Charts CI

```
Updated:
  argo/argo-cd:
    - 5.43.3
  asserts/asserts:
    - 1.52.0
  bitnami/kafka:
    - 24.0.10
  bitnami/mariadb:
    - 13.0.2
  bitnami/postgresql:
    - 12.8.2
  bitnami/redis:
    - 17.15.2
  crate/crate-operator:
    - 2.30.2
  datadog/datadog:
    - 3.33.8
  fairwinds/polaris:
    - 5.12.1
  haproxy/haproxy:
    - 1.32.3
  hashicorp/consul:
    - 1.2.1
  jfrog/artifactory-ha:
    - 107.63.11
  jfrog/artifactory-jcr:
    - 107.63.11
  kong/kong:
    - 2.26.0
  linkerd/linkerd-control-plane:
    - 1.12.6
  loft/loft:
    - 3.2.2
  redpanda/redpanda:
    - 5.1.2
  traefik/traefik:
    - 24.0.0
```
pull/855/head
github-actions[bot] 2023-08-11 18:32:44 +00:00
parent 3cc2f837cf
commit 2bcc8de348
174 changed files with 4431 additions and 425 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
assets/kong/kong-2.26.0.tgz Normal file

Binary file not shown.

Binary file not shown.

BIN
assets/loft/loft-3.2.2.tgz Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,9 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: changed
description: Renamed applicationSet.replicaCount to replicas
- kind: deprecated
description: Option applicationSet.replicaCount
- kind: fixed
description: add missing permissions to run actions
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -35,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.43.2
version: 5.43.3

View File

@ -45,4 +45,16 @@ rules:
- list
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- create
{{- end }}

View File

@ -58,4 +58,4 @@ maintainers:
url: https://github.com/asserts
name: asserts
type: application
version: 1.51.0
version: 1.52.0

View File

@ -363,6 +363,7 @@ data:
prometheus:
alertmanager:
remote_validation: false
template:
url: http://asserts-server.{{ .Release.Namespace }}.svc.cluster.local:8030/api-server/v4/prometheus-alerts?tenant={{ "{{ tenantId }}" }}
client:
@ -396,7 +397,7 @@ data:
tenant_mode: multi-tenant
deployment_mode: multi-tenant-single-instance
enabled: {{ .Values.server.awsExporterEnabled | default "false"}}
hekate:
enable: false

View File

@ -45,4 +45,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 24.0.8
version: 24.0.10

View File

@ -239,6 +239,7 @@ The command removes all the Kubernetes components associated with the chart and
| `controller.podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | `Parallel` |
| `controller.priorityClassName` | Name of the existing priority class to be used by kafka pods | `""` |
| `controller.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` |
| `controller.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `controller.updateStrategy.type` | Kafka statefulset strategy type | `RollingUpdate` |
| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` |
@ -334,6 +335,7 @@ The command removes all the Kubernetes components associated with the chart and
| `broker.podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | `Parallel` |
| `broker.priorityClassName` | Name of the existing priority class to be used by kafka pods | `""` |
| `broker.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` |
| `broker.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
| `broker.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `broker.updateStrategy.type` | Kafka statefulset strategy type | `RollingUpdate` |
| `broker.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` |
@ -499,6 +501,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.kafka.nodeSelector` | Node labels for pod assignment | `{}` |
| `metrics.kafka.tolerations` | Tolerations for pod assignment | `[]` |
| `metrics.kafka.schedulerName` | Name of the k8s scheduler (other than default) for Kafka exporter | `""` |
| `metrics.kafka.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
| `metrics.kafka.priorityClassName` | Kafka exporter pods' priorityClassName | `""` |
| `metrics.kafka.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `metrics.kafka.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka exporter pod(s) | `[]` |
@ -602,6 +605,7 @@ The command removes all the Kubernetes components associated with the chart and
| `provisioning.containerSecurityContext.readOnlyRootFilesystem` | Set Kafka provisioning containers' Security Context readOnlyRootFilesystem | `true` |
| `provisioning.containerSecurityContext.capabilities.drop` | Set Kafka provisioning containers' Security Context capabilities to be dropped | `["ALL"]` |
| `provisioning.schedulerName` | Name of the k8s scheduler (other than default) for kafka provisioning | `""` |
| `provisioning.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
| `provisioning.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka provisioning pod(s) | `[]` |
| `provisioning.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Kafka provisioning container(s) | `[]` |
| `provisioning.sidecars` | Add additional sidecar containers to the Kafka provisioning pod(s) | `[]` |

View File

@ -92,6 +92,7 @@ spec:
securityContext: {{- omit .Values.broker.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "kafka.serviceAccountName" . }}
enableServiceLinks: {{ .Values.broker.enableServiceLinks }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.broker.persistence.enabled }}
- name: volume-permissions

View File

@ -92,6 +92,7 @@ spec:
securityContext: {{- omit .Values.controller.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "kafka.serviceAccountName" . }}
enableServiceLinks: {{ .Values.controller.enableServiceLinks }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.controller.persistence.enabled }}
- name: volume-permissions

View File

@ -69,6 +69,7 @@ spec:
securityContext: {{- omit .Values.metrics.kafka.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "kafka.metrics.kafka.serviceAccountName" . }}
enableServiceLinks: {{ .Values.metrics.kafka.enableServiceLinks }}
{{- if .Values.metrics.kafka.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.initContainers "context" $) | nindent 8 }}
{{- end }}

View File

@ -34,6 +34,7 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ template "kafka.provisioning.serviceAccountName" . }}
enableServiceLinks: {{ .Values.provisioning.enableServiceLinks }}
{{- include "kafka.imagePullSecrets" . | nindent 6 }}
{{- if .Values.provisioning.schedulerName }}
schedulerName: {{ .Values.provisioning.schedulerName | quote }}
@ -102,7 +103,7 @@ spec:
- |
echo "Configuring environment"
. /opt/bitnami/scripts/libkafka.sh
export CLIENT_CONF="${CLIENT_CONF:-/opt/bitnami/kafka/config/client.properties}"
export CLIENT_CONF="${CLIENT_CONF:-/tmp/client.properties}"
if [ ! -f "$CLIENT_CONF" ]; then
touch $CLIENT_CONF
@ -242,6 +243,8 @@ spec:
readOnly: true
{{- end }}
{{- end }}
- name: tmp
mountPath: /tmp
{{- if .Values.provisioning.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@ -262,6 +265,8 @@ spec:
defaultMode: 256
{{- end }}
{{- end }}
- name: tmp
emptyDir: {}
{{- if .Values.provisioning.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumes "context" $) | nindent 8 }}
{{- end }}

View File

@ -637,6 +637,11 @@ controller:
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
## @param controller.enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @param controller.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
@ -1002,6 +1007,11 @@ broker:
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
## @param broker.enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @param broker.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
@ -1722,6 +1732,11 @@ metrics:
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param metrics.kafka.enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @param metrics.kafka.priorityClassName Kafka exporter pods' priorityClassName
##
priorityClassName: ""
@ -2187,6 +2202,11 @@ provisioning:
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param provisioning.enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for the Kafka provisioning pod(s)
## e.g:
## extraVolumes:

View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.6.0
digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a
generated: "2023-07-06T21:34:41.934329163Z"
version: 2.8.0
digest: sha256:0119fce6b509ebf3eaf5218f87f6ec0af64ec7da15f272115673b0716c4b6919
generated: "2023-08-11T09:32:02.90916554Z"

View File

@ -4,6 +4,13 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: mariadb
category: Database
images: |
- name: mariadb
image: docker.io/bitnami/mariadb:11.0.2-debian-11-r15
- name: mysqld-exporter
image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r14
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r34
licenses: Apache-2.0
apiVersion: v2
appVersion: 11.0.2
@ -30,4 +37,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 13.0.1
version: 13.0.2

View File

@ -82,28 +82,28 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `11.0.2-debian-11-r2` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `11.0.2-debian-11-r15` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r22` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r34` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r5` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r14` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -561,4 +561,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.

View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.6.0
appVersion: 2.8.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.6.0
version: 2.8.0

View File

@ -90,7 +90,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
tag: 11.0.2-debian-11-r2
tag: 11.0.2-debian-11-r15
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1004,7 +1004,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r22
tag: 11-debian-11-r34
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@ -1040,7 +1040,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.15.0-debian-11-r5
tag: 0.15.0-debian-11-r14
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)

View File

@ -6,14 +6,14 @@ annotations:
category: Database
images: |
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r31
image: docker.io/bitnami/os-shell:11-debian-11-r34
- name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.13.2-debian-11-r12
image: docker.io/bitnami/postgres-exporter:0.13.2-debian-11-r15
- name: postgresql
image: docker.io/bitnami/postgresql:15.3.0-debian-11-r85
image: docker.io/bitnami/postgresql:15.4.0-debian-11-r0
licenses: Apache-2.0
apiVersion: v2
appVersion: 15.3.0
appVersion: 15.4.0
dependencies:
- name: common
repository: file://./charts/common
@ -38,4 +38,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 12.8.1
version: 12.8.2

View File

@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r85` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.4.0-debian-11-r0` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@ -419,7 +419,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r31` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r34` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -450,7 +450,7 @@ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.13.2-debian-11-r12` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.13.2-debian-11-r15` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |

View File

@ -98,7 +98,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 15.3.0-debian-11-r85
tag: 15.4.0-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1260,7 +1260,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r31
tag: 11-debian-11-r34
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1361,7 +1361,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.13.2-debian-11-r12
tag: 0.13.2-debian-11-r15
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -28,4 +28,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 17.15.0
version: 17.15.2

View File

@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.annotations` | Additional custom annotations for Redis® Sentinel resource | `{}` |
| `sentinel.masterSet` | Master set name | `mymaster` |
| `sentinel.quorum` | Sentinel Quorum | `2` |
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `200` |
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `99` |
| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` |
| `sentinel.redisShutdownWaitFailover` | Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). | `true` |
| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` |

View File

@ -701,6 +701,7 @@ data:
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"

View File

@ -1059,7 +1059,7 @@ sentinel:
quorum: 2
## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out.
##
getMasterTimeout: 200
getMasterTimeout: 99
## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.
## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.

View File

@ -1,6 +1,6 @@
dependencies:
- name: crate-operator-crds
repository: file://../crate-operator-crds
version: 2.30.1
digest: sha256:4b03b4e1aeac6bfe810e859306af8b07f6093af0cce29ac1b92415917318ecff
generated: "2023-07-06T10:31:25.043287027Z"
version: 2.30.2
digest: sha256:5b8b40b7c1c3c068df6806a2325b21d4f0b93b69df3387be6bc20092936d153a
generated: "2023-08-10T11:24:24.32953244Z"

View File

@ -3,16 +3,16 @@ annotations:
catalog.cattle.io/display-name: CrateDB Operator
catalog.cattle.io/release-name: crate-operator
apiVersion: v2
appVersion: 2.30.1
appVersion: 2.30.2
dependencies:
- condition: crate-operator-crds.enabled
name: crate-operator-crds
repository: file://./charts/crate-operator-crds
version: 2.30.1
version: 2.30.2
description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
maintainers:
- name: Crate.io
name: crate-operator
type: application
version: 2.30.1
version: 2.30.2

View File

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: 2.30.1
appVersion: 2.30.2
description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
Resource Definitions (CRDs) for the Crate Operator.
maintainers:
- name: Crate.io
name: crate-operator-crds
type: application
version: 2.30.1
version: 2.30.2

View File

@ -1,5 +1,9 @@
# Datadog changelog
## 3.33.8
* Remove `mountPropagation` for `/etc/os-release` files.
## 3.33.7
* Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config

View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.33.7
version: 3.33.8

View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.33.7](https://img.shields.io/badge/Version-3.33.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.33.8](https://img.shields.io/badge/Version-3.33.8-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

View File

@ -2,12 +2,10 @@
{{- if eq (include "should-enable-system-probe" .) "true" }}
- name: os-release-file
mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }}
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- else if not .Values.providers.gke.autopilot}}
- name: os-release-file
mountPath: /host{{ .Values.datadog.osReleasePath }}
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- end }}
{{- end }}

View File

@ -12,4 +12,4 @@ maintainers:
- email: robertb@fairwinds.com
name: rbren
name: polaris
version: 5.12.0
version: 5.12.1

View File

@ -37,7 +37,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
|-----|------|---------|-------------|
| config | string | `nil` | The [polaris configuration](https://github.com/FairwindsOps/polaris#configuration). If not provided then the [default](https://github.com/FairwindsOps/polaris/blob/master/examples/config.yaml) config from Polaris is used. |
| configUrl | string | `nil` | Use a config from an accessible URL source. NOTE: `config` & `configUrl` are mutually exclusive. Setting `configURL` will take precedence over `config`. Only one may be used. configUrl: https://example.com/config.yaml |
| additionExemptions | string | `nil` | List of additional exemptions to append to the exemptions given in `config` |
| additionalExemptions | string | `nil` | List of additional exemptions to append to the exemptions given in `config` |
| image.repository | string | `"quay.io/fairwinds/polaris"` | Image repo |
| image.tag | string | `""` | The Polaris Image tag to use. Defaults to the Chart's AppVersion |
| image.pullPolicy | string | `"Always"` | Image pull policy |

View File

@ -5,8 +5,8 @@ config: null
# configUrl: https://example.com/config.yaml
configUrl: null
# additionExemptions -- List of additional exemptions to append to the exemptions given in `config`
additionExemptions: null
# additionalExemptions -- List of additional exemptions to append to the exemptions given in `config`
additionalExemptions: null
image:

View File

@ -1,12 +1,12 @@
annotations:
artifacthub.io/changes: |
- Use Ingress Controller 1.10.5 version for base image
- Use Ingress Controller 1.10.6 version for base image
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: haproxy
apiVersion: v2
appVersion: 1.10.5
appVersion: 1.10.6
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
@ -21,4 +21,4 @@ name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
version: 1.32.2
version: 1.32.3

View File

@ -1,13 +1,13 @@
annotations:
artifacthub.io/images: |
- name: consul
image: hashicorp/consul:1.16.0
image: hashicorp/consul:1.16.1
- name: consul-k8s-control-plane
image: hashicorp/consul-k8s-control-plane:1.2.0
image: hashicorp/consul-k8s-control-plane:1.2.1
- name: consul-dataplane
image: hashicorp/consul-dataplane:1.2.0
image: hashicorp/consul-dataplane:1.2.1
- name: envoy
image: envoyproxy/envoy:v1.25.1
image: envoyproxy/envoy:v1.25.9
artifacthub.io/license: MPL-2.0
artifacthub.io/links: |
- name: Documentation
@ -25,7 +25,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: consul
apiVersion: v2
appVersion: 1.16.0
appVersion: 1.16.1
description: Official HashiCorp Consul Chart
home: https://www.consul.io
icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png
@ -34,4 +34,4 @@ name: consul
sources:
- https://github.com/hashicorp/consul
- https://github.com/hashicorp/consul-k8s
version: 1.2.0
version: 1.2.1

View File

@ -15,6 +15,29 @@ as well as the global.name setting.
{{- end -}}
{{- end -}}
{{- define "consul.restrictedSecurityContext" -}}
{{- if not .Values.global.enablePodSecurityPolicies -}}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
{{- if not .Values.global.openshift.enabled -}}
{{/*
We must set runAsUser or else the root user will be used in some cases and
containers will fail to start due to runAsNonRoot above (e.g.
tls-init-cleanup). On OpenShift, runAsUser is automatically. We pick user 100
because it is a non-root user id that exists in the consul, consul-dataplane,
and consul-k8s-control-plane images.
*/}}
runAsUser: 100
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "consul.vaultSecretTemplate" -}}
|
{{ "{{" }}- with secret "{{ .secretName }}" -{{ "}}" }}
@ -422,4 +445,4 @@ Usage: {{ template "consul.validateTelemetryCollectorCloud" . }}
{{- if or (and .Values.telemetryCollector.cloud.clientSecret.secretName .Values.telemetryCollector.cloud.clientSecret.secretKey .Values.telemetryCollector.cloud.clientId.secretName .Values.telemetryCollector.cloud.clientId.secretKey (not .Values.global.cloud.resourceId.secretKey)) }}
{{fail "When telemetryCollector has clientId and clientSecret .global.cloud.resourceId.secretKey must be set"}}
{{- end }}
{{- end -}}
{{- end -}}

View File

@ -19,6 +19,12 @@ data:
"auto_reload_config": true
{{- end }}
}
log-level.json: |-
{
{{- if .Values.client.logLevel }}
"log_level": "{{ .Values.client.logLevel | upper }}"
{{- end }}
}
extra-from-values.json: |-
{{ tpl .Values.client.extraConfig . | trimAll "\"" | indent 4 }}
central-config.json: |-

View File

@ -510,11 +510,7 @@ spec:
value: "component=client,pod=$(NAMESPACE)/$(POD_NAME)"
{{- end }}
- name: CONSUL_LOGIN_DATACENTER
{{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter }}
value: {{ .Values.global.federation.primaryDatacenter }}
{{- else }}
value: {{ .Values.global.datacenter }}
{{- end}}
command:
- "/bin/sh"
- "-ec"

View File

@ -186,4 +186,14 @@ rules:
- "get"
- "list"
- "watch"
{{- if .Values.global.openshift.enabled }}
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
resourceNames:
- {{ .Values.connectInject.apiGateway.managedGatewayClass.openshiftSCCName }}
verbs:
- use
{{- end }}
{{- end }}

View File

@ -94,6 +94,7 @@ spec:
- containerPort: 8080
name: webhook-server
protocol: TCP
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
env:
- name: NAMESPACE
valueFrom:
@ -234,6 +235,19 @@ spec:
-default-sidecar-proxy-cpu-request={{ $resources.requests.cpu }} \
{{- end }}
-default-envoy-proxy-concurrency={{ .Values.connectInject.sidecarProxy.concurrency }} \
{{- if .Values.connectInject.sidecarProxy.lifecycle.defaultEnabled }}
-default-enable-sidecar-proxy-lifecycle=true \
{{- else }}
-default-enable-sidecar-proxy-lifecycle=false \
{{- end }}
{{- if .Values.connectInject.sidecarProxy.lifecycle.defaultEnableShutdownDrainListeners }}
-default-enable-sidecar-proxy-lifecycle-shutdown-drain-listeners=true \
{{- else }}
-default-enable-sidecar-proxy-lifecycle-shutdown-drain-listeners=false \
{{- end }}
-default-sidecar-proxy-lifecycle-shutdown-grace-period-seconds={{ .Values.connectInject.sidecarProxy.lifecycle.defaultShutdownGracePeriodSeconds }} \
-default-sidecar-proxy-lifecycle-graceful-port={{ .Values.connectInject.sidecarProxy.lifecycle.defaultGracefulPort }} \
-default-sidecar-proxy-lifecycle-graceful-shutdown-path="{{ .Values.connectInject.sidecarProxy.lifecycle.defaultGracefulShutdownPath }}" \
{{- if .Values.connectInject.initContainer }}
{{- $initResources := .Values.connectInject.initContainer.resources }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: controlplanerequestlimits.consul.hashicorp.com
labels:
@ -194,4 +194,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: exportedservices.consul.hashicorp.com
labels:
@ -138,4 +138,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: gatewayclassconfigs.consul.hashicorp.com
labels:
@ -138,8 +138,27 @@ spec:
type: string
type: object
type: array
openshiftSCCName:
description: The name of an existing SecurityContextConstraints
resource to bind to the managed role when running on OpenShift.
type: string
mapPrivilegedContainerPorts:
type: integer
format: int32
minimum: 0
maximum: 64512
description: mapPrivilegedContainerPorts is the value which Consul will add to privileged container port
values (ports < 1024) defined on a Gateway when the number is greater than 0. This cannot be more than
64512 as the highest privileged port is 1023, which would then map to 65535, which is the highest
valid port number.
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -1,4 +1,6 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -6,7 +8,6 @@ metadata:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
gateway.networking.k8s.io/bundle-version: v0.6.2
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}

View File

@ -1,4 +1,6 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -6,7 +8,6 @@ metadata:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
gateway.networking.k8s.io/bundle-version: v0.6.2
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}

View File

@ -1,4 +1,6 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -6,7 +8,6 @@ metadata:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
gateway.networking.k8s.io/bundle-version: v0.6.2
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}

View File

@ -1,4 +1,6 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -6,7 +8,6 @@ metadata:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
gateway.networking.k8s.io/bundle-version: v0.6.2
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: ingressgateways.consul.hashicorp.com
labels:
@ -368,4 +368,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: jwtproviders.consul.hashicorp.com
labels:
@ -256,4 +256,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: meshes.consul.hashicorp.com
labels:
@ -206,4 +206,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: meshservices.consul.hashicorp.com
labels:
@ -55,4 +55,10 @@ spec:
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: peeringacceptors.consul.hashicorp.com
labels:
@ -145,4 +145,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: peeringdialers.consul.hashicorp.com
labels:
@ -145,4 +145,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: proxydefaults.consul.hashicorp.com
labels:
@ -254,4 +254,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -1,4 +1,7 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: samenessgroups.consul.hashicorp.com
labels:
@ -128,4 +128,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: servicedefaults.consul.hashicorp.com
labels:
@ -494,4 +494,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: serviceintentions.consul.hashicorp.com
labels:
@ -310,4 +310,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: serviceresolvers.consul.hashicorp.com
labels:
@ -266,6 +266,10 @@ spec:
If empty the default subset is used.
type: string
type: object
requestTimeout:
description: RequestTimeout is the timeout for receiving an HTTP response
from this service before the connection is terminated.
type: string
subsets:
additionalProperties:
properties:
@ -333,4 +337,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: servicerouters.consul.hashicorp.com
labels:
@ -311,4 +311,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: servicesplitters.consul.hashicorp.com
labels:
@ -185,4 +185,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -1,4 +1,7 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: terminatinggateways.consul.hashicorp.com
labels:
@ -136,4 +136,10 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}

View File

@ -1,4 +1,7 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

View File

@ -1,4 +1,7 @@
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

View File

@ -93,6 +93,7 @@ spec:
containers:
- name: create-federation-secret
image: "{{ .Values.global.imageK8S }}"
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
env:
- name: NAMESPACE
valueFrom:
@ -119,7 +120,7 @@ spec:
- "-ec"
- |
consul-k8s-control-plane create-federation-secret \
-log-level={{ .Values.global.logLevel }} \
-log-level={{ default .Values.global.logLevel .Values.global.federation.logLevel }} \
-log-json={{ .Values.global.logJSON }} \
{{- if (or .Values.global.gossipEncryption.autoGenerate (and .Values.global.gossipEncryption.secretName .Values.global.gossipEncryption.secretKey)) }}
-gossip-key-file=/consul/gossip/gossip.key \

View File

@ -31,12 +31,16 @@ spec:
{{- end }}
annotations:
"consul.hashicorp.com/connect-inject": "false"
{{- if .Values.global.acls.annotations }}
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
serviceAccountName: {{ template "consul.fullname" . }}-gateway-cleanup
containers:
- name: gateway-cleanup
image: {{ .Values.global.imageK8S }}
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
command:
- consul-k8s-control-plane
args:

View File

@ -31,12 +31,16 @@ spec:
{{- end }}
annotations:
"consul.hashicorp.com/connect-inject": "false"
{{- if .Values.global.acls.annotations }}
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
serviceAccountName: {{ template "consul.fullname" . }}-gateway-resources
containers:
- name: gateway-resources
image: {{ .Values.global.imageK8S }}
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
command:
- consul-k8s-control-plane
args:
@ -84,15 +88,21 @@ spec:
{{- end}}
{{- end}}
{{- if .Values.connectInject.apiGateway.managedGatewayClass.nodeSelector }}
- -node-selector={{ .Values.connectInject.apiGateway.managedGatewayClass.nodeSelector }}
- -node-selector
- {{- toYaml .Values.connectInject.apiGateway.managedGatewayClass.nodeSelector | nindent 14 -}}
{{- end }}
{{- if .Values.connectInject.apiGateway.managedGatewayClass.tolerations }}
- -tolerations={{ .Values.connectInject.apiGateway.managedGatewayClass.tolerations }}
{{- end }}
{{- if .Values.connectInject.apiGateway.managedGatewayClass.copyAnnotations.service }}
- -service-annotations={{ .Values.connectInject.apiGateway.managedGatewayClass.copyAnnotations.service.annotations }}
- -service-annotations
- {{- toYaml .Values.connectInject.apiGateway.managedGatewayClass.copyAnnotations.service.annotations | nindent 14 -}}
{{- end }}
- -service-type={{ .Values.connectInject.apiGateway.managedGatewayClass.serviceType }}
{{- if .Values.global.openshift.enabled }}
- -openshift-scc-name={{ .Values.connectInject.apiGateway.managedGatewayClass.openshiftSCCName }}
{{- end }}
- -map-privileged-container-ports={{ .Values.connectInject.apiGateway.managedGatewayClass.mapPrivilegedContainerPorts }}
{{- end}}
resources:
requests:

View File

@ -48,6 +48,7 @@ spec:
containers:
- name: gossip-encryption-autogen
image: "{{ .Values.global.imageK8S }}"
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
command:
- "/bin/sh"
- "-ec"
@ -56,7 +57,7 @@ spec:
-namespace={{ .Release.Namespace }} \
-secret-name={{ template "consul.fullname" . }}-gossip-encryption-key \
-secret-key="key" \
-log-level={{ .Values.global.logLevel }} \
-log-level={{ default .Values.global.logLevel .Values.global.gossipEncryption.logLevel }} \
-log-json={{ .Values.global.logJSON }}
resources:
requests:

View File

@ -175,6 +175,7 @@ spec:
# ingress-gateway-init registers the ingress gateway service with Consul.
- name: ingress-gateway-init
image: {{ $root.Values.global.imageK8S }}
{{- include "consul.restrictedSecurityContext" $ | nindent 8 }}
env:
- name: NAMESPACE
valueFrom:
@ -211,7 +212,7 @@ spec:
-gateway-kind="ingress-gateway" \
-proxy-id-file=/consul/service/proxy-id \
-service-name={{ template "consul.fullname" $root }}-{{ .name }} \
-log-level={{ default $root.Values.global.logLevel }} \
-log-level={{ default $root.Values.global.logLevel $root.Values.ingressGateways.logLevel }} \
-log-json={{ $root.Values.global.logJSON }}
volumeMounts:
- name: consul-service
@ -233,6 +234,7 @@ spec:
containers:
- name: ingress-gateway
image: {{ $root.Values.global.imageConsulDataplane | quote }}
{{- include "consul.restrictedSecurityContext" $ | nindent 8 }}
{{- if (default $defaults.resources .resources) }}
resources: {{ toYaml (default $defaults.resources .resources) | nindent 10 }}
{{- end }}
@ -319,7 +321,7 @@ spec:
{{- if $root.Values.global.adminPartitions.enabled }}
- -service-partition={{ $root.Values.global.adminPartitions.name }}
{{- end }}
- -log-level={{ default $root.Values.global.logLevel }}
- -log-level={{ default $root.Values.global.logLevel $root.Values.ingressGateways.logLevel }}
- -log-json={{ $root.Values.global.logJSON }}
{{- if (and $root.Values.global.metrics.enabled $root.Values.global.metrics.enableGatewayMetrics) }}
- -telemetry-prom-scrape-path=/metrics

View File

@ -161,7 +161,7 @@ spec:
-gateway-kind="mesh-gateway" \
-proxy-id-file=/consul/service/proxy-id \
-service-name={{ .Values.meshGateway.consulServiceName }} \
-log-level={{ default .Values.global.logLevel }} \
-log-level={{ default .Values.global.logLevel .Values.meshGateway.logLevel }} \
-log-json={{ .Values.global.logJSON }}
volumeMounts:
- name: consul-service
@ -267,7 +267,7 @@ spec:
{{- if .Values.global.adminPartitions.enabled }}
- -service-partition={{ .Values.global.adminPartitions.name }}
{{- end }}
- -log-level={{ default .Values.global.logLevel }}
- -log-level={{ default .Values.global.logLevel .Values.meshGateway.logLevel }}
- -log-json={{ .Values.global.logJSON }}
{{- if (and .Values.global.metrics.enabled .Values.global.metrics.enableGatewayMetrics) }}
- -telemetry-prom-scrape-path=/metrics

View File

@ -81,6 +81,7 @@ spec:
containers:
- name: partition-init-job
image: {{ .Values.global.imageK8S }}
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
env:
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 10 }}
{{- if (and .Values.global.acls.bootstrapToken.secretName .Values.global.acls.bootstrapToken.secretKey) }}

View File

@ -47,27 +47,34 @@ spec:
{{- end }}
annotations:
"consul.hashicorp.com/connect-inject": "false"
{{- if .Values.global.acls.annotations }}
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
serviceAccountName: {{ template "consul.fullname" . }}-server-acl-init-cleanup
{{- if .Values.server.containerSecurityContext.aclInit }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext.aclInit | nindent 8 }}
{{- end }}
containers:
- name: server-acl-init-cleanup
image: {{ .Values.global.imageK8S }}
{{- if not .Values.server.containerSecurityContext.aclInit }}
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
{{- end }}
command:
- consul-k8s-control-plane
args:
- delete-completed-job
- -log-level={{ .Values.global.logLevel }}
- -log-level={{ default .Values.global.logLevel .Values.global.acls.logLevel }}
- -log-json={{ .Values.global.logJSON }}
- -k8s-namespace={{ .Release.Namespace }}
- {{ template "consul.fullname" . }}-server-acl-init
{{- if .Values.global.acls.resources }}
resources:
requests:
memory: "50Mi"
cpu: "50m"
limits:
memory: "50Mi"
cpu: "50m"
{{- toYaml .Values.global.acls.resources | nindent 12 }}
{{- end }}
{{- if .Values.global.acls.tolerations }}
tolerations:
{{ tpl .Values.global.acls.tolerations . | indent 8 | trim }}

View File

@ -46,6 +46,9 @@ spec:
{{- end }}
annotations:
"consul.hashicorp.com/connect-inject": "false"
{{- if .Values.global.acls.annotations }}
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
{{- end }}
{{- if .Values.global.secretsBackend.vault.enabled }}
{{- /* Run the Vault agent as both an init container and sidecar.
@ -94,6 +97,10 @@ spec:
spec:
restartPolicy: Never
serviceAccountName: {{ template "consul.fullname" . }}-server-acl-init
{{- if .Values.server.containerSecurityContext.aclInit }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext.aclInit | nindent 8 }}
{{- end }}
{{- if (or .Values.global.tls.enabled .Values.global.acls.replicationToken.secretName .Values.global.acls.bootstrapToken.secretName) }}
volumes:
{{- if and .Values.global.tls.enabled (not .Values.global.secretsBackend.vault.enabled) }}
@ -122,6 +129,9 @@ spec:
containers:
- name: server-acl-init-job
image: {{ .Values.global.imageK8S }}
{{- if not .Values.server.containerSecurityContext.aclInit }}
{{- include "consul.restrictedSecurityContext" . | nindent 8 }}
{{- end }}
env:
- name: NAMESPACE
valueFrom:
@ -161,7 +171,7 @@ spec:
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
consul-k8s-control-plane server-acl-init \
-log-level={{ .Values.global.logLevel }} \
-log-level={{ default .Values.global.logLevel .Values.global.acls.logLevel}} \
-log-json={{ .Values.global.logJSON }} \
-resource-prefix=${CONSUL_FULLNAME} \
-k8s-namespace={{ .Release.Namespace }} \
@ -307,13 +317,10 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.global.acls.resources }}
resources:
requests:
memory: "50Mi"
cpu: "50m"
limits:
memory: "50Mi"
cpu: "50m"
{{- toYaml .Values.global.acls.resources | nindent 10 }}
{{- end }}
{{- if .Values.global.acls.tolerations }}
tolerations:
{{ tpl .Values.global.acls.tolerations . | indent 8 | trim }}

View File

@ -1,6 +1,6 @@
{{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }}
{{- if (not (or (eq .Values.server.limits.requestLimits.mode "disabled") (eq .Values.server.limits.requestLimits.mode "permissive") (eq .Values.server.limits.requestLimits.mode "enforce"))) }}{{fail "server.limits.requestLimits.mode must be one of the following values: disabled, permissive, and enforce." }}{{ end -}}
{{- if and .Values.server.auditLogs.enabled (not .Values.global.acls.manageSystemACLs) }}{{fail "ACLs must be enabled inorder to configure audit logs"}}{{ end -}}
# StatefulSet to run the actual Consul server cluster.
apiVersion: v1
kind: ConfigMap
@ -27,6 +27,9 @@ data:
},
"datacenter": "{{ .Values.global.datacenter }}",
"data_dir": "/consul/data",
{{- if .Values.server.logLevel }}
"log_level": "{{ .Values.server.logLevel | upper }}",
{{- end }}
"domain": "{{ .Values.global.domain }}",
"limits": {
"request_limits": {
@ -187,4 +190,27 @@ data:
}
}
{{- end }}
{{- if and .Values.server.auditLogs.enabled .Values.global.acls.manageSystemACLs }}
audit-logging.json: |-
{
"audit": {
"enabled": true,
"sink": {
{{- range $index, $element := .Values.server.auditLogs.sinks }}
{{- if ne $index 0 }},{{end}}
"{{ $element.name }}": {
{{- $firstKeyValuePair := false }}
{{- range $k, $v := $element }}
{{- if ne $k "name" }}
{{- if ne $firstKeyValuePair false }},{{end}}
{{- $firstKeyValuePair = true }}
"{{ $k }}": "{{ $v }}"
{{- end }}
{{- end }}
}
{{- end }}
}
}
}
{{- end }}
{{- end }}

View File

@ -238,6 +238,7 @@ spec:
volumeMounts:
- name: extra-config
mountPath: /consul/extra-config
{{- include "consul.restrictedSecurityContext" . | nindent 8 }}
containers:
- name: consul
image: "{{ default .Values.global.image .Values.server.image }}"
@ -526,9 +527,11 @@ spec:
{{- toYaml .Values.server.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if not .Values.global.openshift.enabled }}
{{- if .Values.server.containerSecurityContext.server }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext.server | nindent 12 }}
{{- else }}
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
{{- end }}
{{- if .Values.server.extraContainers }}
{{ toYaml .Values.server.extraContainers | nindent 8 }}

View File

@ -77,6 +77,7 @@ spec:
containers:
- name: sync-catalog
image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}"
{{- include "consul.restrictedSecurityContext" . | nindent 8 }}
env:
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 8 }}
{{- if .Values.global.acls.manageSystemACLs }}

View File

@ -115,7 +115,7 @@ spec:
- -ec
- |-
consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD_NAMESPACE} \
-log-level={{ default .Values.global.logLevel }} \
-log-level={{ default .Values.global.logLevel .Values.telemetryCollector.logLevel }} \
-log-json={{ .Values.global.logJSON }} \
-service-account-name="consul-telemetry-collector" \
-service-name="" \
@ -303,7 +303,7 @@ spec:
{{- if .Values.global.metrics.enabled }}
- -telemetry-prom-scrape-path=/metrics
{{- end }}
- -log-level={{ default .Values.global.logLevel }}
- -log-level={{ default .Values.global.logLevel .Values.telemetryCollector.logLevel }}
- -log-json={{ .Values.global.logJSON }}
- -envoy-concurrency=2
{{- if and .Values.externalServers.enabled .Values.externalServers.skipServerWatch }}

View File

@ -160,6 +160,7 @@ spec:
# terminating-gateway-init registers the terminating gateway service with Consul.
- name: terminating-gateway-init
image: {{ $root.Values.global.imageK8S }}
{{- include "consul.restrictedSecurityContext" $ | nindent 10 }}
env:
- name: NAMESPACE
valueFrom:
@ -196,7 +197,7 @@ spec:
-gateway-kind="terminating-gateway" \
-proxy-id-file=/consul/service/proxy-id \
-service-name={{ .name }} \
-log-level={{ default $root.Values.global.logLevel }} \
-log-level={{ default $root.Values.global.logLevel $root.Values.terminatingGateways.logLevel }} \
-log-json={{ $root.Values.global.logJSON }}
volumeMounts:
- name: consul-service
@ -218,6 +219,7 @@ spec:
containers:
- name: terminating-gateway
image: {{ $root.Values.global.imageConsulDataplane | quote }}
{{- include "consul.restrictedSecurityContext" $ | nindent 10 }}
volumeMounts:
- name: consul-service
mountPath: /consul/service
@ -300,7 +302,7 @@ spec:
{{- if $root.Values.global.adminPartitions.enabled }}
- -service-partition={{ $root.Values.global.adminPartitions.name }}
{{- end }}
- -log-level={{ default $root.Values.global.logLevel }}
- -log-level={{ default $root.Values.global.logLevel $root.Values.terminatingGateways.logLevel }}
- -log-json={{ $root.Values.global.logJSON }}
{{- if (and $root.Values.global.metrics.enabled $root.Values.global.metrics.enableGatewayMetrics) }}
- -telemetry-prom-scrape-path=/metrics

View File

@ -35,12 +35,22 @@ spec:
{{- end }}
annotations:
"consul.hashicorp.com/connect-inject": "false"
{{- if .Values.global.tls.annotations }}
{{- tpl .Values.global.tls.annotations . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
serviceAccountName: {{ template "consul.fullname" . }}-tls-init-cleanup
{{- if .Values.server.containerSecurityContext.tlsInit }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext.tlsInit | nindent 8 }}
{{- end }}
containers:
- name: tls-init-cleanup
image: "{{ .Values.global.image }}"
{{- if not .Values.server.containerSecurityContext.tlsInit }}
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
{{- end }}
env:
- name: NAMESPACE
valueFrom:

Some files were not shown because too many files have changed in this diff Show More