andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  amd/amd-gpu:
    - 0.11.0
  argo/argo-cd:
    - 5.53.8
  bitnami/airflow:
    - 16.4.0
  bitnami/cassandra:
    - 10.8.0
  bitnami/kafka:
    - 26.8.0
  bitnami/mariadb:
    - 15.2.0
  bitnami/mysql:
    - 9.18.0
  bitnami/postgresql:
    - 13.4.1
  bitnami/redis:
    - 18.8.0
  bitnami/spark:
    - 8.3.0
  bitnami/tomcat:
    - 10.13.0
  bitnami/wordpress:
    - 19.2.1
  bitnami/zookeeper:
    - 12.6.0
  cockroach-labs/cockroachdb:
    - 11.2.4
  datadog/datadog:
    - 3.52.0
  f5/f5-bigip-ctlr:
    - 0.0.28
  f5/nginx-ingress:
    - 1.1.2
  haproxy/haproxy:
    - 1.36.1
  inaccel/fpga-operator:
    - 2.8.2
  instana/instana-agent:
    - 1.2.67
  jaeger/jaeger-operator:
    - 2.50.1
  jenkins/jenkins:
    - 4.12.0
  kasten/k10:
    - 6.5.2
  kong/kong:
    - 2.34.0
  linkerd/linkerd-control-plane:
    - 1.16.10
  nats/nats:
    - 1.1.7
  new-relic/nri-bundle:
    - 5.0.60
  redpanda/redpanda:
    - 5.7.10
  speedscale/speedscale-operator:
    - 2.0.5
  stackstate/stackstate-k8s-agent:
    - 1.0.67
  trilio/k8s-triliovault-operator:
    - 4.0.1
  weka/csi-wekafsplugin:
    - 2.3.4
  yugabyte/yugabyte:
    - 2.14.15
  yugabyte/yugaware:
    - 2.14.15
```
pull/972/head
github-actions[bot] 2024-01-23 16:25:05 +00:00
parent 29fdac5597
commit 15ba946fc7
365 changed files with 18425 additions and 3205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/amd/amd-gpu-0.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.52.1.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.53.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.4.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-10.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-26.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-15.2.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.18.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-13.4.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-18.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-8.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.13.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-19.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-12.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/cockroach-labs/cockroachdb-11.2.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.52.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/f5-bigip-ctlr-0.0.2801.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.1.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.36.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/inaccel/fpga-operator-2.8.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/instana/instana-agent-1.2.67.tgz Normal file
View File

Binary file not shown.

BIN
assets/jaeger/jaeger-operator-2.50.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-4.12.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.5.201.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.34.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-1.16.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-1.16.9.tgz
View File

Binary file not shown.

BIN
assets/nats/nats-1.1.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.60.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.7.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.0.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.67.tgz Normal file
View File

Binary file not shown.

BIN
assets/trilio/k8s-triliovault-operator-4.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/weka/csi-wekafsplugin-2.3.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.14.15.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2.14.15.tgz Normal file
View File

Binary file not shown.

6
charts/amd/amd-gpu/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: node-feature-discovery - name: node-feature-discovery
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
version: 0.14.3 version: 0.15.0
digest: sha256:a1651e3e727f3f60f286930ab341af1009cce742b181d19b9ec75d392c5c339b digest: sha256:35fafe91e8fe2c76d852ca87cfece3ce6475d9b0719284757e2f093f4be1cac4
generated: "2023-11-03T05:15:42.351779792Z" generated: "2024-01-15T04:05:45.773461678Z"

10
charts/amd/amd-gpu/Chart.yaml
View File

@ -4,15 +4,15 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.18.0-0' catalog.cattle.io/kube-version: '>= 1.18.0-0'
catalog.cattle.io/release-name: amd-gpu catalog.cattle.io/release-name: amd-gpu
apiVersion: v2 apiVersion: v2
appVersion: 1.25.2.5 appVersion: 1.25.2.6
dependencies: dependencies:
- condition: nfd.enabled - condition: nfd.enabled
name: node-feature-discovery name: node-feature-discovery
repository: file://./charts/node-feature-discovery repository: file://./charts/node-feature-discovery
version: '>= 0.8.1-0' version: '>= 0.8.1-0'
description: A Helm chart for deploying Kubernetes AMD GPU device plugin description: A Helm chart for deploying Kubernetes AMD GPU device plugin
home: https://github.com/ROCm/k8s-device-plugin home: https://github.com/RadeonOpenCompute/k8s-device-plugin
icon: https://raw.githubusercontent.com/ROCm/k8s-device-plugin/master/helm/logo.png icon: https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/master/helm/logo.png
keywords: keywords:
- kubernetes - kubernetes
- cluster - cluster
@ -23,6 +23,6 @@ maintainers:
- name: Kenny Ho <Kenny.Ho@amd.com> - name: Kenny Ho <Kenny.Ho@amd.com>
name: amd-gpu name: amd-gpu
sources: sources:
- https://github.com/ROCm/k8s-device-plugin - https://github.com/RadeonOpenCompute/k8s-device-plugin
type: application type: application
version: 0.10.0 version: 0.11.0

4
charts/amd/amd-gpu/README.md
View File

@ -1,6 +1,6 @@
# AMD GPU Helm Chart # AMD GPU Helm Chart
![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.5](https://img.shields.io/badge/AppVersion-1.25.2.5-informational?style=flat-square) ![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.6](https://img.shields.io/badge/AppVersion-1.25.2.6-informational?style=flat-square)
A Helm chart for deploying Kubernetes AMD GPU device plugin A Helm chart for deploying Kubernetes AMD GPU device plugin
@ -34,7 +34,7 @@ Kubernetes: `>= 1.18.0`
## More information ## More information
https://github.com/ROCm/k8s-device-plugin https://github.com/RadeonOpenCompute/k8s-device-plugin
---------------------------------------------- ----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

4
charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: v0.14.3 appVersion: v0.15.0
description: 'Detects hardware features available on each node in a Kubernetes cluster, description: 'Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels. ' and advertises those features using node labels. '
home: https://github.com/kubernetes-sigs/node-feature-discovery home: https://github.com/kubernetes-sigs/node-feature-discovery
@ -11,4 +11,4 @@ name: node-feature-discovery
sources: sources:
- https://github.com/kubernetes-sigs/node-feature-discovery - https://github.com/kubernetes-sigs/node-feature-discovery
type: application type: application
version: 0.14.3 version: 0.15.0

2
charts/amd/amd-gpu/charts/node-feature-discovery/README.md
View File

@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs. range of vendor and application specific node labeling needs.
See See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.14/deployment/helm.html) [NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
for deployment instructions. for deployment instructions.

105
charts/amd/amd-gpu/charts/node-feature-discovery/crds/nfd-api-crds.yaml
View File

@ -153,6 +153,11 @@ spec:
description: Rule defines a rule for node customization such as description: Rule defines a rule for node customization such as
labeling. labeling.
properties: properties:
annotations:
additionalProperties:
type: string
description: Annotations to create if the rule matches.
type: object
extendedResources: extendedResources:
additionalProperties: additionalProperties:
type: string type: string
@ -185,19 +190,16 @@ spec:
in the feature set. in the feature set.
properties: properties:
feature: feature:
description: Feature is the name of the feature
set to match against.
type: string type: string
matchExpressions: matchExpressions:
additionalProperties: additionalProperties:
description: "MatchExpression specifies an expression description: MatchExpression specifies an expression
to evaluate against a set of input values. It to evaluate against a set of input values. It
contains an operator that is applied when matching contains an operator that is applied when matching
the input and an array of values that the operator the input and an array of values that the operator
evaluates the input against. \n NB: CreateMatchExpression evaluates the input against.
or MustCreateMatchExpression() should be used
for creating new instances. \n NB: Validate()
must be called if Op or Value fields are modified
or if a new instance is created from scratch
without using the helper functions."
properties: properties:
op: op:
description: Op is the operator to be applied. description: Op is the operator to be applied.
@ -229,13 +231,46 @@ spec:
required: required:
- op - op
type: object type: object
description: MatchExpressionSet contains a set of description: MatchExpressions is the set of per-element
MatchExpressions, each of which is evaluated against expressions evaluated. These match against the
a set of input values. value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
items:
type: string
type: array
required:
- op
type: object type: object
required: required:
- feature - feature
- matchExpressions
type: object type: object
type: array type: array
required: required:
@ -251,18 +286,16 @@ spec:
are evaluated against each element in the feature set. are evaluated against each element in the feature set.
properties: properties:
feature: feature:
description: Feature is the name of the feature set to
match against.
type: string type: string
matchExpressions: matchExpressions:
additionalProperties: additionalProperties:
description: "MatchExpression specifies an expression description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains to evaluate against a set of input values. It contains
an operator that is applied when matching the input an operator that is applied when matching the input
and an array of values that the operator evaluates and an array of values that the operator evaluates
the input against. \n NB: CreateMatchExpression or the input against.
MustCreateMatchExpression() should be used for creating
new instances. \n NB: Validate() must be called if
Op or Value fields are modified or if a new instance
is created from scratch without using the helper functions."
properties: properties:
op: op:
description: Op is the operator to be applied. description: Op is the operator to be applied.
@ -292,12 +325,44 @@ spec:
required: required:
- op - op
type: object type: object
description: MatchExpressionSet contains a set of MatchExpressions, description: MatchExpressions is the set of per-element
each of which is evaluated against a set of input values. expressions evaluated. These match against the value
of the specified elements.
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object type: object
required: required:
- feature - feature
- matchExpressions
type: object type: object
type: array type: array
name: name:

7
charts/amd/amd-gpu/charts/node-feature-discovery/templates/cert-manager-certs.yaml
View File

@ -1,4 +1,5 @@
{{- if .Values.tls.certManager }} {{- if .Values.tls.certManager }}
{{- if .Values.master.enable }}
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
@ -17,14 +18,13 @@ spec:
# first one is configured for use by the worker; below are for completeness # first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
# localhost needed for grpc_health_probe
- localhost
issuerRef: issuerRef:
name: nfd-ca-issuer name: nfd-ca-issuer
kind: Issuer kind: Issuer
group: cert-manager.io group: cert-manager.io
{{- end }}
--- ---
{{- if .Values.worker.enable }}
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
metadata: metadata:
@ -42,6 +42,7 @@ spec:
name: nfd-ca-issuer name: nfd-ca-issuer
kind: Issuer kind: Issuer
group: cert-manager.io group: cert-manager.io
{{- end }}
{{- if .Values.topologyUpdater.enable }} {{- if .Values.topologyUpdater.enable }}
--- ---

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.master.rbac.create }} {{- if and .Values.master.enable .Values.master.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.master.rbac.create }} {{- if and .Values.master.enable .Values.master.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:

28
charts/amd/amd-gpu/charts/node-feature-discovery/templates/master.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.master.enable }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -41,29 +42,13 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe: livenessProbe:
exec: grpc:
command: port: 8080
- "/usr/bin/grpc_health_probe"
- "-addr=:{{ .Values.master.port | default "8080" }}"
{{- if .Values.tls.enable }}
- "-tls"
- "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 10 periodSeconds: 10
readinessProbe: readinessProbe:
exec: grpc:
command: port: 8080
- "/usr/bin/grpc_health_probe"
- "-addr=:{{ .Values.master.port | default "8080" }}"
{{- if .Values.tls.enable }}
- "-tls"
- "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
failureThreshold: 10 failureThreshold: 10
@ -85,8 +70,8 @@ spec:
{{- if .Values.master.instance | empty | not }} {{- if .Values.master.instance | empty | not }}
- "-instance={{ .Values.master.instance }}" - "-instance={{ .Values.master.instance }}"
{{- end }} {{- end }}
- "-port={{ .Values.master.port | default "8080" }}"
{{- if not .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-port={{ .Values.master.port | default "8080" }}"
- "-enable-nodefeature-api=false" - "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }} {{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election" - "-enable-leader-election"
@ -157,3 +142,4 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }}

3
charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-gc.yaml
View File

@ -58,6 +58,9 @@ spec:
drop: [ "ALL" ] drop: [ "ALL" ]
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
ports:
- name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}}
{{- with .Values.gc.nodeSelector }} {{- with .Values.gc.nodeSelector }}
nodeSelector: nodeSelector:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-master-conf.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.master.enable }}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -8,3 +9,4 @@ metadata:
data: data:
nfd-master.conf: |- nfd-master.conf: |-
{{- .Values.master.config | toYaml | nindent 4 }} {{- .Values.master.config | toYaml | nindent 4 }}
{{- end }}

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-worker-conf.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.worker.enable }}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
@ -8,3 +9,4 @@ metadata:
data: data:
nfd-worker.conf: |- nfd-worker.conf: |-
{{- .Values.worker.config | toYaml | nindent 4 }} {{- .Values.worker.config | toYaml | nindent 4 }}
{{- end }}

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/role.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.worker.rbac.create }} {{- if and .Values.worker.enable .Values.worker.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/rolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.worker.rbac.create }} {{- if and .Values.worker.enable .Values.worker.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/service.yaml
View File

@ -1,3 +1,4 @@
{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -16,3 +17,4 @@ spec:
selector: selector:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
role: master role: master
{{- end}}

4
charts/amd/amd-gpu/charts/node-feature-discovery/templates/serviceaccount.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.master.serviceAccount.create -}} {{- if and .Values.master.enable .Values.master.serviceAccount.create }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -42,7 +42,7 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.worker.serviceAccount.create }} {{- if and .Values.worker.enable .Values.worker.serviceAccount.create }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount

12
charts/amd/amd-gpu/charts/node-feature-discovery/templates/worker.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.worker.enable }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
@ -44,13 +45,21 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
resources: resources:
{{- toYaml .Values.worker.resources | nindent 12 }} {{- toYaml .Values.worker.resources | nindent 12 }}
command: command:
- "nfd-worker" - "nfd-worker"
args: args:
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
{{- if not .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false" - "-enable-nodefeature-api=false"
{{- end }} {{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
@ -150,3 +159,4 @@ spec:
{{- with .Values.worker.priorityClassName }} {{- with .Values.worker.priorityClassName }}
priorityClassName: {{ . | quote }} priorityClassName: {{ . | quote }}
{{- end }} {{- end }}
{{- end }}

35
charts/amd/amd-gpu/charts/node-feature-discovery/values.yaml
View File

@ -13,8 +13,10 @@ namespaceOverride: ""
enableNodeFeatureApi: true enableNodeFeatureApi: true
master: master:
enable: true
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false # noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"] # extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
@ -45,6 +47,8 @@ master:
# nfdApiParallelism: 10 # nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE> ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080 # The TCP port that nfd-master listens for incoming requests. Default: 8080
# Deprecated this parameter is related to the deprecated gRPC API and will
# be removed with it in a future release
port: 8080 port: 8080
metricsPort: 8081 metricsPort: 8081
instance: instance:
@ -130,6 +134,7 @@ master:
values: [""] values: [""]
worker: worker:
enable: true
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core: #core:
# labelWhiteList: # labelWhiteList:
@ -215,7 +220,7 @@ worker:
# # The following feature demonstrates the capabilities of the matchFeatures # # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule" # - name: "my custom rule"
# labels: # labels:
# my-ng-feature: "true" # "vendor.io/my-ng-feature": "true"
# # matchFeatures implements a logical AND over all matcher terms in the # # matchFeatures implements a logical AND over all matcher terms in the
# # list (i.e. all of the terms, or per-feature matchers, must match) # # list (i.e. all of the terms, or per-feature matchers, must match)
# matchFeatures: # matchFeatures:
@ -286,7 +291,7 @@ worker:
# # The following feature demonstrates the capabilities of the matchAny # # The following feature demonstrates the capabilities of the matchAny
# - name: "my matchAny rule" # - name: "my matchAny rule"
# labels: # labels:
# my-ng-feature-2: "my-value" # "vendor.io/my-ng-feature-2": "my-value"
# # matchAny implements a logical IF over all elements (sub-matchers) in # # matchAny implements a logical IF over all elements (sub-matchers) in
# # the list (i.e. at least one feature matcher must match) # # the list (i.e. at least one feature matcher must match)
# matchAny: # matchAny:
@ -307,10 +312,17 @@ worker:
# vendor: {op: In, value: ["8086"]} # vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["02"]} # class: {op: In, value: ["02"]}
# #
# - name: "avx wildcard rule"
# labels:
# "my-avx-feature": "true"
# matchFeatures:
# - feature: cpu.cpuid
# matchName: {op: InRegexp, value: ["^AVX512"]}
#
# # The following features demonstreate label templating capabilities # # The following features demonstreate label templating capabilities
# - name: "my template rule" # - name: "my template rule"
# labelsTemplate: | # labelsTemplate: |
# {{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }} # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
# {{ end }} # {{ end }}
# matchFeatures: # matchFeatures:
# - feature: system.osrelease # - feature: system.osrelease
@ -320,7 +332,7 @@ worker:
# #
# - name: "my template rule 2" # - name: "my template rule 2"
# labelsTemplate: | # labelsTemplate: |
# {{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
# {{ end }} # {{ end }}
# matchFeatures: # matchFeatures:
# - feature: pci.device # - feature: pci.device
@ -335,7 +347,7 @@ worker:
# # previous labels and vars # # previous labels and vars
# - name: "my dummy kernel rule" # - name: "my dummy kernel rule"
# labels: # labels:
# "my.kernel.feature": "true" # "vendor.io/my.kernel.feature": "true"
# matchFeatures: # matchFeatures:
# - feature: kernel.version # - feature: kernel.version
# matchExpressions: # matchExpressions:
@ -350,13 +362,20 @@ worker:
# #
# - name: "my rule using backrefs" # - name: "my rule using backrefs"
# labels: # labels:
# "my.backref.feature": "true" # "vendor.io/my.backref.feature": "true"
# matchFeatures: # matchFeatures:
# - feature: rule.matched # - feature: rule.matched
# matchExpressions: # matchExpressions:
# my.kernel.feature: {op: IsTrue} # vendor.io/my.kernel.feature: {op: IsTrue}
# my.dummy.var: {op: Gt, value: ["0"]} # my.dummy.var: {op: Gt, value: ["0"]}
# #
# - name: "kconfig template rule"
# labelsTemplate: |
# {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE> ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081 metricsPort: 8081
@ -493,6 +512,8 @@ gc:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
metricsPort: 8081
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
annotations: {} annotations: {}

4
charts/amd/amd-gpu/values.yaml
View File

@ -10,13 +10,13 @@ dp:
image: image:
repository: docker.io/rocm/k8s-device-plugin repository: docker.io/rocm/k8s-device-plugin
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: "1.25.2.5" tag: "1.25.2.6"
resources: {} resources: {}
lbl: lbl:
image: image:
repository: docker.io/rocm/k8s-device-plugin repository: docker.io/rocm/k8s-device-plugin
tag: "labeller-1.25.2.5" tag: "labeller-1.25.2.6"
resources: {} resources: {}
imagePullSecrets: [] imagePullSecrets: []

6
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: changed - kind: changed
description: DRY cleanup of ServiceAccounts description: Updated documented default value for application.instanceLabelKey.
artifacthub.io/signKey: | artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd catalog.cattle.io/release-name: argo-cd
apiVersion: v2 apiVersion: v2
appVersion: v2.9.3 appVersion: v2.9.5
dependencies: dependencies:
- condition: redis-ha.enabled - condition: redis-ha.enabled
name: redis-ha name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources: sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
version: 5.52.1 version: 5.53.8

12
charts/argo/argo-cd/README.md
View File

@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0 ### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
@ -446,7 +450,7 @@ NAME: my-release
|-----|------|---------|-------------| |-----|------|---------|-------------|
| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache |
@ -481,6 +485,7 @@ NAME: my-release
| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. |
| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. |
| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... |
| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. |
| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap |
| configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. | | configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. |
| configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. | | configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. |
@ -489,6 +494,8 @@ NAME: my-release
| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | | configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret |
| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | | configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password |
| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | | configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` |
| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events |
| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events |
| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | | configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events |
| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | | configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events |
| configs.secret.createSecret | bool | `true` | Create the argocd-secret | | configs.secret.createSecret | bool | `true` | Create the argocd-secret |
@ -609,6 +616,7 @@ NAME: my-release
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | | repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
@ -1033,7 +1041,7 @@ The main options are listed here:
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"redis"` | Redis repository | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |

8
charts/argo/argo-cd/templates/argocd-application-controller/role.yaml
View File

@ -35,3 +35,11 @@ rules:
verbs: verbs:
- create - create
- list - list
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch

6
charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml
View File

@ -16,7 +16,7 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
type: Opaque type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} {{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert # Setting a blank data again will wipe admin password/key/cert
data: data:
{{- with .Values.configs.secret.githubSecret }} {{- with .Values.configs.secret.githubSecret }}
@ -34,6 +34,10 @@ data:
{{- with .Values.configs.secret.gogsSecret }} {{- with .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ . | b64enc }} webhook.gogs.secret: {{ . | b64enc }}
{{- end }} {{- end }}
{{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }}
webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
{{- end }}
{{- with .Values.configs.secret.argocdServerTlsConfig }} {{- with .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .key | b64enc }} tls.key: {{ .key | b64enc }}
tls.crt: {{ .crt | b64enc }} tls.crt: {{ .crt | b64enc }}

20
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -373,14 +373,30 @@ spec:
{{- end }} {{- end }}
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }} {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: helm-working-dir - name: helm-working-dir
{{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
{{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }}
{{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- end }}
- name: plugins - name: plugins
{{- if .Values.repoServer.existingVolumes.plugins -}}
{{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }}
{{- else }}
emptyDir: {} emptyDir: {}
{{- end }}
- name: var-files - name: var-files
{{- if .Values.repoServer.existingVolumes.varFiles -}}
{{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }}
{{- else }}
emptyDir: {} emptyDir: {}
{{- end }}
- name: tmp - name: tmp
{{- if .Values.repoServer.existingVolumes.tmp -}}
{{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }}
{{- else }}
emptyDir: {} emptyDir: {}
{{- end }}
- name: ssh-known-hosts - name: ssh-known-hosts
configMap: configMap:
name: argocd-ssh-known-hosts-cm name: argocd-ssh-known-hosts-cm
@ -391,7 +407,11 @@ spec:
configMap: configMap:
name: argocd-gpg-keys-cm name: argocd-gpg-keys-cm
- name: gpg-keyring - name: gpg-keyring
{{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
{{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }}
{{- else }}
emptyDir: {} emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls - name: argocd-repo-server-tls
secret: secret:
secretName: argocd-repo-server-tls secretName: argocd-repo-server-tls

34
charts/argo/argo-cd/values.yaml
View File

@ -161,7 +161,6 @@ configs:
url: "" url: ""
# -- The name of tracking label used by Argo CD for resource pruning # -- The name of tracking label used by Argo CD for resource pruning
# @default -- Defaults to app.kubernetes.io/instance
application.instanceLabelKey: argocd.argoproj.io/instance application.instanceLabelKey: argocd.argoproj.io/instance
# -- Enable logs RBAC enforcement # -- Enable logs RBAC enforcement
@ -291,7 +290,7 @@ configs:
# p, subject, resource, action, object, effect # p, subject, resource, action, object, effect
# Role definitions and bindings are in the form: # Role definitions and bindings are in the form:
# g, subject, inherited-subject # g, subject, inherited-subject
# policy.csv | # policy.csv: |
# p, role:org-admin, applications, *, */*, allow # p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow # p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow # p, role:org-admin, repositories, *, *, allow
@ -303,6 +302,9 @@ configs:
# The scope value can be a string, or a list of strings. # The scope value can be a string, or a list of strings.
scopes: "[groups]" scopes: "[groups]"
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
policy.matchMode: "glob"
# GnuPG public keys for commit verification # GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg: gpg:
@ -516,6 +518,12 @@ configs:
bitbucketUUID: "" bitbucketUUID: ""
# -- Shared secret for authenticating Gogs webhook events # -- Shared secret for authenticating Gogs webhook events
gogsSecret: "" gogsSecret: ""
## Azure DevOps
azureDevops:
# -- Shared secret username for authenticating Azure DevOps webhook events
username: ""
# -- Shared secret password for authenticating Azure DevOps webhook events
password: ""
# -- add additional secrets to be added to argocd-secret # -- add additional secrets to be added to argocd-secret
## Custom secrets. Useful for injecting SSO secrets into environment variables. ## Custom secrets. Useful for injecting SSO secrets into environment variables.
@ -1395,7 +1403,7 @@ redis-ha:
## Redis image ## Redis image
image: image:
# -- Redis repository # -- Redis repository
repository: redis repository: public.ecr.aws/docker/library/redis
# -- Redis tag # -- Redis tag
tag: 7.0.13-alpine tag: 7.0.13-alpine
## Prometheus redis-exporter sidecar ## Prometheus redis-exporter sidecar
@ -1577,6 +1585,8 @@ server:
## Argo CD extensions ## Argo CD extensions
## This function in tech preview stage, do expect instability or breaking changes in newer versions. ## This function in tech preview stage, do expect instability or breaking changes in newer versions.
## Ref: https://github.com/argoproj-labs/argocd-extension-installer ## Ref: https://github.com/argoproj-labs/argocd-extension-installer
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
extensions: extensions:
# -- Enable support for Argo CD extensions # -- Enable support for Argo CD extensions
enabled: false enabled: false
@ -2217,6 +2227,24 @@ repoServer:
# - name: cmp-tmp # - name: cmp-tmp
# emptyDir: {} # emptyDir: {}
# -- Volumes to be used in replacement of emptydir on default volumes
existingVolumes: {}
# gpgKeyring:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-keyring
# helmWorkingDir:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-workdir
# tmp:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-tmp
# varFiles:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-varfiles
# plugins:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
# -- Toggle the usage of a ephemeral Helm working directory # -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir: true useEphemeralHelmWorkingDir: true

8
charts/bitnami/airflow/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies: dependencies:
- name: redis - name: redis
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 18.6.1 version: 18.7.0
- name: postgresql - name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 13.2.27 version: 13.3.0
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1 version: 2.14.1
digest: sha256:bef0f24c8d9770d8e345aa48d54af3e778dce58c14f2219899cd8ad5a4e15b9c digest: sha256:5ccdd0a9b98fdac3ad60b2fe1fe5776e2aa267addd60501166de8166377bad94
generated: "2024-01-03T11:43:19.465902594Z" generated: "2024-01-17T19:54:42.562153805Z"

8
charts/bitnami/airflow/Chart.yaml
View File

@ -6,17 +6,17 @@ annotations:
category: WorkFlow category: WorkFlow
images: | images: |
- name: airflow-exporter - name: airflow-exporter
image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r441 image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r443
- name: airflow-scheduler - name: airflow-scheduler
image: docker.io/bitnami/airflow-scheduler:2.8.0-debian-11-r1 image: docker.io/bitnami/airflow-scheduler:2.8.0-debian-11-r1
- name: airflow-worker - name: airflow-worker
image: docker.io/bitnami/airflow-worker:2.8.0-debian-11-r1 image: docker.io/bitnami/airflow-worker:2.8.0-debian-11-r1
- name: airflow - name: airflow
image: docker.io/bitnami/airflow:2.8.0-debian-11-r1 image: docker.io/bitnami/airflow:2.8.0-debian-11-r2
- name: git - name: git
image: docker.io/bitnami/git:2.43.0-debian-11-r5 image: docker.io/bitnami/git:2.43.0-debian-11-r5
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r93 image: docker.io/bitnami/os-shell:11-debian-11-r94
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.8.0 appVersion: 2.8.0
@ -50,4 +50,4 @@ maintainers:
name: airflow name: airflow
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow - https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.1.11 version: 16.4.0

32
charts/bitnami/airflow/README.md
View File

@ -148,8 +148,12 @@ The command removes all the Kubernetes components associated with the chart and
| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | | `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | | `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | | `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `web.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | | `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | | `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | | `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | | `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` | | `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
@ -157,6 +161,7 @@ The command removes all the Kubernetes components associated with the chart and
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | | `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
| `web.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `web.hostAliases` | Deployment pod host aliases | `[]` | | `web.hostAliases` | Deployment pod host aliases | `[]` |
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | | `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | | `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
@ -199,14 +204,30 @@ The command removes all the Kubernetes components associated with the chart and
| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | | `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` | | `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` | | `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` |
| `scheduler.livenessProbe.enabled` | Enable livenessProbe on Airflow scheduler containers | `true` |
| `scheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `scheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `scheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `scheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `scheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `scheduler.readinessProbe.enabled` | Enable readinessProbe on Airflow scheduler containers | `true` |
| `scheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `scheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `scheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `scheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `scheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` | | `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` |
| `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` | | `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` |
| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` | | `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` |
| `scheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `scheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `scheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` | | `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` |
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | | `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | | `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | | `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` | | `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
@ -214,6 +235,7 @@ The command removes all the Kubernetes components associated with the chart and
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` | | `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
| `scheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | | `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` | | `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` | | `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
@ -281,8 +303,12 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` | | `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` |
| `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` | | `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` |
| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` | | `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` |
| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` | | `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` |
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | | `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | | `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` | | `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
@ -290,6 +316,7 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` | | `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `worker.hostAliases` | Deployment pod host aliases | `[]` | | `worker.hostAliases` | Deployment pod host aliases | `[]` |
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` | | `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` | | `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
@ -429,8 +456,12 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.resources.limits` | The resources limits for the container | `{}` | | `metrics.resources.limits` | The resources limits for the container | `{}` |
| `metrics.resources.requests` | The requested resources for the container | `{}` | | `metrics.resources.requests` | The requested resources for the container | `{}` |
| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` | | `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
@ -438,6 +469,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` | | `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` | | `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` | | `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` | | `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |

6
charts/bitnami/airflow/charts/postgresql/Chart.yaml
View File

@ -4,9 +4,9 @@ annotations:
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r93 image: docker.io/bitnami/os-shell:11-debian-11-r93
- name: postgres-exporter - name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r4 image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r5
- name: postgresql - name: postgresql
image: docker.io/bitnami/postgresql:16.1.0-debian-11-r18 image: docker.io/bitnami/postgresql:16.1.0-debian-11-r19
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 16.1.0 appVersion: 16.1.0
@ -34,4 +34,4 @@ maintainers:
name: postgresql name: postgresql
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql - https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 13.2.27 version: 13.3.0

22
charts/bitnami/airflow/charts/postgresql/README.md
View File

@ -208,8 +208,12 @@ kubectl delete pvc -l release=my-release
| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` | | `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` |
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` | | `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
| `primary.podSecurityContext.enabled` | Enable security context | `true` | | `primary.podSecurityContext.enabled` | Enable security context | `true` |
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -308,8 +312,12 @@ kubectl delete pvc -l release=my-release
| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` | | `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` |
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` | | `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` | | `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
| `readReplicas.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `readReplicas.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `readReplicas.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -384,8 +392,12 @@ kubectl delete pvc -l release=my-release
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` | | `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` | | `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` | | `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` | | `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -438,6 +450,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` | | `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
@ -448,9 +461,9 @@ kubectl delete pvc -l release=my-release
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | | `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` | | `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | | `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | | `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | | `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | | `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` |
| `rbac.rules` | Custom RBAC rules to set | `[]` | | `rbac.rules` | Custom RBAC rules to set | `[]` |
@ -470,6 +483,7 @@ kubectl delete pvc -l release=my-release
| `metrics.customMetrics` | Define additional custom metrics | `{}` | | `metrics.customMetrics` | Define additional custom metrics | `{}` |
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | | `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -546,7 +560,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postg
## Configuration and installation details ## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@ -740,7 +754,7 @@ Refer to the [chart documentation for more information about how to upgrade from
## License ## License
Copyright &copy; 2023 VMware, Inc. Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

2
charts/bitnami/airflow/charts/postgresql/templates/backup/cronjob.yaml
View File

@ -74,7 +74,7 @@ spec:
value: {{ .Values.backup.cronjob.storage.mountPath }} value: {{ .Values.backup.cronjob.storage.mountPath }}
{{- if .Values.tls.enabled }} {{- if .Values.tls.enabled }}
- name: PGSSLROOTCERT - name: PGSSLROOTCERT
{{- if .Values.tls.autoGenerated -}} {{- if .Values.tls.autoGenerated }}
value: /tmp/certs/ca.crt value: /tmp/certs/ca.crt
{{- else }} {{- else }}
value: {{- printf "/tmp/certs/%s" .Values.tls.certCAFilename -}} value: {{- printf "/tmp/certs/%s" .Values.tls.certCAFilename -}}

54
charts/bitnami/airflow/charts/postgresql/values.yaml
View File

@ -98,11 +98,11 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/postgresql repository: bitnami/postgresql
tag: 16.1.0-debian-11-r18 tag: 16.1.0-debian-11-r19
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ##
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -438,7 +438,7 @@ primary:
## ##
lifecycleHooks: {} lifecycleHooks: {}
## PostgreSQL Primary resource requests and limits ## PostgreSQL Primary resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers ## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers
## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers ## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers
## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers ## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers
@ -451,14 +451,21 @@ primary:
## Pod Security Context ## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.podSecurityContext.enabled Enable security context ## @param primary.podSecurityContext.enabled Enable security context
## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param primary.podSecurityContext.fsGroup Group ID for the pod ## @param primary.podSecurityContext.fsGroup Group ID for the pod
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Container Security Context ## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.containerSecurityContext.enabled Enabled containers' Security Context ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set container's Security Context privileged ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
@ -469,6 +476,7 @@ primary:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -533,7 +541,7 @@ primary:
## ##
affinity: {} affinity: {}
## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment ## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ##
nodeSelector: {} nodeSelector: {}
## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment ## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment
@ -802,7 +810,7 @@ readReplicas:
## ##
lifecycleHooks: {} lifecycleHooks: {}
## PostgreSQL read only resource requests and limits ## PostgreSQL read only resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers ## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers
## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers ## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers
## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers ## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers
@ -815,14 +823,21 @@ readReplicas:
## Pod Security Context ## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.podSecurityContext.enabled Enable security context ## @param readReplicas.podSecurityContext.enabled Enable security context
## @param readReplicas.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param readReplicas.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param readReplicas.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod ## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Container Security Context ## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context ## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
## @param readReplicas.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged ## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
@ -833,6 +848,7 @@ readReplicas:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -897,7 +913,7 @@ readReplicas:
## ##
affinity: {} affinity: {}
## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment ## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ##
nodeSelector: {} nodeSelector: {}
## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment ## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment
@ -1104,13 +1120,20 @@ backup:
## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy ## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
restartPolicy: OnFailure restartPolicy: OnFailure
## @param backup.cronjob.podSecurityContext.enabled Enable PodSecurityContext for CronJob/Backup ## @param backup.cronjob.podSecurityContext.enabled Enable PodSecurityContext for CronJob/Backup
## @param backup.cronjob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param backup.cronjob.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param backup.cronjob.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the CronJob ## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the CronJob
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## backup container's Security Context ## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
## @param backup.cronjob.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
@ -1120,6 +1143,7 @@ backup:
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -1140,7 +1164,7 @@ backup:
## @param backup.cronjob.annotations Set the cronjob annotations ## @param backup.cronjob.annotations Set the cronjob annotations
annotations: {} annotations: {}
## @param backup.cronjob.nodeSelector Node labels for PostgreSQL backup CronJob pod assignment ## @param backup.cronjob.nodeSelector Node labels for PostgreSQL backup CronJob pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
## ##
nodeSelector: {} nodeSelector: {}
storage: storage:
@ -1312,7 +1336,7 @@ volumePermissions:
## ##
pullSecrets: [] pullSecrets: []
## Init container resource requests and limits ## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits Init container volume-permissions resource limits ## @param volumePermissions.resources.limits Init container volume-permissions resource limits
## @param volumePermissions.resources.requests Init container volume-permissions resource requests ## @param volumePermissions.resources.requests Init container volume-permissions resource requests
## ##
@ -1322,12 +1346,14 @@ volumePermissions:
## Init container' Security Context ## Init container' Security Context
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser
## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
## @param volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container ## @param volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container
## @param volumePermissions.containerSecurityContext.runAsNonRoot runAsNonRoot for the init container ## @param volumePermissions.containerSecurityContext.runAsNonRoot runAsNonRoot for the init container
## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container ## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container
## ##
containerSecurityContext: containerSecurityContext:
seLinuxOptions: {}
runAsUser: 0 runAsUser: 0
runAsGroup: 0 runAsGroup: 0
runAsNonRoot: false runAsNonRoot: false
@ -1348,7 +1374,7 @@ serviceBindings:
serviceAccount: serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod ## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod
## ##
create: false create: true
## @param serviceAccount.name The name of the ServiceAccount to use. ## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template ## If not set and create is true, a name is generated using the common.names.fullname template
## ##
@ -1356,7 +1382,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API ## Can be set to false if pods using this serviceAccount do not need to use K8s API
## ##
automountServiceAccountToken: true automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
## ##
annotations: {} annotations: {}
@ -1401,7 +1427,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/postgres-exporter repository: bitnami/postgres-exporter
tag: 0.15.0-debian-11-r4 tag: 0.15.0-debian-11-r5
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1443,6 +1469,7 @@ metrics:
## PostgreSQL Prometheus exporter containers' Security Context ## PostgreSQL Prometheus exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
@ -1453,6 +1480,7 @@ metrics:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -1520,7 +1548,7 @@ metrics:
containerPorts: containerPorts:
metrics: 9187 metrics: 9187
## PostgreSQL Prometheus exporter resource requests and limits ## PostgreSQL Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container ## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container
## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container ## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container
## ##
@ -1540,7 +1568,7 @@ metrics:
clusterIP: "" clusterIP: ""
## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None ## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
## ##
sessionAffinity: None sessionAffinity: None
## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint

12
charts/bitnami/airflow/charts/redis/Chart.yaml
View File

@ -2,16 +2,16 @@ annotations:
category: Database category: Database
images: | images: |
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92 image: docker.io/bitnami/os-shell:11-debian-11-r93
- name: redis-exporter - name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r3 image: docker.io/bitnami/redis-exporter:1.56.0-debian-11-r0
- name: redis-sentinel - name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r2 image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r0
- name: redis - name: redis
image: docker.io/bitnami/redis:7.2.3-debian-11-r2 image: docker.io/bitnami/redis:7.2.4-debian-11-r0
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 7.2.3 appVersion: 7.2.4
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
@ -33,4 +33,4 @@ maintainers:
name: redis name: redis
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis - https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.6.1 version: 18.7.0

27
charts/bitnami/airflow/charts/redis/README.md
View File

@ -163,8 +163,12 @@ The command removes all the Kubernetes components associated with the chart and
| `master.resources.limits` | The resources limits for the Redis&reg; master containers | `{}` | | `master.resources.limits` | The resources limits for the Redis&reg; master containers | `{}` |
| `master.resources.requests` | The requested resources for the Redis&reg; master containers | `{}` | | `master.resources.requests` | The requested resources for the Redis&reg; master containers | `{}` |
| `master.podSecurityContext.enabled` | Enabled Redis&reg; master pods' Security Context | `true` | | `master.podSecurityContext.enabled` | Enabled Redis&reg; master pods' Security Context | `true` |
| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `master.podSecurityContext.fsGroup` | Set Redis&reg; master pod's Security Context fsGroup | `1001` | | `master.podSecurityContext.fsGroup` | Set Redis&reg; master pod's Security Context fsGroup | `1001` |
| `master.containerSecurityContext.enabled` | Enabled Redis&reg; master containers' Security Context | `true` | | `master.containerSecurityContext.enabled` | Enabled Redis&reg; master containers' Security Context | `true` |
| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `master.containerSecurityContext.runAsUser` | Set Redis&reg; master containers' Security Context runAsUser | `1001` | | `master.containerSecurityContext.runAsUser` | Set Redis&reg; master containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsGroup` | Set Redis&reg; master containers' Security Context runAsGroup | `0` | | `master.containerSecurityContext.runAsGroup` | Set Redis&reg; master containers' Security Context runAsGroup | `0` |
| `master.containerSecurityContext.runAsNonRoot` | Set Redis&reg; master containers' Security Context runAsNonRoot | `true` | | `master.containerSecurityContext.runAsNonRoot` | Set Redis&reg; master containers' Security Context runAsNonRoot | `true` |
@ -228,9 +232,9 @@ The command removes all the Kubernetes components associated with the chart and
| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | | `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` | | `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` |
| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | | `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `master.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | | `master.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | | `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
| `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | | `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
### Redis&reg; replicas configuration parameters ### Redis&reg; replicas configuration parameters
@ -277,8 +281,12 @@ The command removes all the Kubernetes components associated with the chart and
| `replica.resources.limits` | The resources limits for the Redis&reg; replicas containers | `{}` | | `replica.resources.limits` | The resources limits for the Redis&reg; replicas containers | `{}` |
| `replica.resources.requests` | The requested resources for the Redis&reg; replicas containers | `{}` | | `replica.resources.requests` | The requested resources for the Redis&reg; replicas containers | `{}` |
| `replica.podSecurityContext.enabled` | Enabled Redis&reg; replicas pods' Security Context | `true` | | `replica.podSecurityContext.enabled` | Enabled Redis&reg; replicas pods' Security Context | `true` |
| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `replica.podSecurityContext.fsGroup` | Set Redis&reg; replicas pod's Security Context fsGroup | `1001` | | `replica.podSecurityContext.fsGroup` | Set Redis&reg; replicas pod's Security Context fsGroup | `1001` |
| `replica.containerSecurityContext.enabled` | Enabled Redis&reg; replicas containers' Security Context | `true` | | `replica.containerSecurityContext.enabled` | Enabled Redis&reg; replicas containers' Security Context | `true` |
| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `replica.containerSecurityContext.runAsUser` | Set Redis&reg; replicas containers' Security Context runAsUser | `1001` | | `replica.containerSecurityContext.runAsUser` | Set Redis&reg; replicas containers' Security Context runAsUser | `1001` |
| `replica.containerSecurityContext.runAsGroup` | Set Redis&reg; replicas containers' Security Context runAsGroup | `0` | | `replica.containerSecurityContext.runAsGroup` | Set Redis&reg; replicas containers' Security Context runAsGroup | `0` |
| `replica.containerSecurityContext.runAsNonRoot` | Set Redis&reg; replicas containers' Security Context runAsNonRoot | `true` | | `replica.containerSecurityContext.runAsNonRoot` | Set Redis&reg; replicas containers' Security Context runAsNonRoot | `true` |
@ -346,9 +354,9 @@ The command removes all the Kubernetes components associated with the chart and
| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` | | `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` |
| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` | | `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` |
| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` | | `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` |
| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | | `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | | `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | | `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | | `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
### Redis&reg; Sentinel configuration parameters ### Redis&reg; Sentinel configuration parameters
@ -420,6 +428,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.resources.limits` | The resources limits for the Redis&reg; Sentinel containers | `{}` | | `sentinel.resources.limits` | The resources limits for the Redis&reg; Sentinel containers | `{}` |
| `sentinel.resources.requests` | The requested resources for the Redis&reg; Sentinel containers | `{}` | | `sentinel.resources.requests` | The requested resources for the Redis&reg; Sentinel containers | `{}` |
| `sentinel.containerSecurityContext.enabled` | Enabled Redis&reg; Sentinel containers' Security Context | `true` | | `sentinel.containerSecurityContext.enabled` | Enabled Redis&reg; Sentinel containers' Security Context | `true` |
| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `sentinel.containerSecurityContext.runAsUser` | Set Redis&reg; Sentinel containers' Security Context runAsUser | `1001` | | `sentinel.containerSecurityContext.runAsUser` | Set Redis&reg; Sentinel containers' Security Context runAsUser | `1001` |
| `sentinel.containerSecurityContext.runAsGroup` | Set Redis&reg; Sentinel containers' Security Context runAsGroup | `0` | | `sentinel.containerSecurityContext.runAsGroup` | Set Redis&reg; Sentinel containers' Security Context runAsGroup | `0` |
| `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis&reg; Sentinel containers' Security Context runAsNonRoot | `true` | | `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis&reg; Sentinel containers' Security Context runAsNonRoot | `true` |
@ -466,7 +475,7 @@ The command removes all the Kubernetes components associated with the chart and
| `rbac.rules` | Custom RBAC rules to set | `[]` | | `rbac.rules` | Custom RBAC rules to set | `[]` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | | `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | | `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | | `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` | | `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` |
| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` | | `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` |
@ -517,6 +526,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.extraArgs` | Extra arguments for Redis&reg; exporter, for example: | `{}` | | `metrics.extraArgs` | Extra arguments for Redis&reg; exporter, for example: | `{}` |
| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis&reg; exporter | `[]` | | `metrics.extraEnvVars` | Array with extra environment variables to add to Redis&reg; exporter | `[]` |
| `metrics.containerSecurityContext.enabled` | Enabled Redis&reg; exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.enabled` | Enabled Redis&reg; exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set Redis&reg; exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsUser` | Set Redis&reg; exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Set Redis&reg; exporter containers' Security Context runAsGroup | `0` | | `metrics.containerSecurityContext.runAsGroup` | Set Redis&reg; exporter containers' Security Context runAsGroup | `0` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis&reg; exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Redis&reg; exporter containers' Security Context runAsNonRoot | `true` |
@ -568,7 +578,7 @@ The command removes all the Kubernetes components associated with the chart and
### Init Container Parameters ### Init Container Parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | -------------------------- | | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
@ -577,6 +587,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | | `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | | `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | | `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
@ -623,7 +634,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/redis
## Configuration and installation details ## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@ -1007,7 +1018,7 @@ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remo
## License ## License
Copyright &copy; 2023 VMware, Inc. Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

4
charts/bitnami/airflow/charts/redis/templates/sentinel/node-services.yaml
View File

@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- range $i := until (int .Values.replica.replicaCount) }} {{- range $i := until (int .Values.replica.replicaCount) }}
{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} {{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
{{ $sentinelport := 0}} {{ $sentinelport := 0}}
{{ $redisport := 0}} {{ $redisport := 0}}
@ -20,7 +20,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ template "common.names.fullname" $ }}-node-{{ $i }} name: {{ template "common.names.fullname" $ }}-node-{{ $i }}
namespace: {{ include "common.names.namespace" . | quote }} namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node app.kubernetes.io/component: node
{{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }} {{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }}

68
charts/bitnami/airflow/charts/redis/values.yaml
View File

@ -94,11 +94,11 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis repository: bitnami/redis
tag: 7.2.3-debian-11-r2 tag: 7.2.4-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ##
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -266,7 +266,7 @@ master:
## ##
customReadinessProbe: {} customReadinessProbe: {}
## Redis&reg; master resource requests and limits ## Redis&reg; master resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param master.resources.limits The resources limits for the Redis&reg; master containers ## @param master.resources.limits The resources limits for the Redis&reg; master containers
## @param master.resources.requests The requested resources for the Redis&reg; master containers ## @param master.resources.requests The requested resources for the Redis&reg; master containers
## ##
@ -276,14 +276,21 @@ master:
## Configure Pods Security Context ## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param master.podSecurityContext.enabled Enabled Redis&reg; master pods' Security Context ## @param master.podSecurityContext.enabled Enabled Redis&reg; master pods' Security Context
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param master.podSecurityContext.fsGroup Set Redis&reg; master pod's Security Context fsGroup ## @param master.podSecurityContext.fsGroup Set Redis&reg; master pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param master.containerSecurityContext.enabled Enabled Redis&reg; master containers' Security Context ## @param master.containerSecurityContext.enabled Enabled Redis&reg; master containers' Security Context
## @param master.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param master.containerSecurityContext.runAsUser Set Redis&reg; master containers' Security Context runAsUser ## @param master.containerSecurityContext.runAsUser Set Redis&reg; master containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsGroup Set Redis&reg; master containers' Security Context runAsGroup ## @param master.containerSecurityContext.runAsGroup Set Redis&reg; master containers' Security Context runAsGroup
## @param master.containerSecurityContext.runAsNonRoot Set Redis&reg; master containers' Security Context runAsNonRoot ## @param master.containerSecurityContext.runAsNonRoot Set Redis&reg; master containers' Security Context runAsNonRoot
@ -293,6 +300,7 @@ master:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0 runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
@ -372,7 +380,7 @@ master:
## ##
affinity: {} affinity: {}
## @param master.nodeSelector Node labels for Redis&reg; master pods assignment ## @param master.nodeSelector Node labels for Redis&reg; master pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ##
nodeSelector: {} nodeSelector: {}
## @param master.tolerations Tolerations for Redis&reg; master pods assignment ## @param master.tolerations Tolerations for Redis&reg; master pods assignment
@ -435,7 +443,7 @@ master:
## ##
initContainers: [] initContainers: []
## Persistence parameters ## Persistence parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ##
persistence: persistence:
## @param master.persistence.enabled Enable persistence on Redis&reg; master nodes using Persistent Volume Claims ## @param master.persistence.enabled Enable persistence on Redis&reg; master nodes using Persistent Volume Claims
@ -576,7 +584,7 @@ master:
serviceAccount: serviceAccount:
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
## ##
create: false create: true
## @param master.serviceAccount.name The name of the ServiceAccount to use. ## @param master.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template ## If not set and create is true, a name is generated using the common.names.fullname template
## ##
@ -584,7 +592,7 @@ master:
## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token ## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
## ##
automountServiceAccountToken: true automountServiceAccountToken: false
## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount ## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount
## ##
annotations: {} annotations: {}
@ -709,7 +717,7 @@ replica:
## ##
customReadinessProbe: {} customReadinessProbe: {}
## Redis&reg; replicas resource requests and limits ## Redis&reg; replicas resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param replica.resources.limits The resources limits for the Redis&reg; replicas containers ## @param replica.resources.limits The resources limits for the Redis&reg; replicas containers
## @param replica.resources.requests The requested resources for the Redis&reg; replicas containers ## @param replica.resources.requests The requested resources for the Redis&reg; replicas containers
## ##
@ -727,14 +735,21 @@ replica:
## Configure Pods Security Context ## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param replica.podSecurityContext.enabled Enabled Redis&reg; replicas pods' Security Context ## @param replica.podSecurityContext.enabled Enabled Redis&reg; replicas pods' Security Context
## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param replica.podSecurityContext.fsGroup Set Redis&reg; replicas pod's Security Context fsGroup ## @param replica.podSecurityContext.fsGroup Set Redis&reg; replicas pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param replica.containerSecurityContext.enabled Enabled Redis&reg; replicas containers' Security Context ## @param replica.containerSecurityContext.enabled Enabled Redis&reg; replicas containers' Security Context
## @param replica.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param replica.containerSecurityContext.runAsUser Set Redis&reg; replicas containers' Security Context runAsUser ## @param replica.containerSecurityContext.runAsUser Set Redis&reg; replicas containers' Security Context runAsUser
## @param replica.containerSecurityContext.runAsGroup Set Redis&reg; replicas containers' Security Context runAsGroup ## @param replica.containerSecurityContext.runAsGroup Set Redis&reg; replicas containers' Security Context runAsGroup
## @param replica.containerSecurityContext.runAsNonRoot Set Redis&reg; replicas containers' Security Context runAsNonRoot ## @param replica.containerSecurityContext.runAsNonRoot Set Redis&reg; replicas containers' Security Context runAsNonRoot
@ -744,6 +759,7 @@ replica:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0 runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
@ -823,7 +839,7 @@ replica:
## ##
affinity: {} affinity: {}
## @param replica.nodeSelector Node labels for Redis&reg; replicas pods assignment ## @param replica.nodeSelector Node labels for Redis&reg; replicas pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ##
nodeSelector: {} nodeSelector: {}
## @param replica.tolerations Tolerations for Redis&reg; replicas pods assignment ## @param replica.tolerations Tolerations for Redis&reg; replicas pods assignment
@ -886,7 +902,7 @@ replica:
## ##
initContainers: [] initContainers: []
## Persistence Parameters ## Persistence Parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ##
persistence: persistence:
## @param replica.persistence.enabled Enable persistence on Redis&reg; replicas nodes using Persistent Volume Claims ## @param replica.persistence.enabled Enable persistence on Redis&reg; replicas nodes using Persistent Volume Claims
@ -1037,7 +1053,7 @@ replica:
serviceAccount: serviceAccount:
## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
## ##
create: false create: true
## @param replica.serviceAccount.name The name of the ServiceAccount to use. ## @param replica.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template ## If not set and create is true, a name is generated using the common.names.fullname template
## ##
@ -1045,7 +1061,7 @@ replica:
## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
## ##
automountServiceAccountToken: true automountServiceAccountToken: false
## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
## ##
annotations: {} annotations: {}
@ -1071,11 +1087,11 @@ sentinel:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis-sentinel repository: bitnami/redis-sentinel
tag: 7.2.3-debian-11-r2 tag: 7.2.4-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ##
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1213,7 +1229,7 @@ sentinel:
## ##
customReadinessProbe: {} customReadinessProbe: {}
## Persistence parameters ## Persistence parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ##
persistence: persistence:
## @param sentinel.persistence.enabled Enable persistence on Redis&reg; sentinel nodes using Persistent Volume Claims (Experimental) ## @param sentinel.persistence.enabled Enable persistence on Redis&reg; sentinel nodes using Persistent Volume Claims (Experimental)
@ -1265,7 +1281,7 @@ sentinel:
whenScaled: Retain whenScaled: Retain
whenDeleted: Retain whenDeleted: Retain
## Redis&reg; Sentinel resource requests and limits ## Redis&reg; Sentinel resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param sentinel.resources.limits The resources limits for the Redis&reg; Sentinel containers ## @param sentinel.resources.limits The resources limits for the Redis&reg; Sentinel containers
## @param sentinel.resources.requests The requested resources for the Redis&reg; Sentinel containers ## @param sentinel.resources.requests The requested resources for the Redis&reg; Sentinel containers
## ##
@ -1275,6 +1291,7 @@ sentinel:
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param sentinel.containerSecurityContext.enabled Enabled Redis&reg; Sentinel containers' Security Context ## @param sentinel.containerSecurityContext.enabled Enabled Redis&reg; Sentinel containers' Security Context
## @param sentinel.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param sentinel.containerSecurityContext.runAsUser Set Redis&reg; Sentinel containers' Security Context runAsUser ## @param sentinel.containerSecurityContext.runAsUser Set Redis&reg; Sentinel containers' Security Context runAsUser
## @param sentinel.containerSecurityContext.runAsGroup Set Redis&reg; Sentinel containers' Security Context runAsGroup ## @param sentinel.containerSecurityContext.runAsGroup Set Redis&reg; Sentinel containers' Security Context runAsGroup
## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis&reg; Sentinel containers' Security Context runAsNonRoot ## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis&reg; Sentinel containers' Security Context runAsNonRoot
@ -1284,6 +1301,7 @@ sentinel:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0 runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
@ -1487,7 +1505,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
## ##
automountServiceAccountToken: true automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
## ##
annotations: {} annotations: {}
@ -1554,7 +1572,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis-exporter repository: bitnami/redis-exporter
tag: 1.55.0-debian-11-r3 tag: 1.56.0-debian-11-r0
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1641,6 +1659,7 @@ metrics:
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.containerSecurityContext.enabled Enabled Redis&reg; exporter containers' Security Context ## @param metrics.containerSecurityContext.enabled Enabled Redis&reg; exporter containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set Redis&reg; exporter containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set Redis&reg; exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set Redis&reg; exporter containers' Security Context runAsGroup ## @param metrics.containerSecurityContext.runAsGroup Set Redis&reg; exporter containers' Security Context runAsGroup
## @param metrics.containerSecurityContext.runAsNonRoot Set Redis&reg; exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.runAsNonRoot Set Redis&reg; exporter containers' Security Context runAsNonRoot
@ -1650,6 +1669,7 @@ metrics:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0 runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
@ -1666,7 +1686,7 @@ metrics:
## ##
extraVolumeMounts: [] extraVolumeMounts: []
## Redis&reg; exporter resource requests and limits ## Redis&reg; exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param metrics.resources.limits The resources limits for the Redis&reg; exporter container ## @param metrics.resources.limits The resources limits for the Redis&reg; exporter container
## @param metrics.resources.requests The requested resources for the Redis&reg; exporter container ## @param metrics.resources.requests The requested resources for the Redis&reg; exporter container
## ##
@ -1870,7 +1890,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r92 tag: 11-debian-11-r93
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1882,7 +1902,7 @@ volumePermissions:
## ##
pullSecrets: [] pullSecrets: []
## Init container's resource requests and limits ## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits The resources limits for the init container ## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container ## @param volumePermissions.resources.requests The requested resources for the init container
## ##
@ -1891,12 +1911,14 @@ volumePermissions:
requests: {} requests: {}
## Init container Container Security Context ## Init container Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
## ##
containerSecurityContext: containerSecurityContext:
seLinuxOptions: {}
runAsUser: 0 runAsUser: 0
## init-sysctl container parameters ## init-sysctl container parameters
@ -1918,7 +1940,7 @@ sysctl:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r92 tag: 11-debian-11-r93
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1936,7 +1958,7 @@ sysctl:
## ##
mountHostSys: false mountHostSys: false
## Init container's resource requests and limits ## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param sysctl.resources.limits The resources limits for the init container ## @param sysctl.resources.limits The resources limits for the init container
## @param sysctl.resources.requests The requested resources for the init container ## @param sysctl.resources.requests The requested resources for the init container
## ##

1
charts/bitnami/airflow/templates/config/configmap.yaml
View File

@ -36,6 +36,7 @@ data:
{{- end }} {{- end }}
spec: spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }} {{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
{{- if .Values.worker.hostAliases }} {{- if .Values.worker.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
{{- end }} {{- end }}

1
charts/bitnami/airflow/templates/metrics/deployment.yaml
View File

@ -32,6 +32,7 @@ spec:
app.kubernetes.io/component: metrics app.kubernetes.io/component: metrics
spec: spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }} {{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.metrics.automountServiceAccountToken }}
{{- if .Values.metrics.hostAliases }} {{- if .Values.metrics.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.hostAliases "context" $) | nindent 8 }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.hostAliases "context" $) | nindent 8 }}
{{- end }} {{- end }}

17
charts/bitnami/airflow/templates/scheduler/deployment.yaml
View File

@ -36,6 +36,7 @@ spec:
{{- end }} {{- end }}
spec: spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }} {{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.scheduler.automountServiceAccountToken }}
{{- if .Values.scheduler.hostAliases }} {{- if .Values.scheduler.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.hostAliases "context" $) | nindent 8 }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.hostAliases "context" $) | nindent 8 }}
{{- end }} {{- end }}
@ -149,9 +150,25 @@ spec:
{{- if not .Values.diagnosticMode.enabled }} {{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.scheduler.customLivenessProbe }} {{- if .Values.scheduler.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customLivenessProbe "context" $) | trim | nindent 12 }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customLivenessProbe "context" $) | trim | nindent 12 }}
{{- else if .Values.scheduler.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.scheduler.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
airflow jobs check --job-type SchedulerJob --local {{- if not .Values.diagnosticMode.enabled }} 2>/dev/null {{- end }}
{{- end }} {{- end }}
{{- if .Values.scheduler.customReadinessProbe }} {{- if .Values.scheduler.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customReadinessProbe "context" $) | trim | nindent 12 }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customReadinessProbe "context" $) | trim | nindent 12 }}
{{- else if .Values.scheduler.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.scheduler.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
airflow jobs check --job-type SchedulerJob --local {{- if not .Values.diagnosticMode.enabled }} 2>/dev/null {{- end }}
{{- end }} {{- end }}
{{- if .Values.scheduler.customStartupProbe }} {{- if .Values.scheduler.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customStartupProbe "context" $) | nindent 12 }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customStartupProbe "context" $) | nindent 12 }}

1
charts/bitnami/airflow/templates/web/deployment.yaml
View File

@ -35,6 +35,7 @@ spec:
{{- end }} {{- end }}
spec: spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }} {{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.web.automountServiceAccountToken }}
{{- if .Values.web.hostAliases }} {{- if .Values.web.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.web.hostAliases "context" $) | nindent 8 }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.web.hostAliases "context" $) | nindent 8 }}
{{- end }} {{- end }}

1
charts/bitnami/airflow/templates/worker/statefulset.yaml
View File

@ -40,6 +40,7 @@ spec:
app.kubernetes.io/component: worker app.kubernetes.io/component: worker
spec: spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }} {{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
{{- if .Values.worker.hostAliases }} {{- if .Values.worker.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
{{- end }} {{- end }}

80
charts/bitnami/airflow/values.yaml
View File

@ -121,7 +121,7 @@ dags:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r93 tag: 11-debian-11-r94
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -188,7 +188,7 @@ web:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/airflow repository: bitnami/airflow
tag: 2.8.0-debian-11-r1 tag: 2.8.0-debian-11-r2
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -301,14 +301,21 @@ web:
## Configure Airflow web pods Security Context ## Configure Airflow web pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param web.podSecurityContext.enabled Enabled Airflow web pods' Security Context ## @param web.podSecurityContext.enabled Enabled Airflow web pods' Security Context
## @param web.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param web.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param web.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param web.podSecurityContext.fsGroup Set Airflow web pod's Security Context fsGroup ## @param web.podSecurityContext.fsGroup Set Airflow web pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Airflow web containers (only main one) Security Context ## Configure Airflow web containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context ## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context
## @param web.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser ## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser
## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot ## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged ## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
@ -318,6 +325,7 @@ web:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -329,6 +337,9 @@ web:
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup ## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
## @param web.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param web.hostAliases Deployment pod host aliases ## @param web.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -495,6 +506,36 @@ scheduler:
## @param scheduler.extraEnvVarsSecrets List of secrets with extra environment variables for Airflow scheduler pods ## @param scheduler.extraEnvVarsSecrets List of secrets with extra environment variables for Airflow scheduler pods
## ##
extraEnvVarsSecrets: [] extraEnvVarsSecrets: []
## Configure extra options for Airflow scheduler containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param scheduler.livenessProbe.enabled Enable livenessProbe on Airflow scheduler containers
## @param scheduler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param scheduler.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param scheduler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param scheduler.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param scheduler.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 180
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param scheduler.readinessProbe.enabled Enable readinessProbe on Airflow scheduler containers
## @param scheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param scheduler.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param scheduler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param scheduler.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param scheduler.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param scheduler.customLivenessProbe Custom livenessProbe that overrides the default one ## @param scheduler.customLivenessProbe Custom livenessProbe that overrides the default one
## ##
customLivenessProbe: {} customLivenessProbe: {}
@ -515,14 +556,21 @@ scheduler:
## Configure Airflow scheduler pods Security Context ## Configure Airflow scheduler pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param scheduler.podSecurityContext.enabled Enabled Airflow scheduler pods' Security Context ## @param scheduler.podSecurityContext.enabled Enabled Airflow scheduler pods' Security Context
## @param scheduler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param scheduler.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param scheduler.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param scheduler.podSecurityContext.fsGroup Set Airflow scheduler pod's Security Context fsGroup ## @param scheduler.podSecurityContext.fsGroup Set Airflow scheduler pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Airflow scheduler containers (only main one) Security Context ## Configure Airflow scheduler containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context ## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
## @param scheduler.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser ## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot ## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged ## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
@ -532,6 +580,7 @@ scheduler:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -543,6 +592,9 @@ scheduler:
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup ## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
## @param scheduler.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param scheduler.hostAliases Deployment pod host aliases ## @param scheduler.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -777,14 +829,21 @@ worker:
## Configure Airflow worker pods Security Context ## Configure Airflow worker pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param worker.podSecurityContext.enabled Enabled Airflow worker pods' Security Context ## @param worker.podSecurityContext.enabled Enabled Airflow worker pods' Security Context
## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param worker.podSecurityContext.fsGroup Set Airflow worker pod's Security Context fsGroup ## @param worker.podSecurityContext.fsGroup Set Airflow worker pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Airflow worker containers (only main one) Security Context ## Configure Airflow worker containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context ## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
## @param worker.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser ## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged ## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
@ -794,6 +853,7 @@ worker:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -805,6 +865,9 @@ worker:
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup ## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
## @param worker.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param worker.hostAliases Deployment pod host aliases ## @param worker.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -1316,7 +1379,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/airflow-exporter repository: bitnami/airflow-exporter
tag: 0.20220314.0-debian-11-r441 tag: 0.20220314.0-debian-11-r443
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1351,14 +1414,21 @@ metrics:
## Airflow exporter pods' Security Context ## Airflow exporter pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.podSecurityContext.enabled Enable security context for the pods ## @param metrics.podSecurityContext.enabled Enable security context for the pods
## @param metrics.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param metrics.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param metrics.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param metrics.podSecurityContext.fsGroup Set Airflow exporter pod's Security Context fsGroup ## @param metrics.podSecurityContext.fsGroup Set Airflow exporter pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Airflow exporter containers' Security Context ## Airflow exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context ## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
@ -1374,6 +1444,7 @@ metrics:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -1385,6 +1456,9 @@ metrics:
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup ## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
## @param metrics.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param metrics.hostAliases Airflow exporter pods host aliases ## @param metrics.hostAliases Airflow exporter pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##

6
charts/bitnami/cassandra/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3 version: 2.14.1
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83 digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
generated: "2023-11-07T11:38:22.303262695Z" generated: "2024-01-17T19:55:21.831469725Z"

8
charts/bitnami/cassandra/Chart.yaml
View File

@ -6,11 +6,11 @@ annotations:
category: Database category: Database
images: | images: |
- name: cassandra-exporter - name: cassandra-exporter
image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r431 image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r433
- name: cassandra - name: cassandra
image: docker.io/bitnami/cassandra:4.1.3-debian-11-r78 image: docker.io/bitnami/cassandra:4.1.3-debian-11-r81
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92 image: docker.io/bitnami/os-shell:11-debian-11-r94
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 4.1.3 appVersion: 4.1.3
@ -35,4 +35,4 @@ maintainers:
name: cassandra name: cassandra
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra - https://github.com/bitnami/charts/tree/main/bitnami/cassandra
version: 10.6.9 version: 10.8.0

8
charts/bitnami/cassandra/README.md
View File

@ -119,6 +119,7 @@ The command removes all the Kubernetes components associated with the chart and
| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- | | --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of Cassandra replicas | `1` | | `replicaCount` | Number of Cassandra replicas | `1` |
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | | `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `hostAliases` | Add deployment host aliases | `[]` | | `hostAliases` | Add deployment host aliases | `[]` |
| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | | `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` |
| `priorityClassName` | Cassandra pods' priority. | `""` | | `priorityClassName` | Cassandra pods' priority. | `""` |
@ -134,8 +135,12 @@ The command removes all the Kubernetes components associated with the chart and
| `tolerations` | Tolerations for pod assignment | `[]` | | `tolerations` | Tolerations for pod assignment | `[]` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | | `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | | `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` | | `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` | | `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
@ -234,7 +239,7 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` | | `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` | | `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
@ -243,6 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | | `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters ### Metrics parameters

4
charts/bitnami/cassandra/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.3 appVersion: 2.14.1
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.3 version: 2.14.1

4
charts/bitnami/cassandra/charts/common/README.md
View File

@ -24,14 +24,14 @@ data:
myvalue: "Hello World" myvalue: "Hello World"
``` ```
Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction ## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
- Kubernetes 1.23+ - Kubernetes 1.23+

22
charts/bitnami/cassandra/charts/common/templates/_secrets.tpl
View File

@ -78,6 +78,8 @@ Params:
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context. - context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
- skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
- skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
The order in which this function returns a secret password: The order in which this function returns a secret password:
1. Already existing 'Secret' resource 1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@ -91,7 +93,6 @@ The order in which this function returns a secret password:
{{- $password := "" }} {{- $password := "" }}
{{- $subchart := "" }} {{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }} {{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }} {{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@ -99,12 +100,14 @@ The order in which this function returns a secret password:
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }} {{- if $secretData }}
{{- if hasKey $secretData .key }} {{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }} {{- $password = index $secretData .key | b64dec }}
{{- else if $failOnNew }} {{- else if not (eq .failOnNew false) }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- end -}} {{- end -}}
{{- else if $providedPasswordValue }} {{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }} {{- $password = $providedPasswordValue | toString }}
{{- else }} {{- else }}
{{- if .context.Values.enabled }} {{- if .context.Values.enabled }}
@ -120,12 +123,19 @@ The order in which this function returns a secret password:
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }} {{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
{{- else }} {{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }} {{- $password = randAlphaNum $passwordLength }}
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{- if not .skipB64enc }}
{{- $password = $password | b64enc }}
{{- end -}}
{{- if .skipQuote -}}
{{- printf "%s" $password -}} {{- printf "%s" $password -}}
{{- else -}}
{{- printf "%s" $password | quote -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*

1
charts/bitnami/cassandra/templates/statefulset.yaml
View File

@ -34,6 +34,7 @@ spec:
{{- end }} {{- end }}
spec: spec:
{{- include "cassandra.imagePullSecrets" . | nindent 6 }} {{- include "cassandra.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }} {{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }} {{- end }}

19
charts/bitnami/cassandra/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/cassandra repository: bitnami/cassandra
tag: 4.1.3-debian-11-r78 tag: 4.1.3-debian-11-r81
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -214,6 +214,9 @@ replicaCount: 1
## ##
updateStrategy: updateStrategy:
type: RollingUpdate type: RollingUpdate
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases Add deployment host aliases ## @param hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -279,14 +282,21 @@ topologySpreadConstraints: []
## Pod security context ## Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled Cassandra pods' Security Context ## @param podSecurityContext.enabled Enabled Cassandra pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Set Cassandra pod's Security Context fsGroup ## @param podSecurityContext.fsGroup Set Cassandra pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context (only main container) ## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context ## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser ## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation ## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped ## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
@ -297,6 +307,7 @@ podSecurityContext:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -628,7 +639,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r92 tag: 11-debian-11-r94
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -664,6 +675,7 @@ volumePermissions:
## Init container Security Context ## Init container Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser ## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below volumePermissions.securityContext.runAsUser ## and not the below volumePermissions.securityContext.runAsUser
## @param volumePermissions.securityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.securityContext.runAsUser User ID for the init container ## @param volumePermissions.securityContext.runAsUser User ID for the init container
## ##
## When runAsUser is set to special value "auto", init container will try to chwon the ## When runAsUser is set to special value "auto", init container will try to chwon the
@ -673,6 +685,7 @@ volumePermissions:
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
## ##
securityContext: securityContext:
seLinuxOptions: {}
runAsUser: 0 runAsUser: 0
## @section Metrics parameters ## @section Metrics parameters
@ -696,7 +709,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/cassandra-exporter repository: bitnami/cassandra-exporter
tag: 2.3.8-debian-11-r431 tag: 2.3.8-debian-11-r433
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.

6
charts/bitnami/kafka/Chart.lock
View File

@ -1,9 +1,9 @@
dependencies: dependencies:
- name: zookeeper - name: zookeeper
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 12.4.0 version: 12.5.0
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1 version: 2.14.1
digest: sha256:436dc8df38da8dfade2782e499dfea25d0dd1ed683bb42c8cc9f6b97f3ea66fe digest: sha256:e4feec8f181106637521ad9f041bab689837c3793a890cbd82d0fe386eb7b4b3
generated: "2023-12-22T14:05:20.981818545Z" generated: "2024-01-17T19:59:13.138728344Z"

12
charts/bitnami/kafka/Chart.yaml
View File

@ -6,15 +6,15 @@ annotations:
category: Infrastructure category: Infrastructure
images: | images: |
- name: jmx-exporter - name: jmx-exporter
image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r2 image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r3
- name: kafka-exporter - name: kafka-exporter
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r134 image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r136
- name: kafka - name: kafka
image: docker.io/bitnami/kafka:3.6.1-debian-11-r0 image: docker.io/bitnami/kafka:3.6.1-debian-11-r1
- name: kubectl - name: kubectl
image: docker.io/bitnami/kubectl:1.29.0-debian-11-r0 image: docker.io/bitnami/kubectl:1.29.0-debian-11-r2
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92 image: docker.io/bitnami/os-shell:11-debian-11-r94
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 3.6.1 appVersion: 3.6.1
@ -45,4 +45,4 @@ maintainers:
name: kafka name: kafka
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka - https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 26.6.3 version: 26.8.0

24
charts/bitnami/kafka/README.md
View File

@ -231,9 +231,13 @@ The command removes all the Kubernetes components associated with the chart and
| `controller.resources.limits` | The resources limits for the container | `{}` | | `controller.resources.limits` | The resources limits for the container | `{}` |
| `controller.resources.requests` | The requested resources for the container | `{}` | | `controller.resources.requests` | The requested resources for the container | `{}` |
| `controller.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `controller.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `controller.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` | | `controller.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` |
| `controller.podSecurityContext.seccompProfile.type` | Set Kafka pods's Security Context seccomp profile | `RuntimeDefault` | | `controller.podSecurityContext.seccompProfile.type` | Set Kafka pods's Security Context seccomp profile | `RuntimeDefault` |
| `controller.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` | | `controller.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` |
| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `controller.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` | | `controller.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` |
| `controller.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` | | `controller.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` |
| `controller.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` | | `controller.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` |
@ -332,9 +336,13 @@ The command removes all the Kubernetes components associated with the chart and
| `broker.resources.limits` | The resources limits for the container | `{}` | | `broker.resources.limits` | The resources limits for the container | `{}` |
| `broker.resources.requests` | The requested resources for the container | `{}` | | `broker.resources.requests` | The requested resources for the container | `{}` |
| `broker.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `broker.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `broker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `broker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `broker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `broker.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` | | `broker.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` |
| `broker.podSecurityContext.seccompProfile.type` | Set Kafka pod's Security Context seccomp profile | `RuntimeDefault` | | `broker.podSecurityContext.seccompProfile.type` | Set Kafka pod's Security Context seccomp profile | `RuntimeDefault` |
| `broker.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` | | `broker.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` |
| `broker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `broker.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` | | `broker.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` |
| `broker.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` | | `broker.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` |
| `broker.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` | | `broker.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` |
@ -404,6 +412,7 @@ The command removes all the Kubernetes components associated with the chart and
| `service.clusterIP` | Kafka service Cluster IP | `""` | | `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | | `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | | `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | | `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` | | `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` | | `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` |
@ -420,6 +429,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | | `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | | `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.containerSecurityContext.enabled` | Enable Kafka auto-discovery containers' Security Context | `true` | | `externalAccess.autoDiscovery.containerSecurityContext.enabled` | Enable Kafka auto-discovery containers' Security Context | `true` |
| `externalAccess.autoDiscovery.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `externalAccess.autoDiscovery.containerSecurityContext.runAsUser` | Set Kafka auto-discovery containers' Security Context runAsUser | `1001` | | `externalAccess.autoDiscovery.containerSecurityContext.runAsUser` | Set Kafka auto-discovery containers' Security Context runAsUser | `1001` |
| `externalAccess.autoDiscovery.containerSecurityContext.runAsNonRoot` | Set Kafka auto-discovery containers' Security Context runAsNonRoot | `true` | | `externalAccess.autoDiscovery.containerSecurityContext.runAsNonRoot` | Set Kafka auto-discovery containers' Security Context runAsNonRoot | `true` |
| `externalAccess.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka auto-discovery containers' Security Context allowPrivilegeEscalation | `false` | | `externalAccess.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka auto-discovery containers' Security Context allowPrivilegeEscalation | `false` |
@ -433,6 +443,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | | `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.controller.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
| `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | | `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
@ -448,6 +459,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | | `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.broker.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
| `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | | `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
@ -466,7 +478,7 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
@ -475,6 +487,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Other Parameters ### Other Parameters
@ -530,9 +543,13 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.kafka.resources.limits` | The resources limits for the container | `{}` | | `metrics.kafka.resources.limits` | The resources limits for the container | `{}` |
| `metrics.kafka.resources.requests` | The requested resources for the container | `{}` | | `metrics.kafka.resources.requests` | The requested resources for the container | `{}` |
| `metrics.kafka.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `metrics.kafka.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `metrics.kafka.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `metrics.kafka.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `metrics.kafka.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `metrics.kafka.podSecurityContext.fsGroup` | Set Kafka exporter pod's Security Context fsGroup | `1001` | | `metrics.kafka.podSecurityContext.fsGroup` | Set Kafka exporter pod's Security Context fsGroup | `1001` |
| `metrics.kafka.podSecurityContext.seccompProfile.type` | Set Kafka exporter pod's Security Context seccomp profile | `RuntimeDefault` | | `metrics.kafka.podSecurityContext.seccompProfile.type` | Set Kafka exporter pod's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.kafka.containerSecurityContext.enabled` | Enable Kafka exporter containers' Security Context | `true` | | `metrics.kafka.containerSecurityContext.enabled` | Enable Kafka exporter containers' Security Context | `true` |
| `metrics.kafka.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.kafka.containerSecurityContext.runAsUser` | Set Kafka exporter containers' Security Context runAsUser | `1001` | | `metrics.kafka.containerSecurityContext.runAsUser` | Set Kafka exporter containers' Security Context runAsUser | `1001` |
| `metrics.kafka.containerSecurityContext.runAsNonRoot` | Set Kafka exporter containers' Security Context runAsNonRoot | `true` | | `metrics.kafka.containerSecurityContext.runAsNonRoot` | Set Kafka exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.kafka.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka exporter containers' Security Context allowPrivilegeEscalation | `false` | | `metrics.kafka.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka exporter containers' Security Context allowPrivilegeEscalation | `false` |
@ -572,6 +589,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` | | `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` |
| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` | | `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` |
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` | | `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation | `false` | | `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation | `false` |
@ -644,9 +662,13 @@ The command removes all the Kubernetes components associated with the chart and
| `provisioning.resources.limits` | The resources limits for the Kafka provisioning container | `{}` | | `provisioning.resources.limits` | The resources limits for the Kafka provisioning container | `{}` |
| `provisioning.resources.requests` | The requested resources for the Kafka provisioning container | `{}` | | `provisioning.resources.requests` | The requested resources for the Kafka provisioning container | `{}` |
| `provisioning.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `provisioning.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `provisioning.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `provisioning.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `provisioning.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `provisioning.podSecurityContext.fsGroup` | Set Kafka provisioning pod's Security Context fsGroup | `1001` | | `provisioning.podSecurityContext.fsGroup` | Set Kafka provisioning pod's Security Context fsGroup | `1001` |
| `provisioning.podSecurityContext.seccompProfile.type` | Set Kafka provisioning pod's Security Context seccomp profile | `RuntimeDefault` | | `provisioning.podSecurityContext.seccompProfile.type` | Set Kafka provisioning pod's Security Context seccomp profile | `RuntimeDefault` |
| `provisioning.containerSecurityContext.enabled` | Enable Kafka provisioning containers' Security Context | `true` | | `provisioning.containerSecurityContext.enabled` | Enable Kafka provisioning containers' Security Context | `true` |
| `provisioning.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `provisioning.containerSecurityContext.runAsUser` | Set Kafka provisioning containers' Security Context runAsUser | `1001` | | `provisioning.containerSecurityContext.runAsUser` | Set Kafka provisioning containers' Security Context runAsUser | `1001` |
| `provisioning.containerSecurityContext.runAsNonRoot` | Set Kafka provisioning containers' Security Context runAsNonRoot | `true` | | `provisioning.containerSecurityContext.runAsNonRoot` | Set Kafka provisioning containers' Security Context runAsNonRoot | `true` |
| `provisioning.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka provisioning containers' Security Context allowPrivilegeEscalation | `false` | | `provisioning.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka provisioning containers' Security Context allowPrivilegeEscalation | `false` |

6
charts/bitnami/kafka/charts/zookeeper/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3 version: 2.14.1
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83 digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
generated: "2023-11-08T15:19:54.720987032Z" generated: "2024-01-01T00:08:42.872982603Z"

6
charts/bitnami/kafka/charts/zookeeper/Chart.yaml
View File

@ -2,9 +2,9 @@ annotations:
category: Infrastructure category: Infrastructure
images: | images: |
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r91 image: docker.io/bitnami/os-shell:11-debian-11-r93
- name: zookeeper - name: zookeeper
image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r2 image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r5
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 3.9.1 appVersion: 3.9.1
@ -26,4 +26,4 @@ maintainers:
name: zookeeper name: zookeeper
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.4.0 version: 12.5.0

19
charts/bitnami/kafka/charts/zookeeper/README.md
View File

@ -111,8 +111,8 @@ The command removes all the Kubernetes components associated with the chart and
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` | | `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` | | `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` | | `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` | | `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `10` |
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` | | `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `1` |
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` | | `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` | | `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
| `dataLogDir` | Dedicated data log directory | `""` | | `dataLogDir` | Dedicated data log directory | `""` |
@ -161,8 +161,12 @@ The command removes all the Kubernetes components associated with the chart and
| `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` | | `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` |
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` | | `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -228,9 +232,9 @@ The command removes all the Kubernetes components associated with the chart and
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------- | ------- | | --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for ZooKeeper pod | `false` | | `serviceAccount.create` | Enable creation of ServiceAccount for ZooKeeper pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | | `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | | `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | | `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
### Persistence parameters ### Persistence parameters
@ -252,7 +256,7 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
@ -262,6 +266,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | | `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters ### Metrics parameters
@ -346,7 +351,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zooke
## Configuration and installation details ## Configuration and installation details
### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) ### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@ -523,7 +528,7 @@ kubectl delete statefulset zookeeper-zookeeper --cascade=false
## License ## License
Copyright &copy; 2023 VMware, Inc. Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

4
charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.3 appVersion: 2.14.1
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.3 version: 2.14.1

4
charts/bitnami/kafka/charts/zookeeper/charts/common/README.md
View File

@ -24,14 +24,14 @@ data:
myvalue: "Hello World" myvalue: "Hello World"
``` ```
Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction ## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
- Kubernetes 1.23+ - Kubernetes 1.23+

22
charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_secrets.tpl
View File

@ -78,6 +78,8 @@ Params:
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context. - context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
- skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
- skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
The order in which this function returns a secret password: The order in which this function returns a secret password:
1. Already existing 'Secret' resource 1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@ -91,7 +93,6 @@ The order in which this function returns a secret password:
{{- $password := "" }} {{- $password := "" }}
{{- $subchart := "" }} {{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }} {{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }} {{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@ -99,12 +100,14 @@ The order in which this function returns a secret password:
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }} {{- if $secretData }}
{{- if hasKey $secretData .key }} {{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }} {{- $password = index $secretData .key | b64dec }}
{{- else if $failOnNew }} {{- else if not (eq .failOnNew false) }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- end -}} {{- end -}}
{{- else if $providedPasswordValue }} {{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }} {{- $password = $providedPasswordValue | toString }}
{{- else }} {{- else }}
{{- if .context.Values.enabled }} {{- if .context.Values.enabled }}
@ -120,12 +123,19 @@ The order in which this function returns a secret password:
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }} {{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
{{- else }} {{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }} {{- $password = randAlphaNum $passwordLength }}
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{- if not .skipB64enc }}
{{- $password = $password | b64enc }}
{{- end -}}
{{- if .skipQuote -}}
{{- printf "%s" $password -}} {{- printf "%s" $password -}}
{{- else -}}
{{- printf "%s" $password | quote -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*

22
charts/bitnami/kafka/charts/zookeeper/templates/statefulset.yaml
View File

@ -378,26 +378,20 @@ spec:
{{- else if .Values.livenessProbe.enabled }} {{- else if .Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled" "probeCommandTimeout") "context" $) | nindent 12 }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled" "probeCommandTimeout") "context" $) | nindent 12 }}
exec: exec:
{{- if not .Values.service.disableBaseClientPort }} command:
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} nc -w {{ .Values.livenessProbe.probeCommandTimeout }} -q 1 localhost {{ .Values.containerPorts.client }} | grep imok'] - /bin/bash
{{- else if not .Values.tls.client.enabled }} - -ec
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} | grep imok'] - ZOO_HC_TIMEOUT={{ .Values.livenessProbe.probeCommandTimeout }} /opt/bitnami/scripts/zookeeper/healthcheck.sh
{{- else }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} -cert {{ .Values.service.tls.client_cert_pem_path }} -key {{ .Values.service.tls.client_key_pem_path }} | grep imok']
{{- end }}
{{- end }} {{- end }}
{{- if .Values.customReadinessProbe }} {{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }} {{- else if .Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled" "probeCommandTimeout") "context" $) | nindent 12 }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled" "probeCommandTimeout") "context" $) | nindent 12 }}
exec: exec:
{{- if not .Values.service.disableBaseClientPort }} command:
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} nc -w {{ .Values.readinessProbe.probeCommandTimeout }} -q 1 localhost {{ .Values.containerPorts.client }} | grep imok'] - /bin/bash
{{- else if not .Values.tls.client.enabled }} - -ec
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} | grep imok'] - ZOO_HC_TIMEOUT={{ .Values.readinessProbe.probeCommandTimeout }} /opt/bitnami/scripts/zookeeper/healthcheck.sh
{{- else }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} -cert {{ .Values.service.tls.client_cert_pem_path }} -key {{ .Values.service.tls.client_key_pem_path }} | grep imok']
{{- end }}
{{- end }} {{- end }}
{{- if .Values.customStartupProbe }} {{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}

40
charts/bitnami/kafka/charts/zookeeper/values.yaml
View File

@ -79,11 +79,11 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/zookeeper repository: bitnami/zookeeper
tag: 3.9.1-debian-11-r2 tag: 3.9.1-debian-11-r5
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
## ##
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -185,11 +185,11 @@ listenOnAllIPs: false
autopurge: autopurge:
## @param autopurge.snapRetainCount The most recent snapshots amount (and corresponding transaction logs) to retain ## @param autopurge.snapRetainCount The most recent snapshots amount (and corresponding transaction logs) to retain
## ##
snapRetainCount: 3 snapRetainCount: 10
## @param autopurge.purgeInterval The time interval (in hours) for which the purge task has to be triggered ## @param autopurge.purgeInterval The time interval (in hours) for which the purge task has to be triggered
## Set to a positive integer to enable the auto purging ## Set to a positive integer to enable the auto purging. Set to 0 to disable auto purging.
## ##
purgeInterval: 0 purgeInterval: 1
## @param logLevel Log level for the ZooKeeper server. ERROR by default ## @param logLevel Log level for the ZooKeeper server. ERROR by default
## Have in mind if you set it to INFO or WARN the ReadinessProve will produce a lot of logs ## Have in mind if you set it to INFO or WARN the ReadinessProve will produce a lot of logs
## ##
@ -312,7 +312,7 @@ customStartupProbe: {}
## ##
lifecycleHooks: {} lifecycleHooks: {}
## ZooKeeper resource requests and limits ## ZooKeeper resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param resources.limits The resources limits for the ZooKeeper containers ## @param resources.limits The resources limits for the ZooKeeper containers
## @param resources.requests.memory The requested memory for the ZooKeeper containers ## @param resources.requests.memory The requested memory for the ZooKeeper containers
## @param resources.requests.cpu The requested cpu for the ZooKeeper containers ## @param resources.requests.cpu The requested cpu for the ZooKeeper containers
@ -325,14 +325,21 @@ resources:
## Configure Pods Security Context ## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled ZooKeeper pods' Security Context ## @param podSecurityContext.enabled Enabled ZooKeeper pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Set ZooKeeper pod's Security Context fsGroup ## @param podSecurityContext.fsGroup Set ZooKeeper pod's Security Context fsGroup
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged ## @param containerSecurityContext.privileged Set container's Security Context privileged
@ -343,6 +350,7 @@ podSecurityContext:
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
@ -397,7 +405,7 @@ nodeAffinityPreset:
## ##
affinity: {} affinity: {}
## @param nodeSelector Node labels for pod assignment ## @param nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
## ##
nodeSelector: {} nodeSelector: {}
## @param tolerations Tolerations for pod assignment ## @param tolerations Tolerations for pod assignment
@ -542,7 +550,7 @@ service:
disableBaseClientPort: false disableBaseClientPort: false
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None ## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
## ##
sessionAffinity: None sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
@ -557,7 +565,7 @@ service:
## ##
clusterIP: "" clusterIP: ""
## @param service.loadBalancerIP ZooKeeper service Load Balancer IP ## @param service.loadBalancerIP ZooKeeper service Load Balancer IP
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
## ##
loadBalancerIP: "" loadBalancerIP: ""
## @param service.loadBalancerSourceRanges ZooKeeper service Load Balancer sources ## @param service.loadBalancerSourceRanges ZooKeeper service Load Balancer sources
@ -606,7 +614,7 @@ networkPolicy:
serviceAccount: serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for ZooKeeper pod ## @param serviceAccount.create Enable creation of ServiceAccount for ZooKeeper pod
## ##
create: false create: true
## @param serviceAccount.name The name of the ServiceAccount to use. ## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template ## If not set and create is true, a name is generated using the common.names.fullname template
## ##
@ -614,7 +622,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API ## Can be set to false if pods using this serviceAccount do not need to use K8s API
## ##
automountServiceAccountToken: true automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
## ##
annotations: {} annotations: {}
@ -622,7 +630,7 @@ serviceAccount:
## @section Persistence parameters ## @section Persistence parameters
## Enable persistence using Persistent Volume Claims ## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## ##
persistence: persistence:
## @param persistence.enabled Enable ZooKeeper data persistence using PVC. If false, use emptyDir ## @param persistence.enabled Enable ZooKeeper data persistence using PVC. If false, use emptyDir
@ -700,7 +708,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r91 tag: 11-debian-11-r93
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -712,7 +720,7 @@ volumePermissions:
## ##
pullSecrets: [] pullSecrets: []
## Init container resource requests and limits ## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits Init container volume-permissions resource limits ## @param volumePermissions.resources.limits Init container volume-permissions resource limits
## @param volumePermissions.resources.requests Init container volume-permissions resource requests ## @param volumePermissions.resources.requests Init container volume-permissions resource requests
## ##
@ -723,10 +731,12 @@ volumePermissions:
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser
## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context ## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context
## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
seLinuxOptions: {}
runAsUser: 0 runAsUser: 0
## @section Metrics parameters ## @section Metrics parameters
@ -910,7 +920,7 @@ tls:
## ##
truststorePassword: "" truststorePassword: ""
## Init container resource requests and limits ## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param tls.resources.limits The resources limits for the TLS init container ## @param tls.resources.limits The resources limits for the TLS init container
## @param tls.resources.requests The requested resources for the TLS init container ## @param tls.resources.requests The requested resources for the TLS init container
## ##

1
charts/bitnami/kafka/templates/broker/svc-external-access.yaml
View File

@ -30,6 +30,7 @@ metadata:
spec: spec:
type: {{ $.Values.externalAccess.broker.service.type }} type: {{ $.Values.externalAccess.broker.service.type }}
{{- if eq $.Values.externalAccess.broker.service.type "LoadBalancer" }} {{- if eq $.Values.externalAccess.broker.service.type "LoadBalancer" }}
allocateLoadBalancerNodePorts: {{ $.Values.externalAccess.broker.service.allocateLoadBalancerNodePorts }}
{{- if and (not (empty $.Values.externalAccess.broker.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.broker.service.loadBalancerIPs) $replicaCount) }} {{- if and (not (empty $.Values.externalAccess.broker.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.broker.service.loadBalancerIPs) $replicaCount) }}
loadBalancerIP: {{ index $.Values.externalAccess.broker.service.loadBalancerIPs $i }} loadBalancerIP: {{ index $.Values.externalAccess.broker.service.loadBalancerIPs $i }}
{{- end }} {{- end }}

1
charts/bitnami/kafka/templates/controller-eligible/svc-external-access.yaml
View File

@ -31,6 +31,7 @@ metadata:
spec: spec:
type: {{ $.Values.externalAccess.controller.service.type }} type: {{ $.Values.externalAccess.controller.service.type }}
{{- if eq $.Values.externalAccess.controller.service.type "LoadBalancer" }} {{- if eq $.Values.externalAccess.controller.service.type "LoadBalancer" }}
allocateLoadBalancerNodePorts: {{ $.Values.externalAccess.controller.service.allocateLoadBalancerNodePorts }}
{{- if and (not (empty $.Values.externalAccess.controller.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.controller.service.loadBalancerIPs) $replicaCount) }} {{- if and (not (empty $.Values.externalAccess.controller.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.controller.service.loadBalancerIPs) $replicaCount) }}
loadBalancerIP: {{ index $.Values.externalAccess.controller.service.loadBalancerIPs $i }} loadBalancerIP: {{ index $.Values.externalAccess.controller.service.loadBalancerIPs $i }}
{{- end }} {{- end }}

Some files were not shown because too many files have changed in this diff Show More