYaml) .k10service).primary -}} - {{- $port := default .main.Values.service.externalPort (index (include "k10.colocatedServices" . | fromYaml) .k10service).port | toString -}} + {{- $service := default .k10service (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).primary -}} + {{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).port | toString -}} {{- $serviceFqdn = printf "%s-svc.%s.svc.%s" $service .main.Release.Namespace .main.Values.cluster.domainName -}} {{- $servicePort = $port -}} {{- end }} @@ -550,7 +652,7 @@ Lookup and return only enabled colocated services */}} {{- define "get.enabledColocatedSvcList" -}} {{- $enabledColocatedSvcList := dict }} -{{- $colocatedList := include "k10.colocatedServiceLookup" . | fromYaml }} +{{- $colocatedList := include "get.enabledColocatedServiceLookup" . | fromYaml }} {{- range $primary, $secondaryList := $colocatedList }} {{- $enabledSecondarySvcList := list }} {{- range $skip, $secondary := $secondaryList }} @@ -567,7 +669,7 @@ Lookup and return only enabled colocated services {{- define "get.serviceContainersInPod" -}} {{- $podService := .k10_service_pod }} -{{- $colocatedList := include "k10.colocatedServices" . | fromYaml }} +{{- $colocatedList := include "get.enabledColocatedServices" .main | fromYaml }} {{- $colocatedLookupByPod := include "get.enabledColocatedSvcList" .main | fromYaml }} {{- $containerList := list $podService }} {{- if hasKey $colocatedLookupByPod $podService }} @@ -582,8 +684,8 @@ Lookup and return only enabled colocated services {{- $containerList := (dict "main" .main "k10_service_pod" $podService | include "get.serviceContainersInPod" | splitList " ") }} {{- if .main.Values.global.persistence.enabled }} {{- range $skip, $containerInPod := $containerList }} - {{- $isRestService := has $containerInPod (include "k10.restServices" . | splitList " ") }} - {{- $isStatelessService := has $containerInPod (include "k10.statelessServices" . | splitList " ") }} + {{- $isRestService := has $containerInPod (include "get.enabledRestServices" $.main | splitList " ") }} + {{- $isStatelessService := has $containerInPod (include "get.enabledStatelessServices" $.main | splitList " ") }} {{- if and $isRestService (not $isStatelessService) }} {{- $statefulRestSvcsInPod = append $statefulRestSvcsInPod $containerInPod }} {{- end }} diff --git a/charts/kasten/k10/templates/_k10_container.tpl b/charts/kasten/k10/templates/_k10_container.tpl index fb260738d..8a1254f49 100644 --- a/charts/kasten/k10/templates/_k10_container.tpl +++ b/charts/kasten/k10/templates/_k10_container.tpl @@ -2,7 +2,7 @@ {{- $pod := .k10_pod }} {{- with .main }} {{- $main_context := . }} -{{- $colocatedList := include "k10.colocatedServices" . | fromYaml }} +{{- $colocatedList := include "get.enabledColocatedServices" . | fromYaml }} {{- $containerList := (dict "main" $main_context "k10_service_pod" $pod | include "get.serviceContainersInPod" | splitList " ") }} containers: {{- range $skip, $container := $containerList }} diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index 48af655eb..480852522 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}5.5.8{{- end -}} +{{- define "k10.imageTag" -}}5.5.9{{- end -}} \ No newline at end of file diff --git a/charts/kasten/k10/templates/_k10_metering.tpl b/charts/kasten/k10/templates/_k10_metering.tpl index c7fdb5d66..58546a851 100644 --- a/charts/kasten/k10/templates/_k10_metering.tpl +++ b/charts/kasten/k10/templates/_k10_metering.tpl @@ -33,7 +33,7 @@ spec: {{- end }} --- {{- end }}{{/* if $.stateful */}} -{{ $service_list := include "k10.restServices" . | splitList " " }} +{{ $service_list := include "get.enabledRestServices" . | splitList " " }} kind: ConfigMap apiVersion: v1 metadata: @@ -83,13 +83,13 @@ data: {{- end }} {{- end }} {{- end }} -{{- range include "k10.services" . | splitList " " }} +{{- range include "get.enabledServices" . | splitList " " }} {{- if (or (ne . "aggregatedapis") ($rbac)) }} {{ $tmpcontx := dict "main" $main "k10service" . -}} {{ include "k10.prometheusTargetConfig" $tmpcontx | indent 4 -}} {{- end }} {{- end }} -{{- range include "k10.additionalServices" . | splitList " " }} +{{- range include "get.enabledAdditionalServices" . | splitList " " }} {{- if not (eq . "frontend") }} {{ $tmpcontx := dict "main" $main "k10service" . -}} {{ include "k10.prometheusTargetConfig" $tmpcontx | indent 4 -}} diff --git a/charts/kasten/k10/templates/deployments.yaml b/charts/kasten/k10/templates/deployments.yaml index 64663e8bb..a6eb8ac25 100644 --- a/charts/kasten/k10/templates/deployments.yaml +++ b/charts/kasten/k10/templates/deployments.yaml @@ -4,9 +4,9 @@ Generates deployment specs for K10 services and other services such as */}} {{- include "singleAuth.check" . -}} {{- $main_context := . -}} -{{- $stateless_services := include "k10.statelessServices" . | splitList " " -}} -{{- $colocated_services := include "k10.colocatedServices" . | fromYaml -}} -{{ $service_list := include "k10.restServices" . | splitList " " }} +{{- $stateless_services := include "get.enabledStatelessServices" . | splitList " " -}} +{{- $colocated_services := include "get.enabledColocatedServices" . | fromYaml -}} +{{ $service_list := include "get.enabledRestServices" . | splitList " " }} {{- range $skip, $k10_service := $service_list }} {{ if not (hasKey $colocated_services $k10_service ) }} {{/* Set $stateful for stateful services when .Values.global.persistence.enabled is true */}} @@ -24,7 +24,7 @@ Generates deployment specs for K10 services and other services such as Generate deployment specs for additional services. These are stateless and have 1 replica. */}} -{{- range $skip, $k10_service := concat (include "k10.services" . | splitList " ") (include "k10.additionalServices" . | splitList " ") }} +{{- range $skip, $k10_service := concat (include "get.enabledServices" . | splitList " ") (include "get.enabledAdditionalServices" . | splitList " ") }} {{ $tmp_contx := dict "main" $main_context "k10_service" $k10_service "stateful" false "replicas" 1 }} {{- include "k10-default" $tmp_contx -}} {{- end }} diff --git a/charts/kasten/k10/templates/networkpolicy.yaml b/charts/kasten/k10/templates/networkpolicy.yaml index a36474645..f088431a7 100644 --- a/charts/kasten/k10/templates/networkpolicy.yaml +++ b/charts/kasten/k10/templates/networkpolicy.yaml @@ -227,7 +227,7 @@ spec: release: {{ $mainCtx.Release.Name }} ports: {{- range $skip, $secondary := $secondaryList }} - {{- $colocConfig := index (include "k10.colocatedServices" . | fromYaml) $secondary }} + {{- $colocConfig := index (include "get.enabledColocatedServices" $mainCtx | fromYaml) $secondary }} - protocol: TCP port: {{ $colocConfig.port }} {{- end -}} diff --git a/charts/kasten/k10/templates/v0services.yaml b/charts/kasten/k10/templates/v0services.yaml index a8914ff60..2507b7c25 100644 --- a/charts/kasten/k10/templates/v0services.yaml +++ b/charts/kasten/k10/templates/v0services.yaml @@ -3,11 +3,11 @@ {{- $service_port := .Values.service.externalPort -}} {{- $aggregated_api_port := .Values.service.aggregatedApiPort -}} {{- $postfix := default .Release.Name .Values.ingress.urlPath -}} -{{- $colocated_services := include "k10.colocatedServices" . | fromYaml -}} -{{- $exposed_services := include "k10.exposedServices" . | splitList " " -}} +{{- $colocated_services := include "get.enabledColocatedServices" . | fromYaml -}} +{{- $exposed_services := include "get.enabledExposedServices" . | splitList " " -}} {{- $os_postfix := default .Release.Name .Values.route.path -}} {{- $main_context := . -}} -{{ $service_list := append (include "k10.restServices" . | splitList " ") "frontend" }} +{{ $service_list := append (include "get.enabledRestServices" . | splitList " ") "frontend" }} {{- range $service_list }} {{- $exposed_service := (has . $exposed_services) }} {{- $mc_exposed_service := (eq . "controllermanager") }} @@ -50,7 +50,7 @@ metadata: {{- end }} {{- $colocatedList := include "get.enabledColocatedSvcList" $main_context | fromYaml }} {{- range $skip, $secondary := index $colocatedList . }} - {{- $colocConfig := index (include "k10.colocatedServices" . | fromYaml) $secondary }} + {{- $colocConfig := index (include "get.enabledColocatedServices" $main_context | fromYaml) $secondary }} {{- if $colocConfig.isExposed }} --- apiVersion: getambassador.io/v3alpha1 @@ -95,7 +95,7 @@ spec: {{- end }} {{- $colocatedList := include "get.enabledColocatedSvcList" $main_context | fromYaml }} {{- range $skip, $secondary := index $colocatedList . }} - {{- $colocConfig := index (include "k10.colocatedServices" . | fromYaml) $secondary }} + {{- $colocConfig := index (include "get.enabledColocatedServices" $main_context | fromYaml) $secondary }} - name: {{ $secondary }} protocol: TCP port: {{ $colocConfig.port }} @@ -121,8 +121,8 @@ spec: run: {{ . }}-svc --- {{ end }}{{/* if not (hasKey $colocated_services $k10_service ) */}} -{{ end -}}{{/* range append (include "k10.restServices" . | splitList " ") "frontend" */}} -{{- range append (include "k10.services" . | splitList " ") "kanister" }} +{{ end -}}{{/* range append (include "get.enabledRestServices" . | splitList " ") "frontend" */}} +{{- range append (include "get.enabledServices" . | splitList " ") "kanister" }} apiVersion: v1 kind: Service metadata: @@ -147,7 +147,7 @@ spec: {{- end }} {{- $colocatedList := include "get.enabledColocatedSvcList" $main_context | fromYaml }} {{- range $skip, $secondary := index $colocatedList . }} - {{- $colocConfig := index (include "k10.colocatedServices" . | fromYaml) $secondary }} + {{- $colocConfig := index (include "get.enabledColocatedServices" . | fromYaml) $secondary }} - name: {{ $secondary }} protocol: TCP port: {{ $colocConfig.port }} diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 4734f7c2e..13461ddea 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 2.19.1 + +### Fixed + +* Fix `webhook-cert` being mounted regardless if `.Values.ingressController.enabled` + is set. + [#779](https://github.com/Kong/charts/pull/779) + ## 2.19.0 ### Improvements diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 65d86852e..e55369ba1 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.19.0 +version: 2.19.1 diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index fa80031e4..9231681b1 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -565,7 +565,7 @@ The name of the service used for the ingress controller's validation webhook {{- end }} {{- end }} -{{- if .Values.ingressController.admissionWebhook.enabled }} +{{- if and .Values.ingressController.enabled .Values.ingressController.admissionWebhook.enabled }} - name: webhook-cert secret: {{- if .Values.ingressController.admissionWebhook.certificate.provided }} diff --git a/charts/minio/minio-operator/Chart.yaml b/charts/minio/minio-operator/Chart.yaml index 9e29837c3..736190d61 100644 --- a/charts/minio/minio-operator/Chart.yaml +++ b/charts/minio/minio-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: minio-operator apiVersion: v2 -appVersion: v5.0.3 +appVersion: v5.0.4 description: A Helm chart for MinIO Operator home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -19,4 +19,4 @@ name: minio-operator sources: - https://github.com/minio/operator type: application -version: 5.0.3 +version: 5.0.4 diff --git a/charts/minio/minio-operator/Chart.yaml-e b/charts/minio/minio-operator/Chart.yaml-e index 163f69239..fc7da98cf 100644 --- a/charts/minio/minio-operator/Chart.yaml-e +++ b/charts/minio/minio-operator/Chart.yaml-e @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.3 -appVersion: v5.0.3 +version: 5.0.4 +appVersion: v5.0.4 keywords: - storage - object-storage diff --git a/charts/minio/minio-operator/values.yaml b/charts/minio/minio-operator/values.yaml index 9d1659a41..2e6c0b902 100644 --- a/charts/minio/minio-operator/values.yaml +++ b/charts/minio/minio-operator/values.yaml @@ -11,7 +11,7 @@ operator: # value: "" image: repository: quay.io/minio/operator - tag: v5.0.3 + tag: v5.0.4 pullPolicy: IfNotPresent imagePullSecrets: [ ] initcontainers: [ ] @@ -48,7 +48,7 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.3 + tag: v5.0.4 pullPolicy: IfNotPresent imagePullSecrets: [ ] initcontainers: [ ] diff --git a/charts/minio/minio-operator/values.yaml-e b/charts/minio/minio-operator/values.yaml-e index 9d1659a41..2e6c0b902 100644 --- a/charts/minio/minio-operator/values.yaml-e +++ b/charts/minio/minio-operator/values.yaml-e @@ -11,7 +11,7 @@ operator: # value: "" image: repository: quay.io/minio/operator - tag: v5.0.3 + tag: v5.0.4 pullPolicy: IfNotPresent imagePullSecrets: [ ] initcontainers: [ ] @@ -48,7 +48,7 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.3 + tag: v5.0.4 pullPolicy: IfNotPresent imagePullSecrets: [ ] initcontainers: [ ] diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index d5749af95..7f7e96ea4 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -31,4 +31,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.3 +version: 4.0.5 diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index 68d7de7b5..f403ab141 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -617,3 +617,14 @@ return a warning if the chart is configured with insufficient CPU {{- end -}} {{- toJson $brokers -}} {{- end -}} + +{{/* +return correct secretName to use based if secretRef exists +*/}} +{{- define "cert-secret-name" -}} + {{- if .tempCert.cert.secretRef -}} + {{- .tempCert.cert.secretRef.name -}} + {{- else }} + {{- include "redpanda.fullname" . }}-{{ .tempCert.name }}-cert + {{- end }} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/cert-issuers.yaml b/charts/redpanda/redpanda/templates/cert-issuers.yaml index b57fcbc75..338fd2807 100644 --- a/charts/redpanda/redpanda/templates/cert-issuers.yaml +++ b/charts/redpanda/redpanda/templates/cert-issuers.yaml @@ -21,8 +21,8 @@ limitations under the License. {{- range $name, $data := $values.tls.certs }} {{/* If issuerRef is defined, use the specified issuer for the certs If it's not defined, create and use our own issuer. */}} - {{- $r := $data.issuerRef }} - {{- if not $r }} + {{- if and ( not (hasKey $data "issuerRef") ) ( not (hasKey $data "secretRef") ) }} + --- # The self-signed issuer is used to create the self-signed CA apiVersion: cert-manager.io/v1 diff --git a/charts/redpanda/redpanda/templates/certs.yaml b/charts/redpanda/redpanda/templates/certs.yaml index af5622755..7c6e41938 100644 --- a/charts/redpanda/redpanda/templates/certs.yaml +++ b/charts/redpanda/redpanda/templates/certs.yaml @@ -22,7 +22,9 @@ limitations under the License. {{- $listeners := .Values.listeners -}} {{- $values := .Values }} {{- range $name, $data := .Values.tls.certs }} + {{- if (empty $data.secretRef ) }} {{- $d := $data.duration }} + --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -69,5 +71,6 @@ spec: kind: Issuer group: cert-manager.io {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index dcfe3ca42..c4f928bd7 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -17,6 +17,8 @@ limitations under the License. {{- if .Values.post_install_job.enabled }} {{- $values := .Values }} {{- $sasl := $values.auth.sasl }} +{{- $root := deepCopy . }} + --- apiVersion: batch/v1 kind: Job @@ -136,8 +138,9 @@ spec: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} - {{- if (include "tls-enabled" . | fromJson).bool }} - {{- range $name, $cert := .Values.tls.certs }} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + {{- $r := set $root "tempCert" ( dict "name" $name "cert" $cert ) }} - name: redpanda-{{ $name }}-cert secret: defaultMode: 420 @@ -146,13 +149,13 @@ spec: path: tls.key - key: tls.crt path: tls.crt - {{- if $cert.caEnabled }} + {{- if $cert.caEnabled }} - key: ca.crt path: ca.crt - {{- end }} - secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert - {{- end }} - {{- end -}} + {{- end }} + secretName: {{ template "cert-secret-name" $r }} + {{- end }} +{{- end -}} {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} - name: {{ $sasl.secretRef }} secret: diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index db433709f..2aff7692b 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -17,6 +17,7 @@ limitations under the License. {{- if .Values.post_upgrade_job.enabled }} {{- $rpkFlags := include "rpk-flags-no-sasl" . }} {{- $sasl := .Values.auth.sasl }} +{{- $root := deepCopy . }} apiVersion: batch/v1 kind: Job metadata: @@ -108,6 +109,7 @@ spec: emptyDir: {} {{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} + {{- $r := set $root "tempCert" ( dict "name" $name "cert" $cert ) }} - name: redpanda-{{ $name }}-cert secret: defaultMode: 420 @@ -120,7 +122,7 @@ spec: - key: ca.crt path: ca.crt {{- end }} - secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + secretName: {{ template "cert-secret-name" $r }} {{- end }} {{- end -}} {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 72657ac50..ee5f27862 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -25,6 +25,7 @@ limitations under the License. {{- end -}} {{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset -}} {{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset -}} +{{- $root := deepCopy . }} --- apiVersion: apps/v1 kind: StatefulSet @@ -264,6 +265,9 @@ spec: - --reserve-memory={{ template "redpanda-reserve-memory" . }}M - --default-log-level={{ .Values.logging.logLevel }} - --advertise-rpc-addr={{ $internalAdvertiseAddress }}:{{ .Values.listeners.rpc.port }} + {{- with .Values.statefulset.additionalRedpandaCmdFlags }} + {{- toYaml . | nindent 12 }} + {{- end }} ports: {{- range $name, $listener := .Values.listeners }} - name: {{ lower $name }} @@ -342,6 +346,7 @@ spec: emptyDir: {} {{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} + {{- $r := set $root "tempCert" ( dict "name" $name "cert" $cert ) }} - name: redpanda-{{ $name }}-cert secret: defaultMode: 420 @@ -354,7 +359,7 @@ spec: - key: ca.crt path: ca.crt {{- end }} - secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + secretName: {{ template "cert-secret-name" $r }} {{- end }} {{- end }} {{- if and .Values.auth.sasl.enabled (not (empty .Values.auth.sasl.secretRef )) }} diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 14aeb32d9..7923a2470 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -712,6 +712,9 @@ } } } + }, + "additionalRedpandaCmdFlags": { + "type": "array" } } }, diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 809d8dc6a..a9eeb3a4e 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -139,10 +139,29 @@ tls: # issuerRef: # name: redpanda-default-root-issuer # kind: Issuer # Can be Issuer or ClusterIssuer + # -- To use a secret with custom tls files, + # secretRef: + # name: my-tls-secret # -- Set the `caEnabled` flag to `true` only for Certificates # that are not authenticated using public authorities. caEnabled: true # duration: 43800h + # -- Example external tls configuration + # uncomment and set the right key to the listeners that require them + # also enable the tls setting for those listeners. + # external: + # -- To use a custom pre-installed Issuer, + # add its name and kind to the `issuerRef` object. + # issuerRef: + # name: redpanda-default-root-issuer + # kind: Issuer # Can be Issuer or ClusterIssuer + # -- To use a secret with custom tls files, + # secretRef: + # name: my-tls-secret + # -- Set the `caEnabled` flag to `true` only for Certificates + # that are not authenticated using public authorities. + # caEnabled: true + # duration: 43800h # -- External access settings. # For details, @@ -275,7 +294,7 @@ resources: # 3. Other container processes (whatever small amount remains) # redpanda: # Memory for the Redpanda process. - # This must be lower the container's memory (resources.memory.container.min if provided, otherwise + # This must be lower than the container's memory (resources.memory.container.min if provided, otherwise # resources.memory.container.max). # Equivalent to --memory. # For production, use 8Gi or greater. @@ -295,7 +314,7 @@ storage: # If specified but `persistentVolume.enabled` is true, `storage.hostPath` has no effect. hostPath: "" # -- If `persistentVolume.enabled` is true, a PersistentVolumeClaim is created and - # used to store Redpanda's data. Otherwise `storage.hostPath` is used. + # used to store Redpanda's data. Otherwise, `storage.hostPath` is used. persistentVolume: enabled: true size: 20Gi @@ -437,6 +456,7 @@ post_upgrade_job: # extraEnvFrom: # - secretRef: # name: redpanda-aws-secrets + statefulset: # -- Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster) replicas: 3 @@ -532,6 +552,9 @@ statefulset: initContainerImage: repository: busybox tag: latest + # -- Additional flags to pass to redpanda, + additionalRedpandaCmdFlags: [] +# - --unsafe-bypass-fsync # -- Service account management. serviceAccount: @@ -543,6 +566,7 @@ serviceAccount: # If not set and `serviceAccount.create` is `true`, # a name is generated using the `redpanda.fullname` template. name: "" + # -- Role Based Access Control. rbac: # -- Enable for features that need extra privileges. @@ -629,6 +653,7 @@ listeners: # -- The port for internal client connections. port: 9093 tls: + # Optional flag to override the global TLS enabled flag. # enabled: true cert: default requireClientAuth: false @@ -640,25 +665,16 @@ listeners: # -- If undefined, `listeners.kafka.external.default.port` is used. advertisedPorts: - 31092 - # -- HTTP API listeners (aka PandaProxy). - http: - enabled: true - port: 8082 - kafkaEndpoint: default - tls: - # enabled: true - cert: default - requireClientAuth: false - external: - default: - # enabled: true - port: 8083 - advertisedPorts: - - 30082 + # -- Uncomment to define external tls + # tls: + # # Optional flag to override the global TLS enabled flag. + # # enabled: true + # cert: external # -- RPC listener (this is never externally accessible). rpc: port: 33145 tls: + # Optional flag to override the global TLS enabled flag. # enabled: true cert: default requireClientAuth: false @@ -668,6 +684,7 @@ listeners: port: 8081 kafkaEndpoint: default tls: + # Optional flag to override the global TLS enabled flag. # enabled: true cert: default requireClientAuth: false @@ -677,6 +694,32 @@ listeners: port: 8084 advertisedPorts: - 30081 + # -- Uncomment to define external tls + # tls: + # # Optional flag to override the global TLS enabled flag. + # # enabled: true + # cert: external + # -- HTTP API listeners (aka PandaProxy). + http: + enabled: true + port: 8082 + kafkaEndpoint: default + tls: + # Optional flag to override the global TLS enabled flag. + # enabled: true + cert: default + requireClientAuth: false + external: + default: + # enabled: true + port: 8083 + advertisedPorts: + - 30082 + # -- Uncomment to define external tls + # tls: + # # Optional flag to override the global TLS enabled flag. + # # enabled: true + # cert: external # Expert Config # Here be dragons! diff --git a/charts/traefik/traefik/Changelog.md b/charts/traefik/traefik/Changelog.md index 383398aec..a723efaab 100644 --- a/charts/traefik/traefik/Changelog.md +++ b/charts/traefik/traefik/Changelog.md @@ -1,8 +1,70 @@ # Change Log +## 22.2.0 ![AppVersion: v2.9.10](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.10&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) + +**Release date:** 2023-04-24 + +* chore: 🔧 new release +* added targetPort support +* fix: 🐛 annotations leaking between aliased subcharts +* fix: indentation on `TLSOption` +* test: 👷 Update unit tests tooling +* feat: override container port +* feat: allow to set dnsConfig on pod template + +### Default value changes + +```diff +diff --git a/traefik/values.yaml b/traefik/values.yaml +index 9ece303..71273cc 100644 +--- a/traefik/values.yaml ++++ b/traefik/values.yaml +@@ -82,6 +82,16 @@ deployment: + shareProcessNamespace: false + # Custom pod DNS policy. Apply if `hostNetwork: true` + # dnsPolicy: ClusterFirstWithHostNet ++ dnsConfig: {} ++ # nameservers: ++ # - 192.0.2.1 # this is an example ++ # searches: ++ # - ns1.svc.cluster-domain.example ++ # - my.dns.search.suffix ++ # options: ++ # - name: ndots ++ # value: "2" ++ # - name: edns0 + # Additional imagePullSecrets + imagePullSecrets: [] + # - name: myRegistryKeySecretName +@@ -561,8 +571,11 @@ ports: + # asDefault: true + port: 8000 + # hostPort: 8000 ++ # containerPort: 8000 + expose: true + exposedPort: 80 ++ ## Different target traefik port on the cluster, useful for IP type LB ++ # targetPort: 80 + # The port protocol (TCP/UDP) + protocol: TCP + # Use nodeport if set. This is useful if you have configured Traefik in a +@@ -587,8 +600,11 @@ ports: + # asDefault: true + port: 8443 + # hostPort: 8443 ++ # containerPort: 8443 + expose: true + exposedPort: 443 ++ ## Different target traefik port on the cluster, useful for IP type LB ++ # targetPort: 80 + ## The port protocol (TCP/UDP) + protocol: TCP + # nodePort: 32443 +``` + ## 22.1.0 ![AppVersion: v2.9.10](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.10&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) -**Release date:** 2023-04-06 +**Release date:** 2023-04-07 * ⬆️ Upgrade traefik Docker tag to v2.9.10 * feat: add additional labels to tlsoption diff --git a/charts/traefik/traefik/Chart.yaml b/charts/traefik/traefik/Chart.yaml index 83453336a..5264638cc 100644 --- a/charts/traefik/traefik/Chart.yaml +++ b/charts/traefik/traefik/Chart.yaml @@ -1,7 +1,8 @@ annotations: - artifacthub.io/changes: | - - "⬆️ Upgrade traefik Docker tag to v2.9.10" - - "feat: add additional labels to tlsoption" + artifacthub.io/changes: "- \"chore: \U0001F527 new release\"\n- \"added targetPort + support\"\n- \"fix: \U0001F41B annotations leaking between aliased subcharts\"\n- + \"fix: indentation on `TLSOption`\"\n- \"test: \U0001F477 Update unit tests tooling\"\n- + \"feat: override container port\"\n- \"feat: allow to set dnsConfig on pod template\"\n" catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Traefik Proxy catalog.cattle.io/kube-version: '>=1.16.0-0' @@ -32,4 +33,4 @@ sources: - https://github.com/traefik/traefik - https://github.com/traefik/traefik-helm-chart type: application -version: 22.1.0 +version: 22.2.0 diff --git a/charts/traefik/traefik/templates/_podtemplate.tpl b/charts/traefik/traefik/templates/_podtemplate.tpl index 8b54a1dc0..dc922e6f6 100644 --- a/charts/traefik/traefik/templates/_podtemplate.tpl +++ b/charts/traefik/traefik/templates/_podtemplate.tpl @@ -27,6 +27,21 @@ {{- with .Values.deployment.dnsPolicy }} dnsPolicy: {{ . }} {{- end }} + {{- with .Values.deployment.dnsConfig }} + dnsConfig: + {{- if .searches }} + searches: + {{- toYaml .searches | nindent 10 }} + {{- end }} + {{- if .nameservers }} + nameservers: + {{- toYaml .nameservers | nindent 10 }} + {{- end }} + {{- if .options }} + options: + {{- toYaml .options | nindent 10 }} + {{- end }} + {{- end }} {{- with .Values.deployment.initContainers }} initContainers: {{- toYaml . | nindent 6 }} @@ -68,7 +83,7 @@ {{- end }} {{- end }} - name: {{ $name | quote }} - containerPort: {{ $config.port }} + containerPort: {{ default $config.port $config.containerPort }} {{- if $config.hostPort }} hostPort: {{ $config.hostPort }} {{- end }} diff --git a/charts/traefik/traefik/templates/_service-internal.tpl b/charts/traefik/traefik/templates/_service-internal.tpl index 44d934761..8cd601888 100644 --- a/charts/traefik/traefik/templates/_service-internal.tpl +++ b/charts/traefik/traefik/templates/_service-internal.tpl @@ -38,7 +38,7 @@ {{- if $config.expose }} - port: {{ default $config.port $config.exposedPort }} name: {{ $name | quote }} - targetPort: {{ $name }} + targetPort: {{ default $name $config.targetPort }} protocol: {{ default "TCP" $config.protocol }} {{- if $config.nodePort }} nodePort: {{ $config.nodePort }} diff --git a/charts/traefik/traefik/templates/_service.tpl b/charts/traefik/traefik/templates/_service.tpl index 9797ca9ca..ad1e3be82 100644 --- a/charts/traefik/traefik/templates/_service.tpl +++ b/charts/traefik/traefik/templates/_service.tpl @@ -38,7 +38,7 @@ {{- if $config.expose }} - port: {{ default $config.port $config.exposedPort }} name: {{ $name | quote }} - targetPort: {{ $name }} + targetPort: {{ default $name $config.targetPort }} protocol: {{ default "TCP" $config.protocol }} {{- if $config.nodePort }} nodePort: {{ $config.nodePort }} @@ -49,7 +49,7 @@ {{- $http3Port := default $config.exposedPort $config.http3.advertisedPort }} - port: {{ $http3Port }} name: "{{ $name }}-http3" - targetPort: {{ $config.port }} + targetPort: {{ default $config.port $config.targetPort }} protocol: UDP {{- if $config.nodePort }} nodePort: {{ $config.nodePort }} diff --git a/charts/traefik/traefik/templates/service.yaml b/charts/traefik/traefik/templates/service.yaml index 2a4741f89..55b0a902b 100644 --- a/charts/traefik/traefik/templates/service.yaml +++ b/charts/traefik/traefik/templates/service.yaml @@ -34,7 +34,7 @@ metadata: namespace: {{ template "traefik.namespace" . }} {{- template "traefik.service-metadata" . }} annotations: - {{- with (merge .Values.service.annotationsTCP .Values.service.annotations) }} + {{- with (merge dict .Values.service.annotationsTCP .Values.service.annotations) }} {{- toYaml . | nindent 4 }} {{- end }} spec: @@ -55,7 +55,7 @@ metadata: namespace: {{ template "traefik.namespace" . }} {{- template "traefik.service-metadata" . }} annotations: - {{- with (merge .Values.service.annotationsUDP .Values.service.annotations) }} + {{- with (merge dict .Values.service.annotationsUDP .Values.service.annotations) }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/charts/traefik/traefik/templates/tlsoption.yaml b/charts/traefik/traefik/templates/tlsoption.yaml index 05d726e47..cd3919849 100644 --- a/charts/traefik/traefik/templates/tlsoption.yaml +++ b/charts/traefik/traefik/templates/tlsoption.yaml @@ -12,19 +12,19 @@ metadata: spec: {{- with $config.alpnProtocols }} alpnProtocols: - {{- toYaml . | nindent 6 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with $config.cipherSuites }} cipherSuites: - {{- toYaml . | nindent 6 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with $config.clientAuth }} clientAuth: - {{- toYaml . | nindent 6 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with $config.curvePreferences }} curvePreferences: - {{- toYaml . | nindent 6 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- if $config.maxVersion }} maxVersion: {{ $config.maxVersion }} diff --git a/charts/traefik/traefik/values.yaml b/charts/traefik/traefik/values.yaml index 9ece30301..71273ccda 100644 --- a/charts/traefik/traefik/values.yaml +++ b/charts/traefik/traefik/values.yaml @@ -82,6 +82,16 @@ deployment: shareProcessNamespace: false # Custom pod DNS policy. Apply if `hostNetwork: true` # dnsPolicy: ClusterFirstWithHostNet + dnsConfig: {} + # nameservers: + # - 192.0.2.1 # this is an example + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 # Additional imagePullSecrets imagePullSecrets: [] # - name: myRegistryKeySecretName @@ -561,8 +571,11 @@ ports: # asDefault: true port: 8000 # hostPort: 8000 + # containerPort: 8000 expose: true exposedPort: 80 + ## Different target traefik port on the cluster, useful for IP type LB + # targetPort: 80 # The port protocol (TCP/UDP) protocol: TCP # Use nodeport if set. This is useful if you have configured Traefik in a @@ -587,8 +600,11 @@ ports: # asDefault: true port: 8443 # hostPort: 8443 + # containerPort: 8443 expose: true exposedPort: 443 + ## Different target traefik port on the cluster, useful for IP type LB + # targetPort: 80 ## The port protocol (TCP/UDP) protocol: TCP # nodePort: 32443 diff --git a/index.yaml b/index.yaml index e2e9469fd..2cdf75780 100644 --- a/index.yaml +++ b/index.yaml @@ -10208,6 +10208,29 @@ entries: - assets/dkube/dkube-deployer-1.0.601.tgz version: 1.0.601 dxemssql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG + catalog.cattle.io/kube-version: '>= 1.20.0' + catalog.cattle.io/release-name: dxemssql + charts.openshift.io/name: DxEnterprise for Microsoft SQL AG + apiVersion: v2 + appVersion: "22.0" + created: "2023-04-24T15:36:19.747139287Z" + description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server + availability groups + digest: d931223993c4827a27bb56435eaef08b2ecef6843f0e0a1d04d0f83a086a1f7a + icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png + kubeVersion: '>= 1.20.0' + maintainers: + - email: support@dh2i.com + name: DH2i Company + url: https://dh2i.com + name: dxemssql + type: application + urls: + - assets/dh2i/dxemssql-1.0.3.tgz + version: 1.0.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG @@ -11754,6 +11777,74 @@ entries: - assets/inaccel/fpga-operator-2.5.201.tgz version: 2.5.201 gitlab: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: GitLab + catalog.cattle.io/release-name: gitlab + apiVersion: v1 + appVersion: 15.11.0 + created: "2023-04-24T15:36:20.104951008Z" + dependencies: + - name: gitlab + repository: "" + version: '*.*.*' + - name: certmanager-issuer + repository: "" + version: '*.*.*' + - name: minio + repository: "" + version: '*.*.*' + - name: registry + repository: "" + version: '*.*.*' + - alias: certmanager + condition: certmanager.install + name: cert-manager + repository: https://charts.jetstack.io/ + version: 1.5.4 + - condition: prometheus.install + name: prometheus + repository: https://prometheus-community.github.io/helm-charts + version: 15.18.0 + - condition: postgresql.install + name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 8.9.4 + - condition: gitlab-runner.install + name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.51.1 + - condition: global.grafana.enabled + name: grafana + repository: https://grafana.github.io/helm-charts + version: 6.11.0 + - condition: redis.install + name: redis + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 11.3.4 + - condition: nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: '*.*.*' + - condition: gitlab-zoekt.install + name: gitlab-zoekt + repository: https://charts.gitlab.io/ + version: 0.3.0 + description: The One DevOps Platform + digest: ff7315586b28106f57f77c2b941d1ff9a7f8d2c57fc2eb8868780b07b2c51503 + home: https://about.gitlab.com/ + icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png + keywords: + - gitlab + maintainers: + - email: support@gitlab.com + name: GitLab Inc. + name: gitlab + sources: + - https://gitlab.com/gitlab-org/charts/gitlab + urls: + - assets/gitlab/gitlab-6.11.0.tgz + version: 6.11.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: GitLab @@ -17232,8 +17323,8 @@ entries: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 - appVersion: 5.5.8 - created: "2023-04-10T13:12:09.209296493Z" + appVersion: 5.5.9 + created: "2023-04-24T15:36:32.666550575Z" dependencies: - name: grafana repository: file://./charts/grafana @@ -17242,7 +17333,33 @@ entries: repository: file://./charts/prometheus version: 15.8.5 description: Kasten’s K10 Data Management Platform - digest: cb09a7a735dbac0449f5be76a627f03cc978f46610d421a1d25d91274858295d + digest: e6468182bcc3e2d1feee91fbd6c5968f9fe5413af8b7485fbfa4e62516c9ef63 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-5.5.901.tgz + version: 5.5.901 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 5.5.8 + created: "2023-04-24T15:36:22.273128071Z" + dependencies: + - name: grafana + repository: file://./charts/grafana + version: 6.32.9 + - name: prometheus + repository: file://./charts/prometheus + version: 15.8.5 + description: Kasten’s K10 Data Management Platform + digest: dcb0df2bf040ec62fbbe79efd2e888943a4a94abe8a4e0d7e1815e4a9a2d42b1 home: https://kasten.io/ icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png maintainers: @@ -17801,6 +17918,48 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.4.0 + created: "2023-04-24T15:36:18.240298717Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: 98b5665f018b8b14a563544923762985f3240a334a328305f196d25833836486 + home: https://github.com/bitnami/charts/tree/main/bitnami/kafka + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/kafka + - https://kafka.apache.org/ + urls: + - assets/bitnami/kafka-22.0.0.tgz + version: 22.0.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -19013,6 +19172,33 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.2" + created: "2023-04-24T15:36:32.782878723Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 40eda45b848adb2371772f61eef4ab83762e72a477f6707116db8477a0b2b1bc + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.19.1.tgz + version: 2.19.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -20264,6 +20450,45 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.11.2 + created: "2023-04-24T15:36:18.317082507Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 34fb0e5cd8a425d200686299792cd5ac78fbb30e1f301b0938e01526d2b32027 + home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/mariadb + - https://github.com/prometheus/mysqld_exporter + - https://mariadb.org + urls: + - assets/bitnami/mariadb-12.0.0.tgz + version: 12.0.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -20936,6 +21161,32 @@ entries: - assets/metallb/metallb-0.13.7.tgz version: 0.13.7 minio-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Minio Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: minio-operator + apiVersion: v2 + appVersion: v5.0.4 + created: "2023-04-24T15:36:33.0774495Z" + description: A Helm chart for MinIO Operator + digest: 512b4baa944a1b6774f799dfef7fe66fff6d651fe58055f2fef49a0531680e2d + home: https://min.io + icon: https://min.io/resources/img/logo/MINIO_wordmark.png + keywords: + - storage + - object-storage + - S3 + maintainers: + - email: dev@minio.io + name: MinIO, Inc + name: minio-operator + sources: + - https://github.com/minio/operator + type: application + urls: + - assets/minio/minio-operator-5.0.4.tgz + version: 5.0.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Minio Operator @@ -24853,6 +25104,45 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.2.0 + created: "2023-04-24T15:36:18.478727897Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: ceffbcb4808817130fd5b81b9ad8f1527f39adc4ff0c055bfd70d5599404420f + home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/postgresql + - https://www.postgresql.org/ + urls: + - assets/bitnami/postgresql-12.3.1.tgz + version: 12.3.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -27007,6 +27297,44 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v23.1.7 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.7 + created: "2023-04-24T15:36:33.741701748Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 72f8d0c645d7c500c963538130863eae6bded770f3ac55e9c16d8fc43f856323 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.5.tgz + version: 4.0.5 - annotations: artifacthub.io/images: | - name: redpanda @@ -32207,6 +32535,47 @@ entries: - assets/bitnami/tomcat-10.4.9.tgz version: 10.4.9 traefik: + - annotations: + artifacthub.io/changes: "- \"chore: \U0001F527 new release\"\n- \"added targetPort + support\"\n- \"fix: \U0001F41B annotations leaking between aliased subcharts\"\n- + \"fix: indentation on `TLSOption`\"\n- \"test: \U0001F477 Update unit tests + tooling\"\n- \"feat: override container port\"\n- \"feat: allow to set dnsConfig + on pod template\"\n" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Traefik Proxy + catalog.cattle.io/kube-version: '>=1.16.0-0' + catalog.cattle.io/release-name: traefik + apiVersion: v2 + appVersion: v2.9.10 + created: "2023-04-24T15:36:34.123474836Z" + description: A Traefik based Kubernetes ingress controller + digest: 4c84cacca9f8e6db518a318e63ab38015f61c614e4d72e2bcfcbf48ada1031c1 + home: https://traefik.io/ + icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png + keywords: + - traefik + - ingress + - networking + kubeVersion: '>=1.16.0-0' + maintainers: + - email: emile@vauge.com + name: emilevauge + - email: daniel.tomcej@gmail.com + name: dtomcej + - email: ldez@traefik.io + name: ldez + - email: michel.loiseleur@traefik.io + name: mloiseleur + - email: charlie.haley@traefik.io + name: charlie-haley + name: traefik + sources: + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + type: application + urls: + - assets/traefik/traefik-22.2.0.tgz + version: 22.2.0 - annotations: artifacthub.io/changes: | - "⬆️ Upgrade traefik Docker tag to v2.9.10" @@ -33618,6 +33987,54 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.0 + created: "2023-04-24T15:36:19.205727751Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: aaa9bd7c5a8cbe4c59e7789b0b06f2dd7c118650d0a060126f1cde6b86a99adf + home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/wordpress + - https://wordpress.org/ + urls: + - assets/bitnami/wordpress-16.0.0.tgz + version: 16.0.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress