andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  amd/amd-gpu:
    - 0.11.0
  argo/argo-cd:
    - 5.53.8
  bitnami/airflow:
    - 16.4.0
  bitnami/cassandra:
    - 10.8.0
  bitnami/kafka:
    - 26.8.0
  bitnami/mariadb:
    - 15.2.0
  bitnami/mysql:
    - 9.18.0
  bitnami/postgresql:
    - 13.4.1
  bitnami/redis:
    - 18.8.0
  bitnami/spark:
    - 8.3.0
  bitnami/tomcat:
    - 10.13.0
  bitnami/wordpress:
    - 19.2.1
  bitnami/zookeeper:
    - 12.6.0
  cockroach-labs/cockroachdb:
    - 11.2.4
  datadog/datadog:
    - 3.52.0
  f5/f5-bigip-ctlr:
    - 0.0.28
  f5/nginx-ingress:
    - 1.1.2
  haproxy/haproxy:
    - 1.36.1
  inaccel/fpga-operator:
    - 2.8.2
  instana/instana-agent:
    - 1.2.67
  jaeger/jaeger-operator:
    - 2.50.1
  jenkins/jenkins:
    - 4.12.0
  kasten/k10:
    - 6.5.2
  kong/kong:
    - 2.34.0
  linkerd/linkerd-control-plane:
    - 1.16.10
  nats/nats:
    - 1.1.7
  new-relic/nri-bundle:
    - 5.0.60
  redpanda/redpanda:
    - 5.7.10
  speedscale/speedscale-operator:
    - 2.0.5
  stackstate/stackstate-k8s-agent:
    - 1.0.67
  trilio/k8s-triliovault-operator:
    - 4.0.1
  weka/csi-wekafsplugin:
    - 2.3.4
  yugabyte/yugabyte:
    - 2.14.15
  yugabyte/yugaware:
    - 2.14.15
```
pull/972/head
github-actions[bot] 2024-01-23 16:25:05 +00:00
parent 29fdac5597
commit 15ba946fc7
365 changed files with 18425 additions and 3205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/amd/amd-gpu-0.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.52.1.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.53.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.4.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-10.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-26.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-15.2.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.18.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-13.4.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-18.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-8.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.13.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-19.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-12.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/cockroach-labs/cockroachdb-11.2.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.52.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/f5-bigip-ctlr-0.0.2801.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.1.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.36.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/inaccel/fpga-operator-2.8.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/instana/instana-agent-1.2.67.tgz Normal file
View File

Binary file not shown.

BIN
assets/jaeger/jaeger-operator-2.50.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-4.12.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.5.201.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.34.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-1.16.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-1.16.9.tgz
View File

Binary file not shown.

BIN
assets/nats/nats-1.1.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.60.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.7.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.0.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.67.tgz Normal file
View File

Binary file not shown.

BIN
assets/trilio/k8s-triliovault-operator-4.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/weka/csi-wekafsplugin-2.3.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.14.15.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2.14.15.tgz Normal file
View File

Binary file not shown.

6
charts/amd/amd-gpu/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: node-feature-discovery
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
version: 0.14.3
digest: sha256:a1651e3e727f3f60f286930ab341af1009cce742b181d19b9ec75d392c5c339b
generated: "2023-11-03T05:15:42.351779792Z"
version: 0.15.0
digest: sha256:35fafe91e8fe2c76d852ca87cfece3ce6475d9b0719284757e2f093f4be1cac4
generated: "2024-01-15T04:05:45.773461678Z"

10
charts/amd/amd-gpu/Chart.yaml
View File

@ -4,15 +4,15 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.18.0-0'
catalog.cattle.io/release-name: amd-gpu
apiVersion: v2
appVersion: 1.25.2.5
appVersion: 1.25.2.6
dependencies:
- condition: nfd.enabled
name: node-feature-discovery
repository: file://./charts/node-feature-discovery
version: '>= 0.8.1-0'
description: A Helm chart for deploying Kubernetes AMD GPU device plugin
home: https://github.com/ROCm/k8s-device-plugin
icon: https://raw.githubusercontent.com/ROCm/k8s-device-plugin/master/helm/logo.png
home: https://github.com/RadeonOpenCompute/k8s-device-plugin
icon: https://raw.githubusercontent.com/RadeonOpenCompute/k8s-device-plugin/master/helm/logo.png
keywords:
- kubernetes
- cluster
@ -23,6 +23,6 @@ maintainers:
- name: Kenny Ho <Kenny.Ho@amd.com>
name: amd-gpu
sources:
- https://github.com/ROCm/k8s-device-plugin
- https://github.com/RadeonOpenCompute/k8s-device-plugin
type: application
version: 0.10.0
version: 0.11.0

4
charts/amd/amd-gpu/README.md
View File

@ -1,6 +1,6 @@
# AMD GPU Helm Chart
![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.5](https://img.shields.io/badge/AppVersion-1.25.2.5-informational?style=flat-square)
![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.6](https://img.shields.io/badge/AppVersion-1.25.2.6-informational?style=flat-square)
A Helm chart for deploying Kubernetes AMD GPU device plugin
@ -34,7 +34,7 @@ Kubernetes: `>= 1.18.0`
## More information
https://github.com/ROCm/k8s-device-plugin
https://github.com/RadeonOpenCompute/k8s-device-plugin
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

4
charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: v0.14.3
appVersion: v0.15.0
description: 'Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels. '
home: https://github.com/kubernetes-sigs/node-feature-discovery
@ -11,4 +11,4 @@ name: node-feature-discovery
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.14.3
version: 0.15.0

2
charts/amd/amd-gpu/charts/node-feature-discovery/README.md
View File

@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs.
See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.14/deployment/helm.html)
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
for deployment instructions.

105
charts/amd/amd-gpu/charts/node-feature-discovery/crds/nfd-api-crds.yaml
View File

@ -153,6 +153,11 @@ spec:
description: Rule defines a rule for node customization such as
labeling.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to create if the rule matches.
type: object
extendedResources:
additionalProperties:
type: string
@ -185,19 +190,16 @@ spec:
in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: "MatchExpression specifies an expression
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against. \n NB: CreateMatchExpression
or MustCreateMatchExpression() should be used
for creating new instances. \n NB: Validate()
must be called if Op or Value fields are modified
or if a new instance is created from scratch
without using the helper functions."
evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
@ -229,13 +231,46 @@ spec:
required:
- op
type: object
description: MatchExpressionSet contains a set of
MatchExpressions, each of which is evaluated against
a set of input values.
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
- matchExpressions
type: object
type: array
required:
@ -251,18 +286,16 @@ spec:
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: "MatchExpression specifies an expression
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against. \n NB: CreateMatchExpression or
MustCreateMatchExpression() should be used for creating
new instances. \n NB: Validate() must be called if
Op or Value fields are modified or if a new instance
is created from scratch without using the helper functions."
the input against.
properties:
op:
description: Op is the operator to be applied.
@ -292,12 +325,44 @@ spec:
required:
- op
type: object
description: MatchExpressionSet contains a set of MatchExpressions,
each of which is evaluated against a set of input values.
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
- matchExpressions
type: object
type: array
name:

7
charts/amd/amd-gpu/charts/node-feature-discovery/templates/cert-manager-certs.yaml
View File

@ -1,4 +1,5 @@
{{- if .Values.tls.certManager }}
{{- if .Values.master.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
@ -17,14 +18,13 @@ spec:
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
# localhost needed for grpc_health_probe
- localhost
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
---
{{- if .Values.worker.enable }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
@ -42,6 +42,7 @@ spec:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- if .Values.topologyUpdater.enable }}
---

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.master.rbac.create }}
{{- if and .Values.master.enable .Values.master.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.master.rbac.create }}
{{- if and .Values.master.enable .Values.master.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

28
charts/amd/amd-gpu/charts/node-feature-discovery/templates/master.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.master.enable }}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -41,29 +42,13 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
exec:
command:
- "/usr/bin/grpc_health_probe"
- "-addr=:{{ .Values.master.port | default "8080" }}"
{{- if .Values.tls.enable }}
- "-tls"
- "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
grpc:
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
exec:
command:
- "/usr/bin/grpc_health_probe"
- "-addr=:{{ .Values.master.port | default "8080" }}"
{{- if .Values.tls.enable }}
- "-tls"
- "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
grpc:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 10
@ -85,8 +70,8 @@ spec:
{{- if .Values.master.instance | empty | not }}
- "-instance={{ .Values.master.instance }}"
{{- end }}
- "-port={{ .Values.master.port | default "8080" }}"
{{- if not .Values.enableNodeFeatureApi }}
- "-port={{ .Values.master.port | default "8080" }}"
- "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election"
@ -157,3 +142,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

3
charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-gc.yaml
View File

@ -58,6 +58,9 @@ spec:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}}
{{- with .Values.gc.nodeSelector }}
nodeSelector:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-master-conf.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.master.enable }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -8,3 +9,4 @@ metadata:
data:
nfd-master.conf: |-
{{- .Values.master.config | toYaml | nindent 4 }}
{{- end }}

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-worker-conf.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.worker.enable }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -8,3 +9,4 @@ metadata:
data:
nfd-worker.conf: |-
{{- .Values.worker.config | toYaml | nindent 4 }}
{{- end }}

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/role.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.worker.rbac.create }}
{{- if and .Values.worker.enable .Values.worker.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/rolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.worker.rbac.create }}
{{- if and .Values.worker.enable .Values.worker.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:

2
charts/amd/amd-gpu/charts/node-feature-discovery/templates/service.yaml
View File

@ -1,3 +1,4 @@
{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }}
apiVersion: v1
kind: Service
metadata:
@ -16,3 +17,4 @@ spec:
selector:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
role: master
{{- end}}

4
charts/amd/amd-gpu/charts/node-feature-discovery/templates/serviceaccount.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.master.serviceAccount.create -}}
{{- if and .Values.master.enable .Values.master.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
@ -42,7 +42,7 @@ metadata:
{{- end }}
{{- end }}
{{- if .Values.worker.serviceAccount.create }}
{{- if and .Values.worker.enable .Values.worker.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount

12
charts/amd/amd-gpu/charts/node-feature-discovery/templates/worker.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.worker.enable }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
@ -44,13 +45,21 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
command:
- "nfd-worker"
args:
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
{{- if not .Values.enableNodeFeatureApi }}
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false"
{{- end }}
{{- if .Values.tls.enable }}
@ -150,3 +159,4 @@ spec:
{{- with .Values.worker.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- end }}

35
charts/amd/amd-gpu/charts/node-feature-discovery/values.yaml
View File

@ -13,8 +13,10 @@ namespaceOverride: ""
enableNodeFeatureApi: true
master:
enable: true
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
@ -45,6 +47,8 @@ master:
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080
# Deprecated this parameter is related to the deprecated gRPC API and will
# be removed with it in a future release
port: 8080
metricsPort: 8081
instance:
@ -130,6 +134,7 @@ master:
values: [""]
worker:
enable: true
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core:
# labelWhiteList:
@ -215,7 +220,7 @@ worker:
# # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule"
# labels:
# my-ng-feature: "true"
# "vendor.io/my-ng-feature": "true"
# # matchFeatures implements a logical AND over all matcher terms in the
# # list (i.e. all of the terms, or per-feature matchers, must match)
# matchFeatures:
@ -286,7 +291,7 @@ worker:
# # The following feature demonstrates the capabilities of the matchAny
# - name: "my matchAny rule"
# labels:
# my-ng-feature-2: "my-value"
# "vendor.io/my-ng-feature-2": "my-value"
# # matchAny implements a logical IF over all elements (sub-matchers) in
# # the list (i.e. at least one feature matcher must match)
# matchAny:
@ -307,10 +312,17 @@ worker:
# vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["02"]}
#
# - name: "avx wildcard rule"
# labels:
# "my-avx-feature": "true"
# matchFeatures:
# - feature: cpu.cpuid
# matchName: {op: InRegexp, value: ["^AVX512"]}
#
# # The following features demonstreate label templating capabilities
# - name: "my template rule"
# labelsTemplate: |
# {{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }}
# {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: system.osrelease
@ -320,7 +332,7 @@ worker:
#
# - name: "my template rule 2"
# labelsTemplate: |
# {{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
# {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
# {{ end }}
# matchFeatures:
# - feature: pci.device
@ -335,7 +347,7 @@ worker:
# # previous labels and vars
# - name: "my dummy kernel rule"
# labels:
# "my.kernel.feature": "true"
# "vendor.io/my.kernel.feature": "true"
# matchFeatures:
# - feature: kernel.version
# matchExpressions:
@ -350,13 +362,20 @@ worker:
#
# - name: "my rule using backrefs"
# labels:
# "my.backref.feature": "true"
# "vendor.io/my.backref.feature": "true"
# matchFeatures:
# - feature: rule.matched
# matchExpressions:
# my.kernel.feature: {op: IsTrue}
# vendor.io/my.kernel.feature: {op: IsTrue}
# my.dummy.var: {op: Gt, value: ["0"]}
#
# - name: "kconfig template rule"
# labelsTemplate: |
# {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
@ -493,6 +512,8 @@ gc:
# cpu: 100m
# memory: 128Mi
metricsPort: 8081
nodeSelector: {}
tolerations: []
annotations: {}

4
charts/amd/amd-gpu/values.yaml
View File

@ -10,13 +10,13 @@ dp:
image:
repository: docker.io/rocm/k8s-device-plugin
# Overrides the image tag whose default is the chart appVersion.
tag: "1.25.2.5"
tag: "1.25.2.6"
resources: {}
lbl:
image:
repository: docker.io/rocm/k8s-device-plugin
tag: "labeller-1.25.2.5"
tag: "labeller-1.25.2.6"
resources: {}
imagePullSecrets: []

6
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: DRY cleanup of ServiceAccounts
description: Updated documented default value for application.instanceLabelKey.
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.9.3
appVersion: v2.9.5
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.52.1
version: 5.53.8

12
charts/argo/argo-cd/README.md
View File

@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
### 5.52.0
Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
@ -446,7 +450,7 @@ NAME: my-release
|-----|------|---------|-------------|
| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache |
@ -481,6 +485,7 @@ NAME: my-release
| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. |
| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. |
| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... |
| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. |
| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap |
| configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. |
| configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. |
@ -489,6 +494,8 @@ NAME: my-release
| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret |
| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password |
| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` |
| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events |
| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events |
| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events |
| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events |
| configs.secret.createSecret | bool | `true` | Create the argocd-secret |
@ -609,6 +616,7 @@ NAME: my-release
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
@ -1033,7 +1041,7 @@ The main options are listed here:
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"redis"` | Redis repository |
| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |

10
charts/argo/argo-cd/templates/argocd-application-controller/role.yaml
View File

@ -34,4 +34,12 @@ rules:
- events
verbs:
- create
- list
- list
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch

6
charts/argo/argo-cd/templates/argocd-configs/argocd-secret.yaml
View File

@ -16,7 +16,7 @@ metadata:
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- with .Values.configs.secret.githubSecret }}
@ -34,6 +34,10 @@ data:
{{- with .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ . | b64enc }}
{{- end }}
{{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }}
webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
{{- end }}
{{- with .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .key | b64enc }}
tls.crt: {{ .crt | b64enc }}

20
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -373,14 +373,30 @@ spec:
{{- end }}
{{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
- name: helm-working-dir
{{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
{{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
- name: plugins
{{- if .Values.repoServer.existingVolumes.plugins -}}
{{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: var-files
{{- if .Values.repoServer.existingVolumes.varFiles -}}
{{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
{{- if .Values.repoServer.existingVolumes.tmp -}}
{{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
@ -391,7 +407,11 @@ spec:
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
{{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
{{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }}
{{- else }}
emptyDir: {}
{{- end }}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls

34
charts/argo/argo-cd/values.yaml
View File

@ -161,7 +161,6 @@ configs:
url: ""
# -- The name of tracking label used by Argo CD for resource pruning
# @default -- Defaults to app.kubernetes.io/instance
application.instanceLabelKey: argocd.argoproj.io/instance
# -- Enable logs RBAC enforcement
@ -291,7 +290,7 @@ configs:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# policy.csv |
# policy.csv: |
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow
@ -303,6 +302,9 @@ configs:
# The scope value can be a string, or a list of strings.
scopes: "[groups]"
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
policy.matchMode: "glob"
# GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg:
@ -516,6 +518,12 @@ configs:
bitbucketUUID: ""
# -- Shared secret for authenticating Gogs webhook events
gogsSecret: ""
## Azure DevOps
azureDevops:
# -- Shared secret username for authenticating Azure DevOps webhook events
username: ""
# -- Shared secret password for authenticating Azure DevOps webhook events
password: ""
# -- add additional secrets to be added to argocd-secret
## Custom secrets. Useful for injecting SSO secrets into environment variables.
@ -1395,7 +1403,7 @@ redis-ha:
## Redis image
image:
# -- Redis repository
repository: redis
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.13-alpine
## Prometheus redis-exporter sidecar
@ -1577,6 +1585,8 @@ server:
## Argo CD extensions
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
extensions:
# -- Enable support for Argo CD extensions
enabled: false
@ -2217,6 +2227,24 @@ repoServer:
# - name: cmp-tmp
# emptyDir: {}
# -- Volumes to be used in replacement of emptydir on default volumes
existingVolumes: {}
# gpgKeyring:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-keyring
# helmWorkingDir:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-workdir
# tmp:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-tmp
# varFiles:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-varfiles
# plugins:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
# -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir: true

8
charts/bitnami/airflow/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.6.1
version: 18.7.0
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.2.27
version: 13.3.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1
digest: sha256:bef0f24c8d9770d8e345aa48d54af3e778dce58c14f2219899cd8ad5a4e15b9c
generated: "2024-01-03T11:43:19.465902594Z"
digest: sha256:5ccdd0a9b98fdac3ad60b2fe1fe5776e2aa267addd60501166de8166377bad94
generated: "2024-01-17T19:54:42.562153805Z"

8
charts/bitnami/airflow/Chart.yaml
View File

@ -6,17 +6,17 @@ annotations:
category: WorkFlow
images: |
- name: airflow-exporter
image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r441
image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r443
- name: airflow-scheduler
image: docker.io/bitnami/airflow-scheduler:2.8.0-debian-11-r1
- name: airflow-worker
image: docker.io/bitnami/airflow-worker:2.8.0-debian-11-r1
- name: airflow
image: docker.io/bitnami/airflow:2.8.0-debian-11-r1
image: docker.io/bitnami/airflow:2.8.0-debian-11-r2
- name: git
image: docker.io/bitnami/git:2.43.0-debian-11-r5
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r93
image: docker.io/bitnami/os-shell:11-debian-11-r94
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.8.0
@ -50,4 +50,4 @@ maintainers:
name: airflow
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.1.11
version: 16.4.0

32
charts/bitnami/airflow/README.md
View File

@ -148,8 +148,12 @@ The command removes all the Kubernetes components associated with the chart and
| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `web.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
@ -157,6 +161,7 @@ The command removes all the Kubernetes components associated with the chart and
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
| `web.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `web.hostAliases` | Deployment pod host aliases | `[]` |
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
@ -199,14 +204,30 @@ The command removes all the Kubernetes components associated with the chart and
| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` |
| `scheduler.livenessProbe.enabled` | Enable livenessProbe on Airflow scheduler containers | `true` |
| `scheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `scheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `scheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `scheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `scheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `scheduler.readinessProbe.enabled` | Enable readinessProbe on Airflow scheduler containers | `true` |
| `scheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `scheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `scheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `scheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `scheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` |
| `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` |
| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` |
| `scheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `scheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `scheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` |
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
@ -214,6 +235,7 @@ The command removes all the Kubernetes components associated with the chart and
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
| `scheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
@ -281,8 +303,12 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` |
| `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` |
| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` |
| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` |
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
@ -290,6 +316,7 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `worker.hostAliases` | Deployment pod host aliases | `[]` |
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
@ -429,8 +456,12 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.resources.limits` | The resources limits for the container | `{}` |
| `metrics.resources.requests` | The requested resources for the container | `{}` |
| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
@ -438,6 +469,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |

6
charts/bitnami/airflow/charts/postgresql/Chart.yaml
View File

@ -4,9 +4,9 @@ annotations:
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r93
- name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r4
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r5
- name: postgresql
image: docker.io/bitnami/postgresql:16.1.0-debian-11-r18
image: docker.io/bitnami/postgresql:16.1.0-debian-11-r19
licenses: Apache-2.0
apiVersion: v2
appVersion: 16.1.0
@ -34,4 +34,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 13.2.27
version: 13.3.0

22
charts/bitnami/airflow/charts/postgresql/README.md
View File

@ -208,8 +208,12 @@ kubectl delete pvc -l release=my-release
| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` |
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
| `primary.podSecurityContext.enabled` | Enable security context | `true` |
| `primary.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `primary.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `primary.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -308,8 +312,12 @@ kubectl delete pvc -l release=my-release
| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` |
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
| `readReplicas.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `readReplicas.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `readReplicas.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -384,8 +392,12 @@ kubectl delete pvc -l release=my-release
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -438,6 +450,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
@ -448,9 +461,9 @@ kubectl delete pvc -l release=my-release
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` |
| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` |
| `rbac.rules` | Custom RBAC rules to set | `[]` |
@ -470,6 +483,7 @@ kubectl delete pvc -l release=my-release
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -546,7 +560,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postg
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@ -740,7 +754,7 @@ Refer to the [chart documentation for more information about how to upgrade from
## License
Copyright &copy; 2023 VMware, Inc.
Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
charts/bitnami/airflow/charts/postgresql/templates/backup/cronjob.yaml
View File

@ -74,7 +74,7 @@ spec:
value: {{ .Values.backup.cronjob.storage.mountPath }}
{{- if .Values.tls.enabled }}
- name: PGSSLROOTCERT
{{- if .Values.tls.autoGenerated -}}
{{- if .Values.tls.autoGenerated }}
value: /tmp/certs/ca.crt
{{- else }}
value: {{- printf "/tmp/certs/%s" .Values.tls.certCAFilename -}}

54
charts/bitnami/airflow/charts/postgresql/values.yaml
View File

@ -98,11 +98,11 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 16.1.0-debian-11-r18
tag: 16.1.0-debian-11-r19
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -438,7 +438,7 @@ primary:
##
lifecycleHooks: {}
## PostgreSQL Primary resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers
## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers
## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers
@ -451,14 +451,21 @@ primary:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.podSecurityContext.enabled Enable security context
## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param primary.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
## @param primary.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
@ -469,6 +476,7 @@ primary:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -533,7 +541,7 @@ primary:
##
affinity: {}
## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment
@ -802,7 +810,7 @@ readReplicas:
##
lifecycleHooks: {}
## PostgreSQL read only resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers
## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers
## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers
@ -815,14 +823,21 @@ readReplicas:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.podSecurityContext.enabled Enable security context
## @param readReplicas.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param readReplicas.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param readReplicas.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
## @param readReplicas.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
@ -833,6 +848,7 @@ readReplicas:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -897,7 +913,7 @@ readReplicas:
##
affinity: {}
## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment
@ -1104,13 +1120,20 @@ backup:
## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
restartPolicy: OnFailure
## @param backup.cronjob.podSecurityContext.enabled Enable PodSecurityContext for CronJob/Backup
## @param backup.cronjob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param backup.cronjob.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param backup.cronjob.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the CronJob
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
## @param backup.cronjob.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
@ -1120,6 +1143,7 @@ backup:
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -1140,7 +1164,7 @@ backup:
## @param backup.cronjob.annotations Set the cronjob annotations
annotations: {}
## @param backup.cronjob.nodeSelector Node labels for PostgreSQL backup CronJob pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
##
nodeSelector: {}
storage:
@ -1312,7 +1336,7 @@ volumePermissions:
##
pullSecrets: []
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
##
@ -1322,12 +1346,14 @@ volumePermissions:
## Init container' Security Context
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser
## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
## @param volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container
## @param volumePermissions.containerSecurityContext.runAsNonRoot runAsNonRoot for the init container
## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container
##
containerSecurityContext:
seLinuxOptions: {}
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
@ -1348,7 +1374,7 @@ serviceBindings:
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod
##
create: false
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
@ -1356,7 +1382,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@ -1401,7 +1427,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.15.0-debian-11-r4
tag: 0.15.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1443,6 +1469,7 @@ metrics:
## PostgreSQL Prometheus exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
@ -1453,6 +1480,7 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -1520,7 +1548,7 @@ metrics:
containerPorts:
metrics: 9187
## PostgreSQL Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container
## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container
##
@ -1540,7 +1568,7 @@ metrics:
clusterIP: ""
## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint

12
charts/bitnami/airflow/charts/redis/Chart.yaml
View File

@ -2,16 +2,16 @@ annotations:
category: Database
images: |
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92
image: docker.io/bitnami/os-shell:11-debian-11-r93
- name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r3
image: docker.io/bitnami/redis-exporter:1.56.0-debian-11-r0
- name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r2
image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r0
- name: redis
image: docker.io/bitnami/redis:7.2.3-debian-11-r2
image: docker.io/bitnami/redis:7.2.4-debian-11-r0
licenses: Apache-2.0
apiVersion: v2
appVersion: 7.2.3
appVersion: 7.2.4
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
@ -33,4 +33,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.6.1
version: 18.7.0

67
charts/bitnami/airflow/charts/redis/README.md
View File

@ -163,8 +163,12 @@ The command removes all the Kubernetes components associated with the chart and
| `master.resources.limits` | The resources limits for the Redis&reg; master containers | `{}` |
| `master.resources.requests` | The requested resources for the Redis&reg; master containers | `{}` |
| `master.podSecurityContext.enabled` | Enabled Redis&reg; master pods' Security Context | `true` |
| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `master.podSecurityContext.fsGroup` | Set Redis&reg; master pod's Security Context fsGroup | `1001` |
| `master.containerSecurityContext.enabled` | Enabled Redis&reg; master containers' Security Context | `true` |
| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `master.containerSecurityContext.runAsUser` | Set Redis&reg; master containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsGroup` | Set Redis&reg; master containers' Security Context runAsGroup | `0` |
| `master.containerSecurityContext.runAsNonRoot` | Set Redis&reg; master containers' Security Context runAsNonRoot | `true` |
@ -228,9 +232,9 @@ The command removes all the Kubernetes components associated with the chart and
| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` |
| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `master.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` |
| `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
| `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
### Redis&reg; replicas configuration parameters
@ -277,8 +281,12 @@ The command removes all the Kubernetes components associated with the chart and
| `replica.resources.limits` | The resources limits for the Redis&reg; replicas containers | `{}` |
| `replica.resources.requests` | The requested resources for the Redis&reg; replicas containers | `{}` |
| `replica.podSecurityContext.enabled` | Enabled Redis&reg; replicas pods' Security Context | `true` |
| `replica.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `replica.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `replica.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `replica.podSecurityContext.fsGroup` | Set Redis&reg; replicas pod's Security Context fsGroup | `1001` |
| `replica.containerSecurityContext.enabled` | Enabled Redis&reg; replicas containers' Security Context | `true` |
| `replica.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `replica.containerSecurityContext.runAsUser` | Set Redis&reg; replicas containers' Security Context runAsUser | `1001` |
| `replica.containerSecurityContext.runAsGroup` | Set Redis&reg; replicas containers' Security Context runAsGroup | `0` |
| `replica.containerSecurityContext.runAsNonRoot` | Set Redis&reg; replicas containers' Security Context runAsNonRoot | `true` |
@ -346,9 +354,9 @@ The command removes all the Kubernetes components associated with the chart and
| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` |
| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` |
| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` |
| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
| `replica.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `replica.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` |
| `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
| `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
### Redis&reg; Sentinel configuration parameters
@ -420,6 +428,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.resources.limits` | The resources limits for the Redis&reg; Sentinel containers | `{}` |
| `sentinel.resources.requests` | The requested resources for the Redis&reg; Sentinel containers | `{}` |
| `sentinel.containerSecurityContext.enabled` | Enabled Redis&reg; Sentinel containers' Security Context | `true` |
| `sentinel.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `sentinel.containerSecurityContext.runAsUser` | Set Redis&reg; Sentinel containers' Security Context runAsUser | `1001` |
| `sentinel.containerSecurityContext.runAsGroup` | Set Redis&reg; Sentinel containers' Security Context runAsGroup | `0` |
| `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis&reg; Sentinel containers' Security Context runAsNonRoot | `true` |
@ -466,7 +475,7 @@ The command removes all the Kubernetes components associated with the chart and
| `rbac.rules` | Custom RBAC rules to set | `[]` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` |
| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` |
| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` |
@ -517,6 +526,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.extraArgs` | Extra arguments for Redis&reg; exporter, for example: | `{}` |
| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis&reg; exporter | `[]` |
| `metrics.containerSecurityContext.enabled` | Enabled Redis&reg; exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.containerSecurityContext.runAsUser` | Set Redis&reg; exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Set Redis&reg; exporter containers' Security Context runAsGroup | `0` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Redis&reg; exporter containers' Security Context runAsNonRoot | `true` |
@ -567,27 +577,28 @@ The command removes all the Kubernetes components associated with the chart and
### Init Container Parameters
| Name | Description | Value |
| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` |
| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctl.resources.limits` | The resources limits for the init container | `{}` |
| `sysctl.resources.requests` | The requested resources for the init container | `{}` |
| Name | Description | Value |
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` |
| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` |
| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctl.resources.limits` | The resources limits for the init container | `{}` |
| `sysctl.resources.requests` | The requested resources for the init container | `{}` |
### useExternalDNS Parameters
@ -623,7 +634,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/redis
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@ -1007,7 +1018,7 @@ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remo
## License
Copyright &copy; 2023 VMware, Inc.
Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
charts/bitnami/airflow/charts/redis/templates/sentinel/node-services.yaml
View File

@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- range $i := until (int .Values.replica.replicaCount) }}
{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
{{ $sentinelport := 0}}
{{ $redisport := 0}}
@ -20,7 +20,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" $ }}-node-{{ $i }}
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: node
{{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }}

68
charts/bitnami/airflow/charts/redis/values.yaml
View File

@ -94,11 +94,11 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
tag: 7.2.3-debian-11-r2
tag: 7.2.4-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -266,7 +266,7 @@ master:
##
customReadinessProbe: {}
## Redis&reg; master resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param master.resources.limits The resources limits for the Redis&reg; master containers
## @param master.resources.requests The requested resources for the Redis&reg; master containers
##
@ -276,14 +276,21 @@ master:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param master.podSecurityContext.enabled Enabled Redis&reg; master pods' Security Context
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param master.podSecurityContext.fsGroup Set Redis&reg; master pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param master.containerSecurityContext.enabled Enabled Redis&reg; master containers' Security Context
## @param master.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param master.containerSecurityContext.runAsUser Set Redis&reg; master containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsGroup Set Redis&reg; master containers' Security Context runAsGroup
## @param master.containerSecurityContext.runAsNonRoot Set Redis&reg; master containers' Security Context runAsNonRoot
@ -293,6 +300,7 @@ master:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
@ -372,7 +380,7 @@ master:
##
affinity: {}
## @param master.nodeSelector Node labels for Redis&reg; master pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param master.tolerations Tolerations for Redis&reg; master pods assignment
@ -435,7 +443,7 @@ master:
##
initContainers: []
## Persistence parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param master.persistence.enabled Enable persistence on Redis&reg; master nodes using Persistent Volume Claims
@ -576,7 +584,7 @@ master:
serviceAccount:
## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: false
create: true
## @param master.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
@ -584,7 +592,7 @@ master:
## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@ -709,7 +717,7 @@ replica:
##
customReadinessProbe: {}
## Redis&reg; replicas resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param replica.resources.limits The resources limits for the Redis&reg; replicas containers
## @param replica.resources.requests The requested resources for the Redis&reg; replicas containers
##
@ -727,14 +735,21 @@ replica:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param replica.podSecurityContext.enabled Enabled Redis&reg; replicas pods' Security Context
## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param replica.podSecurityContext.fsGroup Set Redis&reg; replicas pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param replica.containerSecurityContext.enabled Enabled Redis&reg; replicas containers' Security Context
## @param replica.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param replica.containerSecurityContext.runAsUser Set Redis&reg; replicas containers' Security Context runAsUser
## @param replica.containerSecurityContext.runAsGroup Set Redis&reg; replicas containers' Security Context runAsGroup
## @param replica.containerSecurityContext.runAsNonRoot Set Redis&reg; replicas containers' Security Context runAsNonRoot
@ -744,6 +759,7 @@ replica:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
@ -823,7 +839,7 @@ replica:
##
affinity: {}
## @param replica.nodeSelector Node labels for Redis&reg; replicas pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param replica.tolerations Tolerations for Redis&reg; replicas pods assignment
@ -886,7 +902,7 @@ replica:
##
initContainers: []
## Persistence Parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param replica.persistence.enabled Enable persistence on Redis&reg; replicas nodes using Persistent Volume Claims
@ -1037,7 +1053,7 @@ replica:
serviceAccount:
## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: false
create: true
## @param replica.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
@ -1045,7 +1061,7 @@ replica:
## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@ -1071,11 +1087,11 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.2.3-debian-11-r2
tag: 7.2.4-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1213,7 +1229,7 @@ sentinel:
##
customReadinessProbe: {}
## Persistence parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param sentinel.persistence.enabled Enable persistence on Redis&reg; sentinel nodes using Persistent Volume Claims (Experimental)
@ -1265,7 +1281,7 @@ sentinel:
whenScaled: Retain
whenDeleted: Retain
## Redis&reg; Sentinel resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param sentinel.resources.limits The resources limits for the Redis&reg; Sentinel containers
## @param sentinel.resources.requests The requested resources for the Redis&reg; Sentinel containers
##
@ -1275,6 +1291,7 @@ sentinel:
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param sentinel.containerSecurityContext.enabled Enabled Redis&reg; Sentinel containers' Security Context
## @param sentinel.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param sentinel.containerSecurityContext.runAsUser Set Redis&reg; Sentinel containers' Security Context runAsUser
## @param sentinel.containerSecurityContext.runAsGroup Set Redis&reg; Sentinel containers' Security Context runAsGroup
## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis&reg; Sentinel containers' Security Context runAsNonRoot
@ -1284,6 +1301,7 @@ sentinel:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
@ -1487,7 +1505,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@ -1554,7 +1572,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/redis-exporter
tag: 1.55.0-debian-11-r3
tag: 1.56.0-debian-11-r0
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1641,6 +1659,7 @@ metrics:
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.containerSecurityContext.enabled Enabled Redis&reg; exporter containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set Redis&reg; exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set Redis&reg; exporter containers' Security Context runAsGroup
## @param metrics.containerSecurityContext.runAsNonRoot Set Redis&reg; exporter containers' Security Context runAsNonRoot
@ -1650,6 +1669,7 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
@ -1666,7 +1686,7 @@ metrics:
##
extraVolumeMounts: []
## Redis&reg; exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param metrics.resources.limits The resources limits for the Redis&reg; exporter container
## @param metrics.resources.requests The requested resources for the Redis&reg; exporter container
##
@ -1870,7 +1890,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r92
tag: 11-debian-11-r93
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1882,7 +1902,7 @@ volumePermissions:
##
pullSecrets: []
## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container
##
@ -1891,12 +1911,14 @@ volumePermissions:
requests: {}
## Init container Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
##
containerSecurityContext:
seLinuxOptions: {}
runAsUser: 0
## init-sysctl container parameters
@ -1918,7 +1940,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r92
tag: 11-debian-11-r93
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1936,7 +1958,7 @@ sysctl:
##
mountHostSys: false
## Init container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param sysctl.resources.limits The resources limits for the init container
## @param sysctl.resources.requests The requested resources for the init container
##

1
charts/bitnami/airflow/templates/config/configmap.yaml
View File

@ -36,6 +36,7 @@ data:
{{- end }}
spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
{{- if .Values.worker.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
{{- end }}

1
charts/bitnami/airflow/templates/metrics/deployment.yaml
View File

@ -32,6 +32,7 @@ spec:
app.kubernetes.io/component: metrics
spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.metrics.automountServiceAccountToken }}
{{- if .Values.metrics.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.hostAliases "context" $) | nindent 8 }}
{{- end }}

17
charts/bitnami/airflow/templates/scheduler/deployment.yaml
View File

@ -36,6 +36,7 @@ spec:
{{- end }}
spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.scheduler.automountServiceAccountToken }}
{{- if .Values.scheduler.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.hostAliases "context" $) | nindent 8 }}
{{- end }}
@ -149,9 +150,25 @@ spec:
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.scheduler.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customLivenessProbe "context" $) | trim | nindent 12 }}
{{- else if .Values.scheduler.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.scheduler.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
airflow jobs check --job-type SchedulerJob --local {{- if not .Values.diagnosticMode.enabled }} 2>/dev/null {{- end }}
{{- end }}
{{- if .Values.scheduler.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customReadinessProbe "context" $) | trim | nindent 12 }}
{{- else if .Values.scheduler.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.scheduler.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bin/bash
- -ec
- |
airflow jobs check --job-type SchedulerJob --local {{- if not .Values.diagnosticMode.enabled }} 2>/dev/null {{- end }}
{{- end }}
{{- if .Values.scheduler.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.customStartupProbe "context" $) | nindent 12 }}

1
charts/bitnami/airflow/templates/web/deployment.yaml
View File

@ -35,6 +35,7 @@ spec:
{{- end }}
spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.web.automountServiceAccountToken }}
{{- if .Values.web.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.web.hostAliases "context" $) | nindent 8 }}
{{- end }}

1
charts/bitnami/airflow/templates/worker/statefulset.yaml
View File

@ -40,6 +40,7 @@ spec:
app.kubernetes.io/component: worker
spec:
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
{{- if .Values.worker.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
{{- end }}

80
charts/bitnami/airflow/values.yaml
View File

@ -121,7 +121,7 @@ dags:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r93
tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -188,7 +188,7 @@ web:
image:
registry: docker.io
repository: bitnami/airflow
tag: 2.8.0-debian-11-r1
tag: 2.8.0-debian-11-r2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -301,14 +301,21 @@ web:
## Configure Airflow web pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param web.podSecurityContext.enabled Enabled Airflow web pods' Security Context
## @param web.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param web.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param web.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param web.podSecurityContext.fsGroup Set Airflow web pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Airflow web containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context
## @param web.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser
## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
@ -318,6 +325,7 @@ web:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -329,6 +337,9 @@ web:
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param web.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param web.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -495,6 +506,36 @@ scheduler:
## @param scheduler.extraEnvVarsSecrets List of secrets with extra environment variables for Airflow scheduler pods
##
extraEnvVarsSecrets: []
## Configure extra options for Airflow scheduler containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param scheduler.livenessProbe.enabled Enable livenessProbe on Airflow scheduler containers
## @param scheduler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param scheduler.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param scheduler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param scheduler.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param scheduler.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 180
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param scheduler.readinessProbe.enabled Enable readinessProbe on Airflow scheduler containers
## @param scheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param scheduler.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param scheduler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param scheduler.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param scheduler.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param scheduler.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
@ -515,14 +556,21 @@ scheduler:
## Configure Airflow scheduler pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param scheduler.podSecurityContext.enabled Enabled Airflow scheduler pods' Security Context
## @param scheduler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param scheduler.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param scheduler.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param scheduler.podSecurityContext.fsGroup Set Airflow scheduler pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Airflow scheduler containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
## @param scheduler.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
@ -532,6 +580,7 @@ scheduler:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -543,6 +592,9 @@ scheduler:
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param scheduler.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param scheduler.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -777,14 +829,21 @@ worker:
## Configure Airflow worker pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param worker.podSecurityContext.enabled Enabled Airflow worker pods' Security Context
## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param worker.podSecurityContext.fsGroup Set Airflow worker pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Airflow worker containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
## @param worker.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
@ -794,6 +853,7 @@ worker:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -805,6 +865,9 @@ worker:
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param worker.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param worker.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -1316,7 +1379,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/airflow-exporter
tag: 0.20220314.0-debian-11-r441
tag: 0.20220314.0-debian-11-r443
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1351,14 +1414,21 @@ metrics:
## Airflow exporter pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param metrics.podSecurityContext.enabled Enable security context for the pods
## @param metrics.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param metrics.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param metrics.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param metrics.podSecurityContext.fsGroup Set Airflow exporter pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Airflow exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context
## @param metrics.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
@ -1374,6 +1444,7 @@ metrics:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -1385,6 +1456,9 @@ metrics:
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param metrics.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param metrics.hostAliases Airflow exporter pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##

6
charts/bitnami/cassandra/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-11-07T11:38:22.303262695Z"
version: 2.14.1
digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
generated: "2024-01-17T19:55:21.831469725Z"

8
charts/bitnami/cassandra/Chart.yaml
View File

@ -6,11 +6,11 @@ annotations:
category: Database
images: |
- name: cassandra-exporter
image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r431
image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r433
- name: cassandra
image: docker.io/bitnami/cassandra:4.1.3-debian-11-r78
image: docker.io/bitnami/cassandra:4.1.3-debian-11-r81
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92
image: docker.io/bitnami/os-shell:11-debian-11-r94
licenses: Apache-2.0
apiVersion: v2
appVersion: 4.1.3
@ -35,4 +35,4 @@ maintainers:
name: cassandra
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra
version: 10.6.9
version: 10.8.0

28
charts/bitnami/cassandra/README.md
View File

@ -119,6 +119,7 @@ The command removes all the Kubernetes components associated with the chart and
| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of Cassandra replicas | `1` |
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` |
| `priorityClassName` | Cassandra pods' priority. | `""` |
@ -134,8 +135,12 @@ The command removes all the Kubernetes components associated with the chart and
| `tolerations` | Tolerations for pod assignment | `[]` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
@ -233,17 +238,18 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters
| Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
| Name | Description | Value |
| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters

4
charts/bitnami/cassandra/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.3
appVersion: 2.14.1
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.3
version: 2.14.1

4
charts/bitnami/cassandra/charts/common/README.md
View File

@ -24,14 +24,14 @@ data:
myvalue: "Hello World"
```
Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.23+

22
charts/bitnami/cassandra/charts/common/templates/_secrets.tpl
View File

@ -78,6 +78,8 @@ Params:
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
- skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
- skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@ -91,7 +93,6 @@ The order in which this function returns a secret password:
{{- $password := "" }}
{{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@ -99,12 +100,14 @@ The order in which this function returns a secret password:
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }}
{{- else if $failOnNew }}
{{- $password = index $secretData .key | b64dec }}
{{- else if not (eq .failOnNew false) }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- $password = $providedPasswordValue | toString }}
{{- else }}
{{- if .context.Values.enabled }}
@ -120,12 +123,19 @@ The order in which this function returns a secret password:
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- $password = randAlphaNum $passwordLength }}
{{- end }}
{{- end -}}
{{- if not .skipB64enc }}
{{- $password = $password | b64enc }}
{{- end -}}
{{- if .skipQuote -}}
{{- printf "%s" $password -}}
{{- else -}}
{{- printf "%s" $password | quote -}}
{{- end -}}
{{- end -}}
{{/*

1
charts/bitnami/cassandra/templates/statefulset.yaml
View File

@ -34,6 +34,7 @@ spec:
{{- end }}
spec:
{{- include "cassandra.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}

19
charts/bitnami/cassandra/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/cassandra
tag: 4.1.3-debian-11-r78
tag: 4.1.3-debian-11-r81
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -214,6 +214,9 @@ replicaCount: 1
##
updateStrategy:
type: RollingUpdate
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -279,14 +282,21 @@ topologySpreadConstraints: []
## Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled Cassandra pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Set Cassandra pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
@ -297,6 +307,7 @@ podSecurityContext:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -628,7 +639,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r92
tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -664,6 +675,7 @@ volumePermissions:
## Init container Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below volumePermissions.securityContext.runAsUser
## @param volumePermissions.securityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.securityContext.runAsUser User ID for the init container
##
## When runAsUser is set to special value "auto", init container will try to chwon the
@ -673,6 +685,7 @@ volumePermissions:
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
##
securityContext:
seLinuxOptions: {}
runAsUser: 0
## @section Metrics parameters
@ -696,7 +709,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/cassandra-exporter
tag: 2.3.8-debian-11-r431
tag: 2.3.8-debian-11-r433
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

6
charts/bitnami/kafka/Chart.lock
View File

@ -1,9 +1,9 @@
dependencies:
- name: zookeeper
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.4.0
version: 12.5.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1
digest: sha256:436dc8df38da8dfade2782e499dfea25d0dd1ed683bb42c8cc9f6b97f3ea66fe
generated: "2023-12-22T14:05:20.981818545Z"
digest: sha256:e4feec8f181106637521ad9f041bab689837c3793a890cbd82d0fe386eb7b4b3
generated: "2024-01-17T19:59:13.138728344Z"

12
charts/bitnami/kafka/Chart.yaml
View File

@ -6,15 +6,15 @@ annotations:
category: Infrastructure
images: |
- name: jmx-exporter
image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r2
image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r3
- name: kafka-exporter
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r134
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r136
- name: kafka
image: docker.io/bitnami/kafka:3.6.1-debian-11-r0
image: docker.io/bitnami/kafka:3.6.1-debian-11-r1
- name: kubectl
image: docker.io/bitnami/kubectl:1.29.0-debian-11-r0
image: docker.io/bitnami/kubectl:1.29.0-debian-11-r2
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r92
image: docker.io/bitnami/os-shell:11-debian-11-r94
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.6.1
@ -45,4 +45,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 26.6.3
version: 26.8.0

46
charts/bitnami/kafka/README.md
View File

@ -231,9 +231,13 @@ The command removes all the Kubernetes components associated with the chart and
| `controller.resources.limits` | The resources limits for the container | `{}` |
| `controller.resources.requests` | The requested resources for the container | `{}` |
| `controller.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `controller.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `controller.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `controller.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `controller.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` |
| `controller.podSecurityContext.seccompProfile.type` | Set Kafka pods's Security Context seccomp profile | `RuntimeDefault` |
| `controller.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` |
| `controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `controller.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` |
| `controller.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` |
| `controller.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` |
@ -332,9 +336,13 @@ The command removes all the Kubernetes components associated with the chart and
| `broker.resources.limits` | The resources limits for the container | `{}` |
| `broker.resources.requests` | The requested resources for the container | `{}` |
| `broker.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `broker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `broker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `broker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `broker.podSecurityContext.fsGroup` | Set Kafka pod's Security Context fsGroup | `1001` |
| `broker.podSecurityContext.seccompProfile.type` | Set Kafka pod's Security Context seccomp profile | `RuntimeDefault` |
| `broker.containerSecurityContext.enabled` | Enable Kafka containers' Security Context | `true` |
| `broker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `broker.containerSecurityContext.runAsUser` | Set Kafka containers' Security Context runAsUser | `1001` |
| `broker.containerSecurityContext.runAsNonRoot` | Set Kafka containers' Security Context runAsNonRoot | `true` |
| `broker.containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as non-privileged | `false` |
@ -404,6 +412,7 @@ The command removes all the Kubernetes components associated with the chart and
| `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` |
@ -420,6 +429,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.containerSecurityContext.enabled` | Enable Kafka auto-discovery containers' Security Context | `true` |
| `externalAccess.autoDiscovery.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `externalAccess.autoDiscovery.containerSecurityContext.runAsUser` | Set Kafka auto-discovery containers' Security Context runAsUser | `1001` |
| `externalAccess.autoDiscovery.containerSecurityContext.runAsNonRoot` | Set Kafka auto-discovery containers' Security Context runAsNonRoot | `true` |
| `externalAccess.autoDiscovery.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka auto-discovery containers' Security Context allowPrivilegeEscalation | `false` |
@ -433,6 +443,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.controller.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
| `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
@ -448,6 +459,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.broker.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
| `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
@ -465,17 +477,18 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| Name | Description | Value |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Other Parameters
@ -530,9 +543,13 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.kafka.resources.limits` | The resources limits for the container | `{}` |
| `metrics.kafka.resources.requests` | The requested resources for the container | `{}` |
| `metrics.kafka.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `metrics.kafka.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `metrics.kafka.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `metrics.kafka.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `metrics.kafka.podSecurityContext.fsGroup` | Set Kafka exporter pod's Security Context fsGroup | `1001` |
| `metrics.kafka.podSecurityContext.seccompProfile.type` | Set Kafka exporter pod's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.kafka.containerSecurityContext.enabled` | Enable Kafka exporter containers' Security Context | `true` |
| `metrics.kafka.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.kafka.containerSecurityContext.runAsUser` | Set Kafka exporter containers' Security Context runAsUser | `1001` |
| `metrics.kafka.containerSecurityContext.runAsNonRoot` | Set Kafka exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.kafka.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka exporter containers' Security Context allowPrivilegeEscalation | `false` |
@ -572,6 +589,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` |
| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` |
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set Prometheus JMX exporter containers' Security Context allowPrivilegeEscalation | `false` |
@ -644,9 +662,13 @@ The command removes all the Kubernetes components associated with the chart and
| `provisioning.resources.limits` | The resources limits for the Kafka provisioning container | `{}` |
| `provisioning.resources.requests` | The requested resources for the Kafka provisioning container | `{}` |
| `provisioning.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `provisioning.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `provisioning.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `provisioning.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `provisioning.podSecurityContext.fsGroup` | Set Kafka provisioning pod's Security Context fsGroup | `1001` |
| `provisioning.podSecurityContext.seccompProfile.type` | Set Kafka provisioning pod's Security Context seccomp profile | `RuntimeDefault` |
| `provisioning.containerSecurityContext.enabled` | Enable Kafka provisioning containers' Security Context | `true` |
| `provisioning.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `provisioning.containerSecurityContext.runAsUser` | Set Kafka provisioning containers' Security Context runAsUser | `1001` |
| `provisioning.containerSecurityContext.runAsNonRoot` | Set Kafka provisioning containers' Security Context runAsNonRoot | `true` |
| `provisioning.containerSecurityContext.allowPrivilegeEscalation` | Set Kafka provisioning containers' Security Context allowPrivilegeEscalation | `false` |
@ -1476,4 +1498,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.

6
charts/bitnami/kafka/charts/zookeeper/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-11-08T15:19:54.720987032Z"
version: 2.14.1
digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3
generated: "2024-01-01T00:08:42.872982603Z"

6
charts/bitnami/kafka/charts/zookeeper/Chart.yaml
View File

@ -2,9 +2,9 @@ annotations:
category: Infrastructure
images: |
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r91
image: docker.io/bitnami/os-shell:11-debian-11-r93
- name: zookeeper
image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r2
image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r5
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.9.1
@ -26,4 +26,4 @@ maintainers:
name: zookeeper
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.4.0
version: 12.5.0

41
charts/bitnami/kafka/charts/zookeeper/README.md
View File

@ -111,8 +111,8 @@ The command removes all the Kubernetes components associated with the chart and
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` |
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` |
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `10` |
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `1` |
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
| `dataLogDir` | Dedicated data log directory | `""` |
@ -161,8 +161,12 @@ The command removes all the Kubernetes components associated with the chart and
| `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` |
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
@ -228,9 +232,9 @@ The command removes all the Kubernetes components associated with the chart and
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for ZooKeeper pod | `false` |
| `serviceAccount.create` | Enable creation of ServiceAccount for ZooKeeper pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
### Persistence parameters
@ -251,18 +255,19 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| Name | Description | Value |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters
@ -346,7 +351,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zooke
## Configuration and installation details
### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@ -523,7 +528,7 @@ kubectl delete statefulset zookeeper-zookeeper --cascade=false
## License
Copyright &copy; 2023 VMware, Inc.
Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

4
charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.3
appVersion: 2.14.1
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.3
version: 2.14.1

4
charts/bitnami/kafka/charts/zookeeper/charts/common/README.md
View File

@ -24,14 +24,14 @@ data:
myvalue: "Hello World"
```
Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.23+

22
charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_secrets.tpl
View File

@ -78,6 +78,8 @@ Params:
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
- skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
- skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@ -91,7 +93,6 @@ The order in which this function returns a secret password:
{{- $password := "" }}
{{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@ -99,12 +100,14 @@ The order in which this function returns a secret password:
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }}
{{- else if $failOnNew }}
{{- $password = index $secretData .key | b64dec }}
{{- else if not (eq .failOnNew false) }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- $password = $providedPasswordValue | toString }}
{{- else }}
{{- if .context.Values.enabled }}
@ -120,12 +123,19 @@ The order in which this function returns a secret password:
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- $password = randAlphaNum $passwordLength }}
{{- end }}
{{- end -}}
{{- if not .skipB64enc }}
{{- $password = $password | b64enc }}
{{- end -}}
{{- if .skipQuote -}}
{{- printf "%s" $password -}}
{{- else -}}
{{- printf "%s" $password | quote -}}
{{- end -}}
{{- end -}}
{{/*

22
charts/bitnami/kafka/charts/zookeeper/templates/statefulset.yaml
View File

@ -378,26 +378,20 @@ spec:
{{- else if .Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled" "probeCommandTimeout") "context" $) | nindent 12 }}
exec:
{{- if not .Values.service.disableBaseClientPort }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} nc -w {{ .Values.livenessProbe.probeCommandTimeout }} -q 1 localhost {{ .Values.containerPorts.client }} | grep imok']
{{- else if not .Values.tls.client.enabled }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} | grep imok']
{{- else }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.livenessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} -cert {{ .Values.service.tls.client_cert_pem_path }} -key {{ .Values.service.tls.client_key_pem_path }} | grep imok']
{{- end }}
command:
- /bin/bash
- -ec
- ZOO_HC_TIMEOUT={{ .Values.livenessProbe.probeCommandTimeout }} /opt/bitnami/scripts/zookeeper/healthcheck.sh
{{- end }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled" "probeCommandTimeout") "context" $) | nindent 12 }}
exec:
{{- if not .Values.service.disableBaseClientPort }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} nc -w {{ .Values.readinessProbe.probeCommandTimeout }} -q 1 localhost {{ .Values.containerPorts.client }} | grep imok']
{{- else if not .Values.tls.client.enabled }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} | grep imok']
{{- else }}
command: ['/bin/bash', '-c', 'echo "ruok" | timeout {{ .Values.readinessProbe.probeCommandTimeout }} openssl s_client -quiet -crlf -connect localhost:{{ .Values.containerPorts.tls }} -cert {{ .Values.service.tls.client_cert_pem_path }} -key {{ .Values.service.tls.client_key_pem_path }} | grep imok']
{{- end }}
command:
- /bin/bash
- -ec
- ZOO_HC_TIMEOUT={{ .Values.readinessProbe.probeCommandTimeout }} /opt/bitnami/scripts/zookeeper/healthcheck.sh
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}

40
charts/bitnami/kafka/charts/zookeeper/values.yaml
View File

@ -79,11 +79,11 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
tag: 3.9.1-debian-11-r2
tag: 3.9.1-debian-11-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -185,11 +185,11 @@ listenOnAllIPs: false
autopurge:
## @param autopurge.snapRetainCount The most recent snapshots amount (and corresponding transaction logs) to retain
##
snapRetainCount: 3
snapRetainCount: 10
## @param autopurge.purgeInterval The time interval (in hours) for which the purge task has to be triggered
## Set to a positive integer to enable the auto purging
## Set to a positive integer to enable the auto purging. Set to 0 to disable auto purging.
##
purgeInterval: 0
purgeInterval: 1
## @param logLevel Log level for the ZooKeeper server. ERROR by default
## Have in mind if you set it to INFO or WARN the ReadinessProve will produce a lot of logs
##
@ -312,7 +312,7 @@ customStartupProbe: {}
##
lifecycleHooks: {}
## ZooKeeper resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param resources.limits The resources limits for the ZooKeeper containers
## @param resources.requests.memory The requested memory for the ZooKeeper containers
## @param resources.requests.cpu The requested cpu for the ZooKeeper containers
@ -325,14 +325,21 @@ resources:
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled ZooKeeper pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Set ZooKeeper pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
@ -343,6 +350,7 @@ podSecurityContext:
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsNonRoot: true
privileged: false
@ -397,7 +405,7 @@ nodeAffinityPreset:
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
@ -542,7 +550,7 @@ service:
disableBaseClientPort: false
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
@ -557,7 +565,7 @@ service:
##
clusterIP: ""
## @param service.loadBalancerIP ZooKeeper service Load Balancer IP
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges ZooKeeper service Load Balancer sources
@ -606,7 +614,7 @@ networkPolicy:
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for ZooKeeper pod
##
create: false
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
@ -614,7 +622,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
@ -622,7 +630,7 @@ serviceAccount:
## @section Persistence parameters
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable ZooKeeper data persistence using PVC. If false, use emptyDir
@ -700,7 +708,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r91
tag: 11-debian-11-r93
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -712,7 +720,7 @@ volumePermissions:
##
pullSecrets: []
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
##
@ -723,10 +731,12 @@ volumePermissions:
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser
## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context
## @param volumePermissions.containerSecurityContext.seLinuxOptions Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 0
## @section Metrics parameters
@ -910,7 +920,7 @@ tls:
##
truststorePassword: ""
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param tls.resources.limits The resources limits for the TLS init container
## @param tls.resources.requests The requested resources for the TLS init container
##

1
charts/bitnami/kafka/templates/broker/svc-external-access.yaml
View File

@ -30,6 +30,7 @@ metadata:
spec:
type: {{ $.Values.externalAccess.broker.service.type }}
{{- if eq $.Values.externalAccess.broker.service.type "LoadBalancer" }}
allocateLoadBalancerNodePorts: {{ $.Values.externalAccess.broker.service.allocateLoadBalancerNodePorts }}
{{- if and (not (empty $.Values.externalAccess.broker.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.broker.service.loadBalancerIPs) $replicaCount) }}
loadBalancerIP: {{ index $.Values.externalAccess.broker.service.loadBalancerIPs $i }}
{{- end }}

1
charts/bitnami/kafka/templates/controller-eligible/svc-external-access.yaml
View File

@ -31,6 +31,7 @@ metadata:
spec:
type: {{ $.Values.externalAccess.controller.service.type }}
{{- if eq $.Values.externalAccess.controller.service.type "LoadBalancer" }}
allocateLoadBalancerNodePorts: {{ $.Values.externalAccess.controller.service.allocateLoadBalancerNodePorts }}
{{- if and (not (empty $.Values.externalAccess.controller.service.loadBalancerIPs)) (eq (len $.Values.externalAccess.controller.service.loadBalancerIPs) $replicaCount) }}
loadBalancerIP: {{ index $.Values.externalAccess.controller.service.loadBalancerIPs $i }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More