Charts CI
``` Updated: argo/argo-cd: - 5.43.3 asserts/asserts: - 1.52.0 bitnami/kafka: - 24.0.10 bitnami/mariadb: - 13.0.2 bitnami/postgresql: - 12.8.2 bitnami/redis: - 17.15.2 crate/crate-operator: - 2.30.2 datadog/datadog: - 3.33.8 fairwinds/polaris: - 5.12.1 haproxy/haproxy: - 1.32.3 hashicorp/consul: - 1.2.1 jfrog/artifactory-ha: - 107.63.11 jfrog/artifactory-jcr: - 107.63.11 kong/kong: - 2.26.0 linkerd/linkerd-control-plane: - 1.12.6 loft/loft: - 3.2.2 redpanda/redpanda: - 5.1.2 traefik/traefik: - 24.0.0 ```pull/855/head
parent
3cc2f837cf
commit
2bcc8de348
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,9 +1,7 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: Renamed applicationSet.replicaCount to replicas
|
||||
- kind: deprecated
|
||||
description: Option applicationSet.replicaCount
|
||||
- kind: fixed
|
||||
description: add missing permissions to run actions
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
|
@ -35,4 +33,4 @@ name: argo-cd
|
|||
sources:
|
||||
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
||||
- https://github.com/argoproj/argo-cd
|
||||
version: 5.43.2
|
||||
version: 5.43.3
|
||||
|
|
|
@ -45,4 +45,16 @@ rules:
|
|||
- list
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- create
|
||||
{{- end }}
|
||||
|
|
|
@ -58,4 +58,4 @@ maintainers:
|
|||
url: https://github.com/asserts
|
||||
name: asserts
|
||||
type: application
|
||||
version: 1.51.0
|
||||
version: 1.52.0
|
||||
|
|
|
@ -363,6 +363,7 @@ data:
|
|||
|
||||
prometheus:
|
||||
alertmanager:
|
||||
remote_validation: false
|
||||
template:
|
||||
url: http://asserts-server.{{ .Release.Namespace }}.svc.cluster.local:8030/api-server/v4/prometheus-alerts?tenant={{ "{{ tenantId }}" }}
|
||||
client:
|
||||
|
|
|
@ -45,4 +45,4 @@ maintainers:
|
|||
name: kafka
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
|
||||
version: 24.0.8
|
||||
version: 24.0.10
|
||||
|
|
|
@ -239,6 +239,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `controller.podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | `Parallel` |
|
||||
| `controller.priorityClassName` | Name of the existing priority class to be used by kafka pods | `""` |
|
||||
| `controller.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` |
|
||||
| `controller.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `controller.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `controller.updateStrategy.type` | Kafka statefulset strategy type | `RollingUpdate` |
|
||||
| `controller.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` |
|
||||
|
@ -334,6 +335,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `broker.podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel | `Parallel` |
|
||||
| `broker.priorityClassName` | Name of the existing priority class to be used by kafka pods | `""` |
|
||||
| `broker.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` |
|
||||
| `broker.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `broker.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `broker.updateStrategy.type` | Kafka statefulset strategy type | `RollingUpdate` |
|
||||
| `broker.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka pod(s) | `[]` |
|
||||
|
@ -499,6 +501,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.kafka.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `metrics.kafka.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `metrics.kafka.schedulerName` | Name of the k8s scheduler (other than default) for Kafka exporter | `""` |
|
||||
| `metrics.kafka.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `metrics.kafka.priorityClassName` | Kafka exporter pods' priorityClassName | `""` |
|
||||
| `metrics.kafka.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `metrics.kafka.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka exporter pod(s) | `[]` |
|
||||
|
@ -602,6 +605,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `provisioning.containerSecurityContext.readOnlyRootFilesystem` | Set Kafka provisioning containers' Security Context readOnlyRootFilesystem | `true` |
|
||||
| `provisioning.containerSecurityContext.capabilities.drop` | Set Kafka provisioning containers' Security Context capabilities to be dropped | `["ALL"]` |
|
||||
| `provisioning.schedulerName` | Name of the k8s scheduler (other than default) for kafka provisioning | `""` |
|
||||
| `provisioning.enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
| `provisioning.extraVolumes` | Optionally specify extra list of additional volumes for the Kafka provisioning pod(s) | `[]` |
|
||||
| `provisioning.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Kafka provisioning container(s) | `[]` |
|
||||
| `provisioning.sidecars` | Add additional sidecar containers to the Kafka provisioning pod(s) | `[]` |
|
||||
|
|
|
@ -92,6 +92,7 @@ spec:
|
|||
securityContext: {{- omit .Values.broker.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "kafka.serviceAccountName" . }}
|
||||
enableServiceLinks: {{ .Values.broker.enableServiceLinks }}
|
||||
initContainers:
|
||||
{{- if and .Values.volumePermissions.enabled .Values.broker.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
|
|
|
@ -92,6 +92,7 @@ spec:
|
|||
securityContext: {{- omit .Values.controller.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "kafka.serviceAccountName" . }}
|
||||
enableServiceLinks: {{ .Values.controller.enableServiceLinks }}
|
||||
initContainers:
|
||||
{{- if and .Values.volumePermissions.enabled .Values.controller.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
|
|
|
@ -69,6 +69,7 @@ spec:
|
|||
securityContext: {{- omit .Values.metrics.kafka.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kafka.metrics.kafka.serviceAccountName" . }}
|
||||
enableServiceLinks: {{ .Values.metrics.kafka.enableServiceLinks }}
|
||||
{{- if .Values.metrics.kafka.initContainers }}
|
||||
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -34,6 +34,7 @@ spec:
|
|||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "kafka.provisioning.serviceAccountName" . }}
|
||||
enableServiceLinks: {{ .Values.provisioning.enableServiceLinks }}
|
||||
{{- include "kafka.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.provisioning.schedulerName }}
|
||||
schedulerName: {{ .Values.provisioning.schedulerName | quote }}
|
||||
|
@ -102,7 +103,7 @@ spec:
|
|||
- |
|
||||
echo "Configuring environment"
|
||||
. /opt/bitnami/scripts/libkafka.sh
|
||||
export CLIENT_CONF="${CLIENT_CONF:-/opt/bitnami/kafka/config/client.properties}"
|
||||
export CLIENT_CONF="${CLIENT_CONF:-/tmp/client.properties}"
|
||||
if [ ! -f "$CLIENT_CONF" ]; then
|
||||
touch $CLIENT_CONF
|
||||
|
||||
|
@ -242,6 +243,8 @@ spec:
|
|||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
{{- if .Values.provisioning.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
|
@ -262,6 +265,8 @@ spec:
|
|||
defaultMode: 256
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
{{- if .Values.provisioning.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -637,6 +637,11 @@ controller:
|
|||
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
|
||||
##
|
||||
runtimeClassName: ""
|
||||
## @param controller.enableServiceLinks Whether information about services should be injected into pod's environment variable
|
||||
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
|
||||
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
|
||||
##
|
||||
enableServiceLinks: true
|
||||
## @param controller.schedulerName Name of the k8s scheduler (other than default)
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
|
@ -1002,6 +1007,11 @@ broker:
|
|||
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
|
||||
##
|
||||
runtimeClassName: ""
|
||||
## @param broker.enableServiceLinks Whether information about services should be injected into pod's environment variable
|
||||
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
|
||||
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
|
||||
##
|
||||
enableServiceLinks: true
|
||||
## @param broker.schedulerName Name of the k8s scheduler (other than default)
|
||||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
|
@ -1722,6 +1732,11 @@ metrics:
|
|||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
schedulerName: ""
|
||||
## @param metrics.kafka.enableServiceLinks Whether information about services should be injected into pod's environment variable
|
||||
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
|
||||
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
|
||||
##
|
||||
enableServiceLinks: true
|
||||
## @param metrics.kafka.priorityClassName Kafka exporter pods' priorityClassName
|
||||
##
|
||||
priorityClassName: ""
|
||||
|
@ -2187,6 +2202,11 @@ provisioning:
|
|||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||||
##
|
||||
schedulerName: ""
|
||||
## @param provisioning.enableServiceLinks Whether information about services should be injected into pod's environment variable
|
||||
## The environment variables injected by service links are not used, but can lead to slow kafka boot times or slow running of the scripts when there are many services in the current namespace.
|
||||
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
|
||||
##
|
||||
enableServiceLinks: true
|
||||
## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for the Kafka provisioning pod(s)
|
||||
## e.g:
|
||||
## extraVolumes:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.6.0
|
||||
digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a
|
||||
generated: "2023-07-06T21:34:41.934329163Z"
|
||||
version: 2.8.0
|
||||
digest: sha256:0119fce6b509ebf3eaf5218f87f6ec0af64ec7da15f272115673b0716c4b6919
|
||||
generated: "2023-08-11T09:32:02.90916554Z"
|
||||
|
|
|
@ -4,6 +4,13 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.19-0'
|
||||
catalog.cattle.io/release-name: mariadb
|
||||
category: Database
|
||||
images: |
|
||||
- name: mariadb
|
||||
image: docker.io/bitnami/mariadb:11.0.2-debian-11-r15
|
||||
- name: mysqld-exporter
|
||||
image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r14
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r34
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 11.0.2
|
||||
|
@ -30,4 +37,4 @@ maintainers:
|
|||
name: mariadb
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
|
||||
version: 13.0.1
|
||||
version: 13.0.2
|
||||
|
|
|
@ -82,28 +82,28 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### MariaDB common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | MariaDB image registry | `docker.io` |
|
||||
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
|
||||
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `11.0.2-debian-11-r2` |
|
||||
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MariaDB replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
|
||||
| `auth.forcePassword` | Force users to specify required passwords | `false` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
|
||||
| `image.registry` | MariaDB image registry | `docker.io` |
|
||||
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
|
||||
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `11.0.2-debian-11-r15` |
|
||||
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MariaDB replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
|
||||
| `auth.forcePassword` | Force users to specify required passwords | `false` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
|
||||
### MariaDB Primary parameters
|
||||
|
||||
|
@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r22` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r34` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
|
||||
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r5` |
|
||||
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r14` |
|
||||
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.6.0
|
||||
appVersion: 2.8.0
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.6.0
|
||||
version: 2.8.0
|
||||
|
|
|
@ -90,7 +90,7 @@ serviceBindings:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/mariadb
|
||||
tag: 11.0.2-debian-11-r2
|
||||
tag: 11.0.2-debian-11-r15
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1004,7 +1004,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 11-debian-11-r22
|
||||
tag: 11-debian-11-r34
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
||||
|
@ -1040,7 +1040,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/mysqld-exporter
|
||||
tag: 0.15.0-debian-11-r5
|
||||
tag: 0.15.0-debian-11-r14
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
||||
|
|
|
@ -6,14 +6,14 @@ annotations:
|
|||
category: Database
|
||||
images: |
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r31
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r34
|
||||
- name: postgres-exporter
|
||||
image: docker.io/bitnami/postgres-exporter:0.13.2-debian-11-r12
|
||||
image: docker.io/bitnami/postgres-exporter:0.13.2-debian-11-r15
|
||||
- name: postgresql
|
||||
image: docker.io/bitnami/postgresql:15.3.0-debian-11-r85
|
||||
image: docker.io/bitnami/postgresql:15.4.0-debian-11-r0
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 15.3.0
|
||||
appVersion: 15.4.0
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
@ -38,4 +38,4 @@ maintainers:
|
|||
name: postgresql
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
|
||||
version: 12.8.1
|
||||
version: 12.8.2
|
||||
|
|
|
@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release
|
|||
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `image.registry` | PostgreSQL image registry | `docker.io` |
|
||||
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
|
||||
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r85` |
|
||||
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.4.0-debian-11-r0` |
|
||||
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
|
@ -419,7 +419,7 @@ kubectl delete pvc -l release=my-release
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r31` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r34` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
|
@ -450,7 +450,7 @@ kubectl delete pvc -l release=my-release
|
|||
| `metrics.enabled` | Start a prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
|
||||
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.13.2-debian-11-r12` |
|
||||
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.13.2-debian-11-r15` |
|
||||
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
|
|
|
@ -98,7 +98,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgresql
|
||||
tag: 15.3.0-debian-11-r85
|
||||
tag: 15.4.0-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1260,7 +1260,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 11-debian-11-r31
|
||||
tag: 11-debian-11-r34
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -1361,7 +1361,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgres-exporter
|
||||
tag: 0.13.2-debian-11-r12
|
||||
tag: 0.13.2-debian-11-r15
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -28,4 +28,4 @@ maintainers:
|
|||
name: redis
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/redis
|
||||
version: 17.15.0
|
||||
version: 17.15.2
|
||||
|
|
|
@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `sentinel.annotations` | Additional custom annotations for Redis® Sentinel resource | `{}` |
|
||||
| `sentinel.masterSet` | Master set name | `mymaster` |
|
||||
| `sentinel.quorum` | Sentinel Quorum | `2` |
|
||||
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `200` |
|
||||
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `99` |
|
||||
| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` |
|
||||
| `sentinel.redisShutdownWaitFailover` | Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). | `true` |
|
||||
| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` |
|
||||
|
|
|
@ -701,6 +701,7 @@ data:
|
|||
}
|
||||
|
||||
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
|
||||
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
|
||||
|
||||
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
|
||||
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
|
||||
|
|
|
@ -1059,7 +1059,7 @@ sentinel:
|
|||
quorum: 2
|
||||
## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out.
|
||||
##
|
||||
getMasterTimeout: 200
|
||||
getMasterTimeout: 99
|
||||
## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.
|
||||
## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
|
||||
## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: crate-operator-crds
|
||||
repository: file://../crate-operator-crds
|
||||
version: 2.30.1
|
||||
digest: sha256:4b03b4e1aeac6bfe810e859306af8b07f6093af0cce29ac1b92415917318ecff
|
||||
generated: "2023-07-06T10:31:25.043287027Z"
|
||||
version: 2.30.2
|
||||
digest: sha256:5b8b40b7c1c3c068df6806a2325b21d4f0b93b69df3387be6bc20092936d153a
|
||||
generated: "2023-08-10T11:24:24.32953244Z"
|
||||
|
|
|
@ -3,16 +3,16 @@ annotations:
|
|||
catalog.cattle.io/display-name: CrateDB Operator
|
||||
catalog.cattle.io/release-name: crate-operator
|
||||
apiVersion: v2
|
||||
appVersion: 2.30.1
|
||||
appVersion: 2.30.2
|
||||
dependencies:
|
||||
- condition: crate-operator-crds.enabled
|
||||
name: crate-operator-crds
|
||||
repository: file://./charts/crate-operator-crds
|
||||
version: 2.30.1
|
||||
version: 2.30.2
|
||||
description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
|
||||
icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
|
||||
maintainers:
|
||||
- name: Crate.io
|
||||
name: crate-operator
|
||||
type: application
|
||||
version: 2.30.1
|
||||
version: 2.30.2
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
apiVersion: v2
|
||||
appVersion: 2.30.1
|
||||
appVersion: 2.30.2
|
||||
description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
|
||||
Resource Definitions (CRDs) for the Crate Operator.
|
||||
maintainers:
|
||||
- name: Crate.io
|
||||
name: crate-operator-crds
|
||||
type: application
|
||||
version: 2.30.1
|
||||
version: 2.30.2
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
# Datadog changelog
|
||||
|
||||
## 3.33.8
|
||||
|
||||
* Remove `mountPropagation` for `/etc/os-release` files.
|
||||
|
||||
## 3.33.7
|
||||
|
||||
* Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config
|
||||
|
|
|
@ -19,4 +19,4 @@ name: datadog
|
|||
sources:
|
||||
- https://app.datadoghq.com/account/settings#agent/kubernetes
|
||||
- https://github.com/DataDog/datadog-agent
|
||||
version: 3.33.7
|
||||
version: 3.33.8
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Datadog
|
||||
|
||||
![Version: 3.33.7](https://img.shields.io/badge/Version-3.33.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
|
||||
![Version: 3.33.8](https://img.shields.io/badge/Version-3.33.8-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
|
||||
|
||||
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
|
||||
|
||||
|
|
|
@ -2,12 +2,10 @@
|
|||
{{- if eq (include "should-enable-system-probe" .) "true" }}
|
||||
- name: os-release-file
|
||||
mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }}
|
||||
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
|
||||
readOnly: true
|
||||
{{- else if not .Values.providers.gke.autopilot}}
|
||||
- name: os-release-file
|
||||
mountPath: /host{{ .Values.datadog.osReleasePath }}
|
||||
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -12,4 +12,4 @@ maintainers:
|
|||
- email: robertb@fairwinds.com
|
||||
name: rbren
|
||||
name: polaris
|
||||
version: 5.12.0
|
||||
version: 5.12.1
|
||||
|
|
|
@ -37,7 +37,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
|
|||
|-----|------|---------|-------------|
|
||||
| config | string | `nil` | The [polaris configuration](https://github.com/FairwindsOps/polaris#configuration). If not provided then the [default](https://github.com/FairwindsOps/polaris/blob/master/examples/config.yaml) config from Polaris is used. |
|
||||
| configUrl | string | `nil` | Use a config from an accessible URL source. NOTE: `config` & `configUrl` are mutually exclusive. Setting `configURL` will take precedence over `config`. Only one may be used. configUrl: https://example.com/config.yaml |
|
||||
| additionExemptions | string | `nil` | List of additional exemptions to append to the exemptions given in `config` |
|
||||
| additionalExemptions | string | `nil` | List of additional exemptions to append to the exemptions given in `config` |
|
||||
| image.repository | string | `"quay.io/fairwinds/polaris"` | Image repo |
|
||||
| image.tag | string | `""` | The Polaris Image tag to use. Defaults to the Chart's AppVersion |
|
||||
| image.pullPolicy | string | `"Always"` | Image pull policy |
|
||||
|
|
|
@ -5,8 +5,8 @@ config: null
|
|||
# configUrl: https://example.com/config.yaml
|
||||
configUrl: null
|
||||
|
||||
# additionExemptions -- List of additional exemptions to append to the exemptions given in `config`
|
||||
additionExemptions: null
|
||||
# additionalExemptions -- List of additional exemptions to append to the exemptions given in `config`
|
||||
additionalExemptions: null
|
||||
|
||||
|
||||
image:
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- Use Ingress Controller 1.10.5 version for base image
|
||||
- Use Ingress Controller 1.10.6 version for base image
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
|
||||
catalog.cattle.io/kube-version: '>=1.22.0-0'
|
||||
catalog.cattle.io/release-name: haproxy
|
||||
apiVersion: v2
|
||||
appVersion: 1.10.5
|
||||
appVersion: 1.10.6
|
||||
description: A Helm chart for HAProxy Kubernetes Ingress Controller
|
||||
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
|
||||
icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
|
||||
|
@ -21,4 +21,4 @@ name: haproxy
|
|||
sources:
|
||||
- https://github.com/haproxytech/kubernetes-ingress
|
||||
type: application
|
||||
version: 1.32.2
|
||||
version: 1.32.3
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
annotations:
|
||||
artifacthub.io/images: |
|
||||
- name: consul
|
||||
image: hashicorp/consul:1.16.0
|
||||
image: hashicorp/consul:1.16.1
|
||||
- name: consul-k8s-control-plane
|
||||
image: hashicorp/consul-k8s-control-plane:1.2.0
|
||||
image: hashicorp/consul-k8s-control-plane:1.2.1
|
||||
- name: consul-dataplane
|
||||
image: hashicorp/consul-dataplane:1.2.0
|
||||
image: hashicorp/consul-dataplane:1.2.1
|
||||
- name: envoy
|
||||
image: envoyproxy/envoy:v1.25.1
|
||||
image: envoyproxy/envoy:v1.25.9
|
||||
artifacthub.io/license: MPL-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Documentation
|
||||
|
@ -25,7 +25,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.22.0-0'
|
||||
catalog.cattle.io/release-name: consul
|
||||
apiVersion: v2
|
||||
appVersion: 1.16.0
|
||||
appVersion: 1.16.1
|
||||
description: Official HashiCorp Consul Chart
|
||||
home: https://www.consul.io
|
||||
icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png
|
||||
|
@ -34,4 +34,4 @@ name: consul
|
|||
sources:
|
||||
- https://github.com/hashicorp/consul
|
||||
- https://github.com/hashicorp/consul-k8s
|
||||
version: 1.2.0
|
||||
version: 1.2.1
|
||||
|
|
|
@ -15,6 +15,29 @@ as well as the global.name setting.
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "consul.restrictedSecurityContext" -}}
|
||||
{{- if not .Values.global.enablePodSecurityPolicies -}}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- if not .Values.global.openshift.enabled -}}
|
||||
{{/*
|
||||
We must set runAsUser or else the root user will be used in some cases and
|
||||
containers will fail to start due to runAsNonRoot above (e.g.
|
||||
tls-init-cleanup). On OpenShift, runAsUser is automatically. We pick user 100
|
||||
because it is a non-root user id that exists in the consul, consul-dataplane,
|
||||
and consul-k8s-control-plane images.
|
||||
*/}}
|
||||
runAsUser: 100
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "consul.vaultSecretTemplate" -}}
|
||||
|
|
||||
{{ "{{" }}- with secret "{{ .secretName }}" -{{ "}}" }}
|
||||
|
|
|
@ -19,6 +19,12 @@ data:
|
|||
"auto_reload_config": true
|
||||
{{- end }}
|
||||
}
|
||||
log-level.json: |-
|
||||
{
|
||||
{{- if .Values.client.logLevel }}
|
||||
"log_level": "{{ .Values.client.logLevel | upper }}"
|
||||
{{- end }}
|
||||
}
|
||||
extra-from-values.json: |-
|
||||
{{ tpl .Values.client.extraConfig . | trimAll "\"" | indent 4 }}
|
||||
central-config.json: |-
|
||||
|
|
|
@ -510,11 +510,7 @@ spec:
|
|||
value: "component=client,pod=$(NAMESPACE)/$(POD_NAME)"
|
||||
{{- end }}
|
||||
- name: CONSUL_LOGIN_DATACENTER
|
||||
{{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter }}
|
||||
value: {{ .Values.global.federation.primaryDatacenter }}
|
||||
{{- else }}
|
||||
value: {{ .Values.global.datacenter }}
|
||||
{{- end}}
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-ec"
|
||||
|
|
|
@ -186,4 +186,14 @@ rules:
|
|||
- "get"
|
||||
- "list"
|
||||
- "watch"
|
||||
{{- if .Values.global.openshift.enabled }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
resourceNames:
|
||||
- {{ .Values.connectInject.apiGateway.managedGatewayClass.openshiftSCCName }}
|
||||
verbs:
|
||||
- use
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -94,6 +94,7 @@ spec:
|
|||
- containerPort: 8080
|
||||
name: webhook-server
|
||||
protocol: TCP
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
|
@ -234,6 +235,19 @@ spec:
|
|||
-default-sidecar-proxy-cpu-request={{ $resources.requests.cpu }} \
|
||||
{{- end }}
|
||||
-default-envoy-proxy-concurrency={{ .Values.connectInject.sidecarProxy.concurrency }} \
|
||||
{{- if .Values.connectInject.sidecarProxy.lifecycle.defaultEnabled }}
|
||||
-default-enable-sidecar-proxy-lifecycle=true \
|
||||
{{- else }}
|
||||
-default-enable-sidecar-proxy-lifecycle=false \
|
||||
{{- end }}
|
||||
{{- if .Values.connectInject.sidecarProxy.lifecycle.defaultEnableShutdownDrainListeners }}
|
||||
-default-enable-sidecar-proxy-lifecycle-shutdown-drain-listeners=true \
|
||||
{{- else }}
|
||||
-default-enable-sidecar-proxy-lifecycle-shutdown-drain-listeners=false \
|
||||
{{- end }}
|
||||
-default-sidecar-proxy-lifecycle-shutdown-grace-period-seconds={{ .Values.connectInject.sidecarProxy.lifecycle.defaultShutdownGracePeriodSeconds }} \
|
||||
-default-sidecar-proxy-lifecycle-graceful-port={{ .Values.connectInject.sidecarProxy.lifecycle.defaultGracefulPort }} \
|
||||
-default-sidecar-proxy-lifecycle-graceful-shutdown-path="{{ .Values.connectInject.sidecarProxy.lifecycle.defaultGracefulShutdownPath }}" \
|
||||
|
||||
{{- if .Values.connectInject.initContainer }}
|
||||
{{- $initResources := .Values.connectInject.initContainer.resources }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: controlplanerequestlimits.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -194,4 +194,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: exportedservices.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -138,4 +138,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: gatewayclassconfigs.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -138,8 +138,27 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
type: array
|
||||
openshiftSCCName:
|
||||
description: The name of an existing SecurityContextConstraints
|
||||
resource to bind to the managed role when running on OpenShift.
|
||||
type: string
|
||||
mapPrivilegedContainerPorts:
|
||||
type: integer
|
||||
format: int32
|
||||
minimum: 0
|
||||
maximum: 64512
|
||||
description: mapPrivilegedContainerPorts is the value which Consul will add to privileged container port
|
||||
values (ports < 1024) defined on a Gateway when the number is greater than 0. This cannot be more than
|
||||
64512 as the highest privileged port is 1023, which would then map to 65535, which is the highest
|
||||
valid port number.
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
@ -6,7 +8,6 @@ metadata:
|
|||
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
|
||||
gateway.networking.k8s.io/bundle-version: v0.6.2
|
||||
gateway.networking.k8s.io/channel: experimental
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
@ -6,7 +8,6 @@ metadata:
|
|||
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
|
||||
gateway.networking.k8s.io/bundle-version: v0.6.2
|
||||
gateway.networking.k8s.io/channel: experimental
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
@ -6,7 +8,6 @@ metadata:
|
|||
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
|
||||
gateway.networking.k8s.io/bundle-version: v0.6.2
|
||||
gateway.networking.k8s.io/channel: experimental
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
@ -6,7 +8,6 @@ metadata:
|
|||
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538
|
||||
gateway.networking.k8s.io/bundle-version: v0.6.2
|
||||
gateway.networking.k8s.io/channel: experimental
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: ingressgateways.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -368,4 +368,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: jwtproviders.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -256,4 +256,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: meshes.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -206,4 +206,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: meshservices.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -55,4 +55,10 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: peeringacceptors.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -145,4 +145,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: peeringdialers.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -145,4 +145,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: proxydefaults.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -254,4 +254,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: samenessgroups.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -128,4 +128,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: servicedefaults.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -494,4 +494,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: serviceintentions.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -310,4 +310,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: serviceresolvers.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -266,6 +266,10 @@ spec:
|
|||
If empty the default subset is used.
|
||||
type: string
|
||||
type: object
|
||||
requestTimeout:
|
||||
description: RequestTimeout is the timeout for receiving an HTTP response
|
||||
from this service before the connection is terminated.
|
||||
type: string
|
||||
subsets:
|
||||
additionalProperties:
|
||||
properties:
|
||||
|
@ -333,4 +337,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: servicerouters.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -311,4 +311,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: servicesplitters.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -185,4 +185,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: terminatinggateways.consul.hashicorp.com
|
||||
labels:
|
||||
|
@ -136,4 +136,10 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
|
||||
# Copyright (c) HashiCorp, Inc.
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
|
|
|
@ -93,6 +93,7 @@ spec:
|
|||
containers:
|
||||
- name: create-federation-secret
|
||||
image: "{{ .Values.global.imageK8S }}"
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
|
@ -119,7 +120,7 @@ spec:
|
|||
- "-ec"
|
||||
- |
|
||||
consul-k8s-control-plane create-federation-secret \
|
||||
-log-level={{ .Values.global.logLevel }} \
|
||||
-log-level={{ default .Values.global.logLevel .Values.global.federation.logLevel }} \
|
||||
-log-json={{ .Values.global.logJSON }} \
|
||||
{{- if (or .Values.global.gossipEncryption.autoGenerate (and .Values.global.gossipEncryption.secretName .Values.global.gossipEncryption.secretKey)) }}
|
||||
-gossip-key-file=/consul/gossip/gossip.key \
|
||||
|
|
|
@ -31,12 +31,16 @@ spec:
|
|||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.global.acls.annotations }}
|
||||
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-gateway-cleanup
|
||||
containers:
|
||||
- name: gateway-cleanup
|
||||
image: {{ .Values.global.imageK8S }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
command:
|
||||
- consul-k8s-control-plane
|
||||
args:
|
||||
|
|
|
@ -31,12 +31,16 @@ spec:
|
|||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.global.acls.annotations }}
|
||||
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-gateway-resources
|
||||
containers:
|
||||
- name: gateway-resources
|
||||
image: {{ .Values.global.imageK8S }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
command:
|
||||
- consul-k8s-control-plane
|
||||
args:
|
||||
|
@ -84,15 +88,21 @@ spec:
|
|||
{{- end}}
|
||||
{{- end}}
|
||||
{{- if .Values.connectInject.apiGateway.managedGatewayClass.nodeSelector }}
|
||||
- -node-selector={{ .Values.connectInject.apiGateway.managedGatewayClass.nodeSelector }}
|
||||
- -node-selector
|
||||
- {{- toYaml .Values.connectInject.apiGateway.managedGatewayClass.nodeSelector | nindent 14 -}}
|
||||
{{- end }}
|
||||
{{- if .Values.connectInject.apiGateway.managedGatewayClass.tolerations }}
|
||||
- -tolerations={{ .Values.connectInject.apiGateway.managedGatewayClass.tolerations }}
|
||||
{{- end }}
|
||||
{{- if .Values.connectInject.apiGateway.managedGatewayClass.copyAnnotations.service }}
|
||||
- -service-annotations={{ .Values.connectInject.apiGateway.managedGatewayClass.copyAnnotations.service.annotations }}
|
||||
- -service-annotations
|
||||
- {{- toYaml .Values.connectInject.apiGateway.managedGatewayClass.copyAnnotations.service.annotations | nindent 14 -}}
|
||||
{{- end }}
|
||||
- -service-type={{ .Values.connectInject.apiGateway.managedGatewayClass.serviceType }}
|
||||
{{- if .Values.global.openshift.enabled }}
|
||||
- -openshift-scc-name={{ .Values.connectInject.apiGateway.managedGatewayClass.openshiftSCCName }}
|
||||
{{- end }}
|
||||
- -map-privileged-container-ports={{ .Values.connectInject.apiGateway.managedGatewayClass.mapPrivilegedContainerPorts }}
|
||||
{{- end}}
|
||||
resources:
|
||||
requests:
|
||||
|
|
|
@ -48,6 +48,7 @@ spec:
|
|||
containers:
|
||||
- name: gossip-encryption-autogen
|
||||
image: "{{ .Values.global.imageK8S }}"
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-ec"
|
||||
|
@ -56,7 +57,7 @@ spec:
|
|||
-namespace={{ .Release.Namespace }} \
|
||||
-secret-name={{ template "consul.fullname" . }}-gossip-encryption-key \
|
||||
-secret-key="key" \
|
||||
-log-level={{ .Values.global.logLevel }} \
|
||||
-log-level={{ default .Values.global.logLevel .Values.global.gossipEncryption.logLevel }} \
|
||||
-log-json={{ .Values.global.logJSON }}
|
||||
resources:
|
||||
requests:
|
||||
|
|
|
@ -175,6 +175,7 @@ spec:
|
|||
# ingress-gateway-init registers the ingress gateway service with Consul.
|
||||
- name: ingress-gateway-init
|
||||
image: {{ $root.Values.global.imageK8S }}
|
||||
{{- include "consul.restrictedSecurityContext" $ | nindent 8 }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
|
@ -211,7 +212,7 @@ spec:
|
|||
-gateway-kind="ingress-gateway" \
|
||||
-proxy-id-file=/consul/service/proxy-id \
|
||||
-service-name={{ template "consul.fullname" $root }}-{{ .name }} \
|
||||
-log-level={{ default $root.Values.global.logLevel }} \
|
||||
-log-level={{ default $root.Values.global.logLevel $root.Values.ingressGateways.logLevel }} \
|
||||
-log-json={{ $root.Values.global.logJSON }}
|
||||
volumeMounts:
|
||||
- name: consul-service
|
||||
|
@ -233,6 +234,7 @@ spec:
|
|||
containers:
|
||||
- name: ingress-gateway
|
||||
image: {{ $root.Values.global.imageConsulDataplane | quote }}
|
||||
{{- include "consul.restrictedSecurityContext" $ | nindent 8 }}
|
||||
{{- if (default $defaults.resources .resources) }}
|
||||
resources: {{ toYaml (default $defaults.resources .resources) | nindent 10 }}
|
||||
{{- end }}
|
||||
|
@ -319,7 +321,7 @@ spec:
|
|||
{{- if $root.Values.global.adminPartitions.enabled }}
|
||||
- -service-partition={{ $root.Values.global.adminPartitions.name }}
|
||||
{{- end }}
|
||||
- -log-level={{ default $root.Values.global.logLevel }}
|
||||
- -log-level={{ default $root.Values.global.logLevel $root.Values.ingressGateways.logLevel }}
|
||||
- -log-json={{ $root.Values.global.logJSON }}
|
||||
{{- if (and $root.Values.global.metrics.enabled $root.Values.global.metrics.enableGatewayMetrics) }}
|
||||
- -telemetry-prom-scrape-path=/metrics
|
||||
|
|
|
@ -161,7 +161,7 @@ spec:
|
|||
-gateway-kind="mesh-gateway" \
|
||||
-proxy-id-file=/consul/service/proxy-id \
|
||||
-service-name={{ .Values.meshGateway.consulServiceName }} \
|
||||
-log-level={{ default .Values.global.logLevel }} \
|
||||
-log-level={{ default .Values.global.logLevel .Values.meshGateway.logLevel }} \
|
||||
-log-json={{ .Values.global.logJSON }}
|
||||
volumeMounts:
|
||||
- name: consul-service
|
||||
|
@ -267,7 +267,7 @@ spec:
|
|||
{{- if .Values.global.adminPartitions.enabled }}
|
||||
- -service-partition={{ .Values.global.adminPartitions.name }}
|
||||
{{- end }}
|
||||
- -log-level={{ default .Values.global.logLevel }}
|
||||
- -log-level={{ default .Values.global.logLevel .Values.meshGateway.logLevel }}
|
||||
- -log-json={{ .Values.global.logJSON }}
|
||||
{{- if (and .Values.global.metrics.enabled .Values.global.metrics.enableGatewayMetrics) }}
|
||||
- -telemetry-prom-scrape-path=/metrics
|
||||
|
|
|
@ -81,6 +81,7 @@ spec:
|
|||
containers:
|
||||
- name: partition-init-job
|
||||
image: {{ .Values.global.imageK8S }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
env:
|
||||
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 10 }}
|
||||
{{- if (and .Values.global.acls.bootstrapToken.secretName .Values.global.acls.bootstrapToken.secretKey) }}
|
||||
|
|
|
@ -47,27 +47,34 @@ spec:
|
|||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.global.acls.annotations }}
|
||||
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-server-acl-init-cleanup
|
||||
{{- if .Values.server.containerSecurityContext.aclInit }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.server.containerSecurityContext.aclInit | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: server-acl-init-cleanup
|
||||
image: {{ .Values.global.imageK8S }}
|
||||
{{- if not .Values.server.containerSecurityContext.aclInit }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- consul-k8s-control-plane
|
||||
args:
|
||||
- delete-completed-job
|
||||
- -log-level={{ .Values.global.logLevel }}
|
||||
- -log-level={{ default .Values.global.logLevel .Values.global.acls.logLevel }}
|
||||
- -log-json={{ .Values.global.logJSON }}
|
||||
- -k8s-namespace={{ .Release.Namespace }}
|
||||
- {{ template "consul.fullname" . }}-server-acl-init
|
||||
{{- if .Values.global.acls.resources }}
|
||||
resources:
|
||||
requests:
|
||||
memory: "50Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "50Mi"
|
||||
cpu: "50m"
|
||||
{{- toYaml .Values.global.acls.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.acls.tolerations }}
|
||||
tolerations:
|
||||
{{ tpl .Values.global.acls.tolerations . | indent 8 | trim }}
|
||||
|
|
|
@ -46,6 +46,9 @@ spec:
|
|||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.global.acls.annotations }}
|
||||
{{- tpl .Values.global.acls.annotations . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.secretsBackend.vault.enabled }}
|
||||
|
||||
{{- /* Run the Vault agent as both an init container and sidecar.
|
||||
|
@ -94,6 +97,10 @@ spec:
|
|||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-server-acl-init
|
||||
{{- if .Values.server.containerSecurityContext.aclInit }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.server.containerSecurityContext.aclInit | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if (or .Values.global.tls.enabled .Values.global.acls.replicationToken.secretName .Values.global.acls.bootstrapToken.secretName) }}
|
||||
volumes:
|
||||
{{- if and .Values.global.tls.enabled (not .Values.global.secretsBackend.vault.enabled) }}
|
||||
|
@ -122,6 +129,9 @@ spec:
|
|||
containers:
|
||||
- name: server-acl-init-job
|
||||
image: {{ .Values.global.imageK8S }}
|
||||
{{- if not .Values.server.containerSecurityContext.aclInit }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 8 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
|
@ -161,7 +171,7 @@ spec:
|
|||
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
|
||||
|
||||
consul-k8s-control-plane server-acl-init \
|
||||
-log-level={{ .Values.global.logLevel }} \
|
||||
-log-level={{ default .Values.global.logLevel .Values.global.acls.logLevel}} \
|
||||
-log-json={{ .Values.global.logJSON }} \
|
||||
-resource-prefix=${CONSUL_FULLNAME} \
|
||||
-k8s-namespace={{ .Release.Namespace }} \
|
||||
|
@ -307,13 +317,10 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.acls.resources }}
|
||||
resources:
|
||||
requests:
|
||||
memory: "50Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "50Mi"
|
||||
cpu: "50m"
|
||||
{{- toYaml .Values.global.acls.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.acls.tolerations }}
|
||||
tolerations:
|
||||
{{ tpl .Values.global.acls.tolerations . | indent 8 | trim }}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }}
|
||||
{{- if (not (or (eq .Values.server.limits.requestLimits.mode "disabled") (eq .Values.server.limits.requestLimits.mode "permissive") (eq .Values.server.limits.requestLimits.mode "enforce"))) }}{{fail "server.limits.requestLimits.mode must be one of the following values: disabled, permissive, and enforce." }}{{ end -}}
|
||||
|
||||
{{- if and .Values.server.auditLogs.enabled (not .Values.global.acls.manageSystemACLs) }}{{fail "ACLs must be enabled inorder to configure audit logs"}}{{ end -}}
|
||||
# StatefulSet to run the actual Consul server cluster.
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -27,6 +27,9 @@ data:
|
|||
},
|
||||
"datacenter": "{{ .Values.global.datacenter }}",
|
||||
"data_dir": "/consul/data",
|
||||
{{- if .Values.server.logLevel }}
|
||||
"log_level": "{{ .Values.server.logLevel | upper }}",
|
||||
{{- end }}
|
||||
"domain": "{{ .Values.global.domain }}",
|
||||
"limits": {
|
||||
"request_limits": {
|
||||
|
@ -187,4 +190,27 @@ data:
|
|||
}
|
||||
}
|
||||
{{- end }}
|
||||
{{- if and .Values.server.auditLogs.enabled .Values.global.acls.manageSystemACLs }}
|
||||
audit-logging.json: |-
|
||||
{
|
||||
"audit": {
|
||||
"enabled": true,
|
||||
"sink": {
|
||||
{{- range $index, $element := .Values.server.auditLogs.sinks }}
|
||||
{{- if ne $index 0 }},{{end}}
|
||||
"{{ $element.name }}": {
|
||||
{{- $firstKeyValuePair := false }}
|
||||
{{- range $k, $v := $element }}
|
||||
{{- if ne $k "name" }}
|
||||
{{- if ne $firstKeyValuePair false }},{{end}}
|
||||
{{- $firstKeyValuePair = true }}
|
||||
"{{ $k }}": "{{ $v }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
}
|
||||
{{- end }}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -238,6 +238,7 @@ spec:
|
|||
volumeMounts:
|
||||
- name: extra-config
|
||||
mountPath: /consul/extra-config
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 8 }}
|
||||
containers:
|
||||
- name: consul
|
||||
image: "{{ default .Values.global.image .Values.server.image }}"
|
||||
|
@ -526,9 +527,11 @@ spec:
|
|||
{{- toYaml .Values.server.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not .Values.global.openshift.enabled }}
|
||||
{{- if .Values.server.containerSecurityContext.server }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.server.containerSecurityContext.server | nindent 12 }}
|
||||
{{- else }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.server.extraContainers }}
|
||||
{{ toYaml .Values.server.extraContainers | nindent 8 }}
|
||||
|
|
|
@ -77,6 +77,7 @@ spec:
|
|||
containers:
|
||||
- name: sync-catalog
|
||||
image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}"
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 8 }}
|
||||
env:
|
||||
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 8 }}
|
||||
{{- if .Values.global.acls.manageSystemACLs }}
|
||||
|
|
|
@ -115,7 +115,7 @@ spec:
|
|||
- -ec
|
||||
- |-
|
||||
consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD_NAMESPACE} \
|
||||
-log-level={{ default .Values.global.logLevel }} \
|
||||
-log-level={{ default .Values.global.logLevel .Values.telemetryCollector.logLevel }} \
|
||||
-log-json={{ .Values.global.logJSON }} \
|
||||
-service-account-name="consul-telemetry-collector" \
|
||||
-service-name="" \
|
||||
|
@ -303,7 +303,7 @@ spec:
|
|||
{{- if .Values.global.metrics.enabled }}
|
||||
- -telemetry-prom-scrape-path=/metrics
|
||||
{{- end }}
|
||||
- -log-level={{ default .Values.global.logLevel }}
|
||||
- -log-level={{ default .Values.global.logLevel .Values.telemetryCollector.logLevel }}
|
||||
- -log-json={{ .Values.global.logJSON }}
|
||||
- -envoy-concurrency=2
|
||||
{{- if and .Values.externalServers.enabled .Values.externalServers.skipServerWatch }}
|
||||
|
|
|
@ -160,6 +160,7 @@ spec:
|
|||
# terminating-gateway-init registers the terminating gateway service with Consul.
|
||||
- name: terminating-gateway-init
|
||||
image: {{ $root.Values.global.imageK8S }}
|
||||
{{- include "consul.restrictedSecurityContext" $ | nindent 10 }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
|
@ -196,7 +197,7 @@ spec:
|
|||
-gateway-kind="terminating-gateway" \
|
||||
-proxy-id-file=/consul/service/proxy-id \
|
||||
-service-name={{ .name }} \
|
||||
-log-level={{ default $root.Values.global.logLevel }} \
|
||||
-log-level={{ default $root.Values.global.logLevel $root.Values.terminatingGateways.logLevel }} \
|
||||
-log-json={{ $root.Values.global.logJSON }}
|
||||
volumeMounts:
|
||||
- name: consul-service
|
||||
|
@ -218,6 +219,7 @@ spec:
|
|||
containers:
|
||||
- name: terminating-gateway
|
||||
image: {{ $root.Values.global.imageConsulDataplane | quote }}
|
||||
{{- include "consul.restrictedSecurityContext" $ | nindent 10 }}
|
||||
volumeMounts:
|
||||
- name: consul-service
|
||||
mountPath: /consul/service
|
||||
|
@ -300,7 +302,7 @@ spec:
|
|||
{{- if $root.Values.global.adminPartitions.enabled }}
|
||||
- -service-partition={{ $root.Values.global.adminPartitions.name }}
|
||||
{{- end }}
|
||||
- -log-level={{ default $root.Values.global.logLevel }}
|
||||
- -log-level={{ default $root.Values.global.logLevel $root.Values.terminatingGateways.logLevel }}
|
||||
- -log-json={{ $root.Values.global.logJSON }}
|
||||
{{- if (and $root.Values.global.metrics.enabled $root.Values.global.metrics.enableGatewayMetrics) }}
|
||||
- -telemetry-prom-scrape-path=/metrics
|
||||
|
|
|
@ -35,12 +35,22 @@ spec:
|
|||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.global.tls.annotations }}
|
||||
{{- tpl .Values.global.tls.annotations . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-tls-init-cleanup
|
||||
{{- if .Values.server.containerSecurityContext.tlsInit }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.server.containerSecurityContext.tlsInit | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: tls-init-cleanup
|
||||
image: "{{ .Values.global.image }}"
|
||||
{{- if not .Values.server.containerSecurityContext.tlsInit }}
|
||||
{{- include "consul.restrictedSecurityContext" . | nindent 10 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue