Merge pull request #737 from nflondo/main-source

Charts CI
pull/739/head
alex-isv 2023-04-28 12:12:38 -06:00 committed by GitHub
commit 31397c9a85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
108 changed files with 9206 additions and 548 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,5 +1,11 @@
annotations:
app.aquarist-labs.io/name: s3gw
artifacthub.io/category: storage
artifacthub.io/links: |
- name: homepage
url: https://s3gw.io/
- name: support
url: https://github.com/aquarist-labs/s3gw/issues
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: S3 Gateway
catalog.cattle.io/experimental: "true"
@ -26,4 +32,4 @@ sources:
- https://github.com/aquarist-labs/s3gw
- https://github.com/aquarist-labs/ceph
type: application
version: 0.14.0
version: 0.15.0

View File

@ -2,97 +2,6 @@
questions:
# General settings
- variable: useCertManager
label: Use cert-manager
default: "true"
description: "Use cert-manager to provision TLS certificates"
type: boolean
group: "General"
- variable: tls.publicDomain.crt
show_if: "useCertManager=false"
description: "S3 TLS certificate (Public Domain)"
label: "S3 TLS certificate (Public Domain)"
type: string
group: "General"
- variable: tls.publicDomain.key
show_if: "useCertManager=false"
description: "S3 TLS key (Public Domain)"
label: "S3 TLS key (Public Domain)"
type: string
group: "General"
- variable: tls.privateDomain.crt
show_if: "useCertManager=false"
description: "S3 TLS certificate (Private Domain)"
label: "S3 TLS certificate (Private Domain)"
type: string
group: "General"
- variable: tls.privateDomain.key
show_if: "useCertManager=false"
description: "S3 TLS key (Private Domain)"
label: "S3 TLS key (Private Domain)"
type: string
group: "General"
- variable: tls.ui.publicDomain.crt
show_if: "useCertManager=false"
description: "UI TLS certificate"
label: "UI TLS certificate"
type: string
group: "General"
- variable: tls.ui.publicDomain.key
show_if: "useCertManager=false"
description: "UI TLS key"
label: "UI TLS key"
type: string
group: "General"
- variable: certManagerNamespace
show_if: "useCertManager=true"
label: cert-manager's namespace
default: "cert-manager"
description: "cert-manager's namespace"
type: string
required: false
- variable: useCustomTlsIssuer
show_if: "useCertManager=true"
label: Use your own TLS issuer
default: "false"
description: "Use your own TLS issuer"
type: boolean
group: "General"
show_subquestion_if: true
subquestions:
- variable: customTlsIssuer
label: Custom TLS issuer
description: "Name of the custom TLS issuer to use"
type: string
required: false
- variable: tlsIssuer
show_if: "useCertManager=true&&useCustomTlsIssuer=false"
label: TLS issuer
description: "Name of the predefined TLS issuer to use"
type: enum
required: false
group: "General"
options:
- "s3gw-issuer"
- "s3gw-letsencrypt-issuer"
- variable: email
show_if: "useCertManager=true&&tlsIssuer=s3gw-letsencrypt-issuer"
label: email address to use with s3gw-letsencrypt-issuer
description: "email address to use with s3gw-letsencrypt-issuer"
type: string
required: false
group: "General"
- variable: serviceName
default: s3gw
description: "S3 Service Name"
@ -101,42 +10,6 @@ questions:
type: string
group: "General"
- variable: defaultUserCredentialsSecret
default: s3gw-creds
description: |
"The name of the secret containing the
S3 credentials for the default user"
type: string
group: "General"
- variable: useExistingSecret
default: false
description: |
"Check this to use a preexisting secret
containing the S3 credentials for the default user"
type: boolean
group: "General"
- variable: accessKey
show_if: "useExistingSecret=false"
default: test
description: |
"Set this as the empty string to make the Chart
to compute a random alphanumeric value"
label: "S3 Access Key"
type: string
group: "General"
- variable: secretKey
show_if: "useExistingSecret=false"
default: test
description: |
"Set this as the empty string to make the Chart
to compute a random alphanumeric value"
label: "S3 Secret Key"
type: string
group: "General"
- variable: ingress.enabled
default: true
description: "Deploy an Ingress (Required for TLS and UI)"
@ -147,7 +20,7 @@ questions:
- variable: publicDomain
show_if: ingress.enabled=true
default: be.127.0.0.1.omg.howdoi.website
default: ""
description: "Public domain of the S3 Service used by the Ingress"
label: "Public Domain"
required: true
@ -156,13 +29,15 @@ questions:
- variable: privateDomain
default: svc.cluster.local
description: "Private domain of the S3 Service used inside the Kubernetes cluster"
description: |
"Private domain of the S3 Service used inside the Kubernetes cluster"
label: "Private Domain"
required: true
type: string
group: "General"
- variable: ui.enabled
show_if: ingress.enabled=true
default: false
description: "UI Enabled"
label: "UI Enabled"
@ -171,6 +46,7 @@ questions:
group: "General"
- variable: ui.serviceName
show_if: ingress.enabled=true
default: s3gw-ui
description: "UI Service Name"
label: "UI Service Name"
@ -180,29 +56,160 @@ questions:
- variable: ui.publicDomain
show_if: ingress.enabled=true
default: fe.127.0.0.1.omg.howdoi.website
default: ""
description: "Public domain of the UI Service used by the Ingress"
label: "UI Public Domain"
required: true
type: string
group: "General"
- variable: useExistingSecret
default: false
description: |
"Check this to use a preexisting secret
containing the S3 credentials for the default user"
type: boolean
group: "General"
- variable: defaultUserCredentialsSecret
show_if: useExistingSecret=true
default: s3gw-creds
description: |
"The name of the secret containing the
S3 credentials for the default user"
type: secret
group: "General"
- variable: accessKey
show_if: useExistingSecret=false
default: test
description: |
"Set this as the empty string to make the Chart
to compute a random alphanumeric value"
label: "S3 Access Key"
type: string
group: "General"
- variable: secretKey
show_if: useExistingSecret=false
default: test
description: |
"Set this as the empty string to make the Chart
to compute a random alphanumeric value"
label: "S3 Secret Key"
type: string
group: "General"
# TLS / Certificate Management
- variable: useCertManager
label: Use cert-manager
default: "true"
description: "Use cert-manager to provision TLS certificates"
type: boolean
group: "TLS / Certificate Management"
- variable: certManagerNamespace
show_if: "useCertManager=true"
label: cert-manager's namespace
default: "cert-manager"
description: "cert-manager's namespace"
type: string
required: false
group: "TLS / Certificate Management"
- variable: useCustomTlsIssuer
show_if: "useCertManager=true"
label: Use your own TLS issuer
default: "false"
description: "Use your own TLS issuer"
type: boolean
group: "TLS / Certificate Management"
show_subquestions_if: true
subquestions:
- variable: customTlsIssuer
label: Custom TLS issuer
description: "Name of the custom TLS issuer to use"
type: string
required: false
group: "TLS / Certificate Management"
- variable: tlsIssuer
show_if: "useCertManager=true&&useCustomTlsIssuer=false"
label: TLS issuer
description: "Name of the predefined TLS issuer to use"
type: enum
required: false
options:
- "s3gw-issuer"
- "s3gw-letsencrypt-issuer"
group: "TLS / Certificate Management"
- variable: email
show_if: "useCertManager=true&&useCustomTlsIssuer=false"
label: email address to use with s3gw-letsencrypt-issuer
description: "email address to use with s3gw-letsencrypt-issuer"
type: string
required: false
group: "TLS / Certificate Management"
- variable: tls.useExistingSecret
show_if: useCertManager=false
description: "Use the TLS certificates provided within an existing secret"
label: "Use Existing Secret"
type: boolean
default: false
group: "TLS / Certificate Management"
- variable: tls.secretName
show_if: useCertManager=false&&tls.useExistingSecret=true
description: "Secret providing TLS certificates"
label: "Secret Name"
type: secret
group: "TLS / Certificate Management"
- variable: tls.publicDomain.crt
show_if: "useCertManager=false&&tls.useExistingSecret=false"
description: "S3 TLS certificate (Public Domain)"
label: "S3 TLS certificate (Public Domain)"
type: string
group: "TLS / Certificate Management"
- variable: tls.publicDomain.key
show_if: "useCertManager=false&&tls.useExistingSecret=false"
description: "S3 TLS key (Public Domain)"
label: "S3 TLS key (Public Domain)"
type: string
group: "TLS / Certificate Management"
- variable: tls.privateDomain.crt
show_if: "useCertManager=false&&tls.useExistingSecret=false"
description: "S3 TLS certificate (Private Domain)"
label: "S3 TLS certificate (Private Domain)"
type: string
group: "TLS / Certificate Management"
- variable: tls.privateDomain.key
show_if: "useCertManager=false&&tls.useExistingSecret=false"
description: "S3 TLS key (Private Domain)"
label: "S3 TLS key (Private Domain)"
type: string
group: "TLS / Certificate Management"
- variable: tls.ui.publicDomain.crt
show_if: "useCertManager=false&&tls.useExistingSecret=false"
description: "UI TLS certificate"
label: "UI TLS certificate"
type: string
group: "TLS / Certificate Management"
- variable: tls.ui.publicDomain.key
show_if: "useCertManager=false&&tls.useExistingSecret=false"
description: "UI TLS key"
label: "UI TLS key"
type: string
group: "TLS / Certificate Management"
# Storage
- variable: storageSize
description: "Storage Size"
type: string
default: 10Gi
label: "Storage Size"
group: "Storage"
- variable: storageClass.name
description: "Storage Class Name"
type: string
default: "longhorn-single"
required: true
label: "Storage Class"
group: "Storage"
- variable: storageClass.create
description: |
Create a new opinionated storage class backed by longhorn.io
@ -211,11 +218,44 @@ questions:
label: "Create Storage Class"
group: "Storage"
- variable: storageClass.name
show_if: storageClass.create=false
type: storageclass
required: true
label: "Storage Class"
group: "Storage"
- variable: storageClass.name
show_if: storageClass.create=true
description: "New Storage Class Name"
type: string
valid_chars: "[0-9a-zA-Z_-]*"
default: "longhorn-single"
required: true
label: "Storage Class"
group: "Storage"
- variable: storageSize
description: "Volume Size"
type: string
default: 10Gi
label: "Volume Claim Size"
group: "Storage"
# Advanced Options
- variable: useCustomImages
default: false
type: boolean
description: "Use custom container images"
required: true
group: "Advanced"
show_subquestion_if: true
subquestions:
- variable: imageRegistry
default:
description: "Image Registry"
label: "Image Registry"
label: "Registry (e.g. quay.io)"
required: false
type: string
group: "Advanced"
@ -244,18 +284,10 @@ questions:
type: string
group: "Advanced"
- variable: imagePullPolicy
default:
description: "Image Pull Policy"
label: "Image Pull Policy"
required: false
type: string
group: "Advanced"
- variable: imageName
default:
description: "Gateway Image Name"
label: "Image Name"
label: "Image (e.g. s3gw/s3gw)"
required: false
type: string
group: "Advanced"
@ -263,7 +295,7 @@ questions:
- variable: imageTag
default:
description: "Image Tag"
label: "Image Tag"
label: "Tag (e.g. latest)"
required: false
type: string
group: "Advanced"
@ -271,7 +303,7 @@ questions:
- variable: ui.imageName
default:
description: "UI Image Name"
label: "UI Image Name"
label: "Image (e.g. s3gw/s3gw-ui)"
required: false
type: string
group: "Advanced"
@ -279,11 +311,23 @@ questions:
- variable: ui.imageTag
default:
description: "UI Image Tag"
label: "UI Image Tag"
label: "Tag (e.g. latest)"
required: false
type: string
group: "Advanced"
- variable: imagePullPolicy
default: IfNotPresent
description: "Image Pull Policy"
label: "Image Pull Policy"
required: false
type: enum
options:
- IfNotPresent
- Always
- Never
group: "Advanced"
- variable: logLevel
default: "1"
description: "s3gw pod log level, lower values are less verbose"

View File

@ -0,0 +1,11 @@
{{- if (empty .Values.publicDomain) }}
{{- fail "Please provide a value for `.Values.publicDomain`." }}
{{- end }}
{{- if (and .Values.ui.enabled (empty .Values.ui.publicDomain)) }}
{{- fail "Please provide a value for `.Values.ui.publicDomain`." }}
{{- end }}
{{- if (and .Values.useExistingSecret (empty .Values.defaultUserCredentialsSecret)) }}
{{- fail "Please provide a secret name for `.Values.defaultUserCredentialSecret`" }}
{{- end }}

View File

@ -8,6 +8,9 @@ metadata:
{{ include "s3gw.labels" . | indent 4}}
data:
{{- if .Values.ui.enabled }}
{{- if or .Values.useCertManager .Values.tls.publicDomain.crt }}
RGW_SERVICE_URL: 'https://{{ .Values.serviceName }}.{{ .Values.publicDomain }}'
{{- else}}
RGW_SERVICE_URL: 'http://{{ .Values.serviceName }}.{{ .Values.publicDomain }}'
{{- end }}
{{- end }}
RGW_DEFAULT_USER_SYSTEM: "1"

View File

@ -39,14 +39,35 @@ spec:
- "--debug-rgw"
- '{{ .Values.logLevel }}'
- "--rgw_frontends"
{{- if or .Values.useCertManager .Values.tls.publicDomain.crt }}
- "beast port=7480 ssl_port=7481
ssl_certificate=/s3gw-cluster-ip-tls/tls.crt
ssl_private_key=/s3gw-cluster-ip-tls/tls.key"
{{ else }}
- "beast port=7480"
{{ end }}
{{- range $.Values.rgwCustomArgs }}
- {{ . | quote}}
{{- end }}
env:
{{- range $.Values.rgwCustomEnvs }}
{{- if (regexMatch "[^=]+=[^=]+" .) }}
{{- $tokens := split "=" . }}
- name: {{ $tokens._0 }}
value: {{ $tokens._1 | quote}}
{{- else if (regexMatch "^[^=]" .) }}
- name: {{ . }}
{{- else }}
{{- fail (print ".Values.rgwCustomEnvs contains an invalid entry: " .) }}
{{- end }}
{{- end }}
ports:
- containerPort: 7480
name: s3
{{- if or .Values.useCertManager .Values.tls.publicDomain.crt }}
- containerPort: 7481
name: s3-tls
{{ end }}
envFrom:
- secretRef:
name: {{ .Values.defaultUserCredentialsSecret }}

View File

@ -8,10 +8,12 @@ ingress:
useCertManager: true
# cert-manager namespace
certManagerNamespace: cert-manager
# The name of the predefined TLS issuer to use (s3gw-issuer, s3gw-letsencrypt-issuer).
# The name of the predefined TLS issuer to use (s3gw-issuer,
# s3gw-letsencrypt-issuer).
tlsIssuer: "s3gw-issuer"
# The email address you are planning to use for getting notifications
# about your certificates. Fill this if you are using the 's3gw-letsencrypt-issuer'.
# about your certificates. Fill this if you are using the
# 's3gw-letsencrypt-issuer'.
email: "mail@example.com"
# When not using cert-manager you have to manually specify
@ -45,7 +47,7 @@ ui:
# 'serviceName' is the service name of the S3GW user interface.
serviceName: "s3gw-ui"
# 'publicDomain' is the public domain of the UI Service used by the Ingress.
publicDomain: "fe.127.0.0.1.omg.howdoi.website"
publicDomain: ""
# --- Developer Options ---
# imageName: "aquarist-labs/s3gw-ui"
@ -61,15 +63,20 @@ useExistingSecret: false
# 'defaultUserCredentialsSecret' the name of the secret containing
# the S3 Access Key and the S3 Secret Key for the default user.
defaultUserCredentialsSecret: "s3gw-creds"
# 'accessKey' is the S3 Access Key; the value is used when useExistingSecret: false.
# Set this as the empty string to make the Chart to compute a random alphanumeric value.
# 'accessKey' is the S3 Access Key; the value is used when
# `useExistingSecret: false`.
# Set this as the empty string to make the Chart to compute a random
# alphanumeric value.
accessKey: "test"
# 'secretKey' is the S3 Secret Key; the value is used when useExistingSecret: false
# Set this as the empty string to make the Chart to compute a random alphanumeric value.
# 'secretKey' is the S3 Secret Key; the value is used when
# `useExistingSecret: false`.
# Set this as the empty string to make the Chart to compute a random
# alphanumeric value.
secretKey: "test"
# 'publicDomain' is the public domain of S3GW used by the Ingress
publicDomain: "be.127.0.0.1.omg.howdoi.website"
# 'privateDomain' is the private domain of S3GW used inside the Kubernetes cluster
publicDomain: ""
# 'privateDomain' is the private domain of S3GW used inside the Kubernetes
# cluster
privateDomain: "svc.cluster.local"
# Backing storage.
@ -99,3 +106,43 @@ storageClass:
# Valid values are positive integers starting from 0.
# Higher values are more verbose.
logLevel: "1"
# --- Advanced Configuration ---
# radosgw's custom arguments for the s3gw pod
#
# With 'helm install/update' you can specify custom arguments
# for the radosgw process using the '--set' option:
#
# --set "rgwCustomArgs={--foo,bar,--color,green,--org,SUSE,--flag-param-foo}"
#
# The same effect could be obtained modifying rgwCustomArgs
# directly in the values.yaml:
#
# rgwCustomArgs:
# - --foo
# - bar
# - --color
# - green
# - --org
# - SUSE
# - --flag-param-foo
#
rgwCustomArgs: []
# radosgw's custom environment variables for the s3gw pod
#
# With 'helm install/update' you can specify custom environment variables
# for the radosgw process using the '--set' option:
#
# --set "rgwCustomEnvs={ENV_1=ON,ENV_2=OFF,ENV_3}"
#
# The same effect could be obtained modifying rgwCustomEnvs
# directly in the values.yaml:
#
# rgwCustomEnvs:
# - ENV_1=ON
# - ENV_2=OFF
# - ENV_3
#
rgwCustomEnvs: []

View File

@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
version: 22.0.0
version: 22.0.1

View File

@ -64,7 +64,7 @@ type: servicebinding.io/kafka
data:
provider: {{ print "bitnami" | b64enc | quote }}
type: {{ print "kafka" | b64enc | quote }}
user: {{ index $clientUsers $i | b64enc | quote }}
username: {{ index $clientUsers $i | b64enc | quote }}
password: {{ index $clientPasswords $i | b64enc | quote }}
host: {{ join "," $host | b64enc | quote }}
port: {{ print $port | b64enc | quote }}

View File

@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
version: 12.1.1
version: 12.1.3

View File

@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.2-debian-11-r20` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.2-debian-11-r21` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -306,7 +306,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r109` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r110` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -320,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r111` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r112` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

View File

@ -58,7 +58,7 @@ data:
type: {{ print "mysql" | b64enc | quote }}
host: {{ print $host | b64enc | quote }}
port: {{ print $port | b64enc | quote }}
user: {{ print "root" | b64enc | quote }}
username: {{ print "root" | b64enc | quote }}
password: {{ print $rootPassword | b64enc | quote }}
uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }}
@ -83,7 +83,7 @@ data:
type: {{ print "mysql" | b64enc | quote }}
host: {{ print $host | b64enc | quote }}
port: {{ print $port | b64enc | quote }}
user: {{ print .Values.auth.username | b64enc | quote }}
username: {{ print .Values.auth.username | b64enc | quote }}
{{- if $database }}
database: {{ print $database | b64enc | quote }}
{{- end }}

View File

@ -87,7 +87,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
tag: 10.11.2-debian-11-r20
tag: 10.11.2-debian-11-r21
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1001,7 +1001,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r109
tag: 11-debian-11-r110
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@ -1037,7 +1037,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.14.0-debian-11-r111
tag: 0.14.0-debian-11-r112
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)

View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.2.4
digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
generated: "2023-04-01T13:13:50.11325071Z"
digest: sha256:829fc25cbbb396161e735c83d152d74a8b3a82d07f08866b885b812d30b920df
generated: "2023-04-20T09:34:54.353267+02:00"

View File

@ -30,4 +30,4 @@ name: mysql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mysql
- https://mysql.com
version: 9.7.2
version: 9.8.2

View File

@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/mysql
helm install my-release oci://registry-1.docker.io/bitnamicharts/mysql
```
## Introduction
@ -32,8 +31,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
```console
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/mysql
helm install my-release oci://registry-1.docker.io/bitnamicharts/mysql
```
These commands deploy MySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@ -83,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | MySQL image registry | `docker.io` |
| `image.repository` | MySQL image repository | `bitnami/mysql` |
| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r0` |
| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r3` |
| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -307,7 +305,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r110` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -320,7 +318,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r109` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r112` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -369,7 +367,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
my-repo/mysql
oci://registry-1.docker.io/bitnamicharts/mysql
```
The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a database named `app_database`.
@ -379,7 +377,7 @@ The above command sets the MySQL `root` account password to `secretpassword`. Ad
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml my-repo/mysql
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/mysql
```
> **Tip**: You can use the default [values.yaml](values.yaml)
@ -470,7 +468,7 @@ Find more information about how to deal with common errors related to Bitnami's
It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:
```console
helm upgrade my-release my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD]
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/mysql --set auth.rootPassword=[ROOT_PASSWORD]
```
| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
@ -513,7 +511,7 @@ Consequences:
- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mysql`:
```console
helm install mysql my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
helm install mysql oci://registry-1.docker.io/bitnamicharts/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
```
| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release.

View File

@ -43,7 +43,7 @@ data:
type: {{ print "mysql" | b64enc | quote }}
host: {{ print $host | b64enc | quote }}
port: {{ print $port | b64enc | quote }}
user: {{ print "root" | b64enc | quote }}
username: {{ print "root" | b64enc | quote }}
password: {{ print $rootPassword | b64enc | quote }}
uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }}
@ -68,7 +68,7 @@ data:
type: {{ print "mysql" | b64enc | quote }}
host: {{ print $host | b64enc | quote }}
port: {{ print $port | b64enc | quote }}
user: {{ print .Values.auth.username | b64enc | quote }}
username: {{ print .Values.auth.username | b64enc | quote }}
{{- if $database }}
database: {{ print $database | b64enc | quote }}
{{- end }}

View File

@ -82,7 +82,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/mysql
tag: 8.0.33-debian-11-r0
tag: 8.0.33-debian-11-r3
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1008,7 +1008,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r108
tag: 11-debian-11-r110
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1042,7 +1042,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.14.0-debian-11-r109
tag: 0.14.0-debian-11-r112
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -32,4 +32,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
version: 12.4.1
version: 12.4.2

View File

@ -68,7 +68,7 @@ data:
type: {{ print "postgresql" | b64enc | quote }}
host: {{ $host | b64enc | quote }}
port: {{ $port | b64enc | quote }}
user: {{ print "postgres" | b64enc | quote }}
username: {{ print "postgres" | b64enc | quote }}
database: {{ print "postgres" | b64enc | quote }}
password: {{ $postgresPassword | b64enc | quote }}
uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }}
@ -93,7 +93,7 @@ data:
type: {{ print "postgresql" | b64enc | quote }}
host: {{ $host | b64enc | quote }}
port: {{ $port | b64enc | quote }}
user: {{ $customUser | b64enc | quote }}
username: {{ $customUser | b64enc | quote }}
password: {{ $password | b64enc | quote }}
{{- if $database }}
database: {{ $database | b64enc | quote }}

View File

@ -6,10 +6,10 @@ apiVersion: v2
appVersion: 0.2.1
dependencies:
- name: standard-defs
repository: file://./charts/standard-defs
repository: https://btp-charts-stable.s3.amazonaws.com/charts/
version: ~0.1.0
- name: sawtooth
repository: file://./charts/sawtooth
repository: https://btp-charts-stable.s3.amazonaws.com/charts/
version: ~0.2.0
description: 'Chronicle is an open-source, blockchain-backed, domain-agnostic provenance
product. Chronicle makes it easy for users to record and query immutable provenance
@ -22,4 +22,4 @@ keywords:
- blockchain
name: chronicle
type: application
version: 0.1.6
version: 0.1.7

View File

@ -19,6 +19,18 @@ spec:
serviceAccountName: {{ include "lib.serviceAccountName" . }}
affinity: {{ include "lib.safeToYaml" .Values.affinity | nindent 8 }}
initContainers:
- name: chronicle-permissions
image: busybox:1.36
command: [ "sh", "-c"]
args:
- |
chown -R 999:999 /var/lib/chronicle || true
volumeMounts:
- name: chronicle-config
mountPath: /etc/chronicle/config/
- name: chronicle-secrets
mountPath: /var/lib/chronicle/secrets/
readOnly: false
- name: chronicle-keystore
{{- include "lib.image" (dict "imageRoot" .Values.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-c"]
@ -72,7 +84,7 @@ spec:
-c /etc/chronicle/config/config.toml \
--console-logging json \
--sawtooth tcp://{{ include "chronicle.sawtooth.service" . }}:{{ include "chronicle.sawtooth.sawcomp" . }} \
serve-graphql --interface 0.0.0.0:{{ .Values.port}} {{ if .Values.webUi }} --open {{ end }}
serve-api --interface 0.0.0.0:{{ .Values.port}} {{ if .Values.webUi }} --open {{ end }}
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: RUST_LOG
value: {{ .Values.logLevel }}

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.15-0'
catalog.cattle.io/release-name: confluent-for-kubernetes
apiVersion: v1
appVersion: 2.5.2
appVersion: 2.6.0
description: A Helm chart to deploy Confluent for Kubernetes
home: https://www.confluent.io/
icon: https://cdn.confluent.io/wp-content/uploads/seo-logo-meadow.png
@ -19,4 +19,4 @@ maintainers:
name: confluent-for-kubernetes
sources:
- https://docs.confluent.io/current/index.html
version: 0.581.55
version: 0.771.13

View File

@ -1482,19 +1482,22 @@ spec:
where podId starts from `0` to `replicaCount -1`. This is
only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster.'
inside the Kubernetes cluster. This configuration will not
take effect if MDS enabled dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -1653,14 +1656,16 @@ spec:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:

View File

@ -968,19 +968,22 @@ spec:
where podId starts from `0` to `replicaCount -1`. This is
only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster.'
inside the Kubernetes cluster. This configuration will not
take effect if MDS enabled dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -1139,14 +1142,16 @@ spec:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:

View File

@ -876,19 +876,22 @@ spec:
where podId starts from `0` to `replicaCount -1`. This is
only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster.'
inside the Kubernetes cluster. This configuration will not
take effect if MDS enabled dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -1047,14 +1050,16 @@ spec:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:

View File

@ -981,6 +981,9 @@ spec:
externalAccess:
description: externalAccess specifies the configurations for the endpoints
and services to make the ksqlDB accessible from outside the cluster.
When `spec.listeners` is configured, configuring `spec.externalAccess`
is not allowed. Please configure `spec.listeners.external.externalAccess`
instead".
properties:
loadBalancer:
description: loadBalancer specifies the configuration to create
@ -995,19 +998,22 @@ spec:
where podId starts from `0` to `replicaCount -1`. This is
only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster.'
inside the Kubernetes cluster. This configuration will not
take effect if MDS enabled dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -1166,14 +1172,16 @@ spec:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -1472,6 +1480,542 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
listeners:
description: listeners specify the listeners configurations.
properties:
external:
description: external specifies the Confluent component external
listener.
properties:
externalAccess:
description: externalAccess defines the external access configuration
for the Confluent component.
properties:
loadBalancer:
description: loadBalancer specifies the configuration
to create a Kubernetes load balancer service.
properties:
advertisedURL:
description: 'advertisedURL specifies the configuration
for advertised listener per pod. It is only supported
for MDS currently. If it is enabled, instead of
using internal endpoint, the MDS advertised listener
for each broker will be set to: `<httpSchema>://<advertisedUrl.prefix><podId>.<domain>`
where podId starts from `0` to `replicaCount -1`.
This is only recommended if you cannot add internal
SANs to the TLS certificates for MDS and the external
DNS must be resolved inside the Kubernetes cluster.
This configuration will not take effect if MDS enabled
dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set
the MDS advertised listener url with external
endpoint for each broker. Has no effect with
Zookeeper, which will always create a listener
per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix
for MDS/Zookeeper advertised endpoint. If not
configured, it uses `b` as default prefix for
MDS, such as `b#.domain` where `#` will start
from `0` to `replicaCount -1`. It uses 'zookeeper'
as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
- enabled
type: object
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and
value pairs. It specifies Kubernetes annotations
for this service.
type: object
x-kubernetes-map-type: granular
domain:
description: domain is the domain name of the component
cluster.
minLength: 1
type: string
externalTrafficPolicy:
description: externalTrafficPolicy specifies the external
traffic policy for the service. Valid options are
`Local` and `Cluster`.
enum:
- Local
- Cluster
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value
pairs. It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
loadBalancerSourceRanges:
description: loadBalancerSourceRanges specify the
source ranges.
items:
type: string
type: array
port:
description: port specifies the external port for
the client consumption. If not configured, the same
internal/external port is configured for the component.
Information about the port can be retrieved through
the status API.
format: int32
type: integer
prefix:
description: prefix specify the prefix for the given
domain. The default value is the name of the cluster.
minLength: 1
type: string
servicePorts:
description: servicePorts specify the user-provided
service port(s).
items:
description: ServicePort contains information on
service's port.
properties:
appProtocol:
description: The application protocol for this
port. This field follows standard Kubernetes
label syntax. Un-prefixed names are reserved
for IANA standard service names (as per RFC-6335
and http://www.iana.org/assignments/service-names).
Non-standard protocols should use prefixed
names such as mycompany.com/my-custom-protocol.
type: string
name:
description: The name of this port within the
service. This must be a DNS_LABEL. All ports
within a ServiceSpec must have unique names.
When considering the endpoints for a Service,
this must match the 'name' field in the EndpointPort.
Optional if only one ServicePort is defined
on this service.
type: string
nodePort:
description: 'The port on each node on which
this service is exposed when type is NodePort
or LoadBalancer. Usually assigned by the
system. If a value is specified, in-range,
and not in use it will be used, otherwise
the operation will fail. If not specified,
a port will be allocated if this Service requires
one. If this field is specified when creating
a Service which does not need it, creation
will fail. This field will be wiped when updating
a Service to no longer need it (e.g. changing
type from NodePort to ClusterIP). More info:
https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: The port that will be exposed by
this service.
format: int32
type: integer
protocol:
default: TCP
description: The IP protocol for this port.
Supports "TCP", "UDP", and "SCTP". Default
is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Number or name of the port to
access on the pods targeted by the service.
Number must be in the range 1 to 65535. Name
must be an IANA_SVC_NAME. If this is a string,
it will be looked up as a named port in the
target Pod''s container ports. If this is
not specified, the value of the ''port'' field
is used (an identity map). This field is ignored
for services with clusterIP=None, and should
be omitted or set equal to the ''port'' field.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
sessionAffinity:
description: 'sessionAffinity defines the Kubernetes
session affinity. The valid options are `ClientIP`
and `None`. `ClientIP` enables the client IP-based
session affinity. The default value is `None`. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
enum:
- ClientIP
- None
type: string
sessionAffinityConfig:
description: SessionAffinityConfig contains the configurations
of the session affinity.
properties:
clientIP:
description: clientIP contains the configurations
of Client IP based session affinity.
properties:
timeoutSeconds:
description: timeoutSeconds specifies the
seconds of ClientIP type session sticky
time. The value must be >0 && <=86400(for
1 day) if ServiceAffinity == "ClientIP".
Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
required:
- domain
type: object
nodePort:
description: nodePort specifies the configuration to create
a Kubernetes node port service.
properties:
advertisedURL:
description: advertisedURL specifies the configuration
for advertised listener per pod. It is only supported
for MDS currently. If it is enabled, instead of
using internal endpoint, the MDS advertised listener
for each broker will be set to `<httpSchema>://<host>:<nodePortOffset
+ podId + 1>, where`podId` starts from `0` to `replicaCount
- 1`. This is only recommended if you cannot add
internal SANs to the TLS certificates for MDS and
the external DNS must be resolved inside the Kubernetes
cluster.
properties:
enabled:
description: enabled indicates whether to set
the MDS advertised listener url with external
endpoint for each broker. Has no effect with
Zookeeper, which will always create a listener
per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix
for MDS/Zookeeper advertised endpoint. If not
configured, it uses `b` as default prefix for
MDS, such as `b#.domain` where `#` will start
from `0` to `replicaCount -1`. It uses 'zookeeper'
as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
- enabled
type: object
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and
value pairs. It specifies Kubernetes annotations
for this service.
type: object
x-kubernetes-map-type: granular
externalTrafficPolicy:
description: externalTrafficPolicy specifies the external
traffic policy for the service. Valid options are
`Local` and `Cluster`.
enum:
- Local
- Cluster
type: string
host:
description: host defines the host name of the cluster.
minLength: 1
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value
pairs. It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
nodePortOffset:
description: nodePortOffset specifies the starting
offset of the node ports. The port numbers go in
ascending order with respect to the replicas count.
NodePort service creation fails if the node port
is not in the range supported by the Kubernetes
API server. The default Kubernetes Node Port range
is `30000` - `32762`.
format: int32
minimum: 0
type: integer
servicePorts:
description: servicePorts specify user-provided service
port(s). For Kafka with the nodePort type, this
setting is only applied to Kafka bootstrap service.
items:
description: ServicePort contains information on
service's port.
properties:
appProtocol:
description: The application protocol for this
port. This field follows standard Kubernetes
label syntax. Un-prefixed names are reserved
for IANA standard service names (as per RFC-6335
and http://www.iana.org/assignments/service-names).
Non-standard protocols should use prefixed
names such as mycompany.com/my-custom-protocol.
type: string
name:
description: The name of this port within the
service. This must be a DNS_LABEL. All ports
within a ServiceSpec must have unique names.
When considering the endpoints for a Service,
this must match the 'name' field in the EndpointPort.
Optional if only one ServicePort is defined
on this service.
type: string
nodePort:
description: 'The port on each node on which
this service is exposed when type is NodePort
or LoadBalancer. Usually assigned by the
system. If a value is specified, in-range,
and not in use it will be used, otherwise
the operation will fail. If not specified,
a port will be allocated if this Service requires
one. If this field is specified when creating
a Service which does not need it, creation
will fail. This field will be wiped when updating
a Service to no longer need it (e.g. changing
type from NodePort to ClusterIP). More info:
https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: The port that will be exposed by
this service.
format: int32
type: integer
protocol:
default: TCP
description: The IP protocol for this port.
Supports "TCP", "UDP", and "SCTP". Default
is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Number or name of the port to
access on the pods targeted by the service.
Number must be in the range 1 to 65535. Name
must be an IANA_SVC_NAME. If this is a string,
it will be looked up as a named port in the
target Pod''s container ports. If this is
not specified, the value of the ''port'' field
is used (an identity map). This field is ignored
for services with clusterIP=None, and should
be omitted or set equal to the ''port'' field.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
sessionAffinity:
description: 'sessionAffinity defines the Kubernetes
session affinity. The valid options are `ClientIP`
and `None`. `ClientIP` enables the client IP-based
session affinity. The default value is `None`. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
enum:
- ClientIP
- None
type: string
sessionAffinityConfig:
description: SessionAffinityConfig contains the configurations
of the session affinity.
properties:
clientIP:
description: clientIP contains the configurations
of Client IP based session affinity.
properties:
timeoutSeconds:
description: timeoutSeconds specifies the
seconds of ClientIP type session sticky
time. The value must be >0 && <=86400(for
1 day) if ServiceAffinity == "ClientIP".
Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
required:
- host
- nodePortOffset
type: object
route:
description: route specifies the configuration to create
a route service in OpenShift.
properties:
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and
value pairs. It specifies Kubernetes annotations
for this service.
type: object
x-kubernetes-map-type: granular
domain:
description: domain specifies the domain name of the
Confluent component cluster.
minLength: 1
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value
pairs. It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
prefix:
description: prefix specifies the component prefix
when configured for the domain. The default value
is the name of the cluster.
minLength: 1
type: string
wildcardPolicy:
description: wildcardPolicy allows you to define a
route that covers all hosts within a domain. Valid
options are `Subdomain` and `None`. The default
value is `None`.
enum:
- Subdomain
- None
type: string
required:
- domain
type: object
type:
description: type specifies the Kubernetes external service
for the component. Valid options are `loadBalancer`,
`nodePort`, and `route`.
enum:
- loadBalancer
- nodePort
- route
minLength: 1
type: string
required:
- type
type: object
tls:
description: tls specifies the TLS configuration for the listener.
properties:
directoryPathInContainer:
description: directoryPathInContainer specifies the directory
path in the container where `keystore.jks`, `truststore.jks`,
and `jksPassword.txt` keys are mounted. `truststore.jks`
is not configured and can be ignored when the `ignoreTrustStoreConfig`
field is set to `true`.
minLength: 1
type: string
enabled:
description: enabled specifies to enable the TLS configuration
for the Confluent component.
type: boolean
ignoreTrustStoreConfig:
description: ignoreTrustStoreConfig indicates whether
to ignore the truststore configuration for the Confluent
component.
type: boolean
jksPassword:
description: jksPassword references the secret containing
the JKS password.
properties:
secretRef:
description: 'secretRef references the name of the
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: 'secretRef references the secret containing
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- enabled
type: object
type: object
internal:
description: internal specifies the Confluent component's internal
listener. This internal listener is for intra-communication
between the pods.
properties:
port:
description: port binds the given port to the internal listener.
If not configured, it will be defaulted to the component-specific
internal port. Port numbers lower than `9093` are reserved
by CFK.
format: int32
minimum: 9093
type: integer
tls:
description: tls specifies the TLS configuration for the listener.
properties:
directoryPathInContainer:
description: directoryPathInContainer specifies the directory
path in the container where `keystore.jks`, `truststore.jks`,
and `jksPassword.txt` keys are mounted. `truststore.jks`
is not configured and can be ignored when the `ignoreTrustStoreConfig`
field is set to `true`.
minLength: 1
type: string
enabled:
description: enabled specifies to enable the TLS configuration
for the Confluent component.
type: boolean
ignoreTrustStoreConfig:
description: ignoreTrustStoreConfig indicates whether
to ignore the truststore configuration for the Confluent
component.
type: boolean
jksPassword:
description: jksPassword references the secret containing
the JKS password.
properties:
secretRef:
description: 'secretRef references the name of the
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: 'secretRef references the secret containing
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- enabled
type: object
type: object
type: object
metrics:
description: metrics specify the security settings for the metric
services.
@ -4910,7 +5454,8 @@ spec:
type: boolean
type: object
tls:
description: tls specifies the TLS configurations for the ksqlDB cluster.
description: tls specifies the global TLS configurations for the ksqlDB
cluster.
properties:
autoGeneratedCerts:
description: autoGeneratedCerts specifies that the certificates
@ -5040,6 +5585,41 @@ spec:
dependency.
type: boolean
type: object
listeners:
additionalProperties:
description: ListenerStatus describes general information about
the listeners.
properties:
advertisedExternalEndpoints:
description: advertisedExternalEndpoints specifies other advertised
endpoints used, especially for Kafka.
items:
type: string
type: array
authenticationType:
description: authenticationType shows the authentication type
configured by the listener.
type: string
externalAccessType:
description: externalAccessType shows the external access type
used for the listener.
type: string
externalEndpoint:
description: externalEndpoint specifies the external endpoint
to connect to the Confluent component cluster.
type: string
internalEndpoint:
description: internalEndpoint specifies the internal endpoint
to connect to the Confluent component cluster.
type: string
tls:
description: tls shows whether TLS is configured for the listener.
type: boolean
type: object
description: listeners is a map of listener type and the status of
KsqlDB Listeners.
type: object
x-kubernetes-map-type: granular
observedGeneration:
description: observedGeneration is the most recent generation observed
for this Confluent component.

View File

@ -430,6 +430,9 @@ spec:
type: boolean
externalAccess:
description: externalAccess specifies the external access configuration.
When `spec.listeners` is configured, configuring `spec.externalAccess`
is not allowed. Please configure `spec.listeners.external.externalAccess`
instead".
properties:
loadBalancer:
description: loadBalancer specifies the configuration to create
@ -444,19 +447,22 @@ spec:
where podId starts from `0` to `replicaCount -1`. This is
only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster.'
inside the Kubernetes cluster. This configuration will not
take effect if MDS enabled dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -615,14 +621,16 @@ spec:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker.
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS
advertised endpoint if using loadBalancer external access.
If not configured, it uses `b` as default prefix, such
as `b#.domain` where `#` will start from `0` to `replicaCount
-1`.
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
@ -922,6 +930,542 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
listeners:
description: listeners specify the listeners configurations.
properties:
external:
description: external specifies the Confluent component external
listener.
properties:
externalAccess:
description: externalAccess defines the external access configuration
for the Confluent component.
properties:
loadBalancer:
description: loadBalancer specifies the configuration
to create a Kubernetes load balancer service.
properties:
advertisedURL:
description: 'advertisedURL specifies the configuration
for advertised listener per pod. It is only supported
for MDS currently. If it is enabled, instead of
using internal endpoint, the MDS advertised listener
for each broker will be set to: `<httpSchema>://<advertisedUrl.prefix><podId>.<domain>`
where podId starts from `0` to `replicaCount -1`.
This is only recommended if you cannot add internal
SANs to the TLS certificates for MDS and the external
DNS must be resolved inside the Kubernetes cluster.
This configuration will not take effect if MDS enabled
dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set
the MDS advertised listener url with external
endpoint for each broker. Has no effect with
Zookeeper, which will always create a listener
per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix
for MDS/Zookeeper advertised endpoint. If not
configured, it uses `b` as default prefix for
MDS, such as `b#.domain` where `#` will start
from `0` to `replicaCount -1`. It uses 'zookeeper'
as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
- enabled
type: object
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and
value pairs. It specifies Kubernetes annotations
for this service.
type: object
x-kubernetes-map-type: granular
domain:
description: domain is the domain name of the component
cluster.
minLength: 1
type: string
externalTrafficPolicy:
description: externalTrafficPolicy specifies the external
traffic policy for the service. Valid options are
`Local` and `Cluster`.
enum:
- Local
- Cluster
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value
pairs. It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
loadBalancerSourceRanges:
description: loadBalancerSourceRanges specify the
source ranges.
items:
type: string
type: array
port:
description: port specifies the external port for
the client consumption. If not configured, the same
internal/external port is configured for the component.
Information about the port can be retrieved through
the status API.
format: int32
type: integer
prefix:
description: prefix specify the prefix for the given
domain. The default value is the name of the cluster.
minLength: 1
type: string
servicePorts:
description: servicePorts specify the user-provided
service port(s).
items:
description: ServicePort contains information on
service's port.
properties:
appProtocol:
description: The application protocol for this
port. This field follows standard Kubernetes
label syntax. Un-prefixed names are reserved
for IANA standard service names (as per RFC-6335
and http://www.iana.org/assignments/service-names).
Non-standard protocols should use prefixed
names such as mycompany.com/my-custom-protocol.
type: string
name:
description: The name of this port within the
service. This must be a DNS_LABEL. All ports
within a ServiceSpec must have unique names.
When considering the endpoints for a Service,
this must match the 'name' field in the EndpointPort.
Optional if only one ServicePort is defined
on this service.
type: string
nodePort:
description: 'The port on each node on which
this service is exposed when type is NodePort
or LoadBalancer. Usually assigned by the
system. If a value is specified, in-range,
and not in use it will be used, otherwise
the operation will fail. If not specified,
a port will be allocated if this Service requires
one. If this field is specified when creating
a Service which does not need it, creation
will fail. This field will be wiped when updating
a Service to no longer need it (e.g. changing
type from NodePort to ClusterIP). More info:
https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: The port that will be exposed by
this service.
format: int32
type: integer
protocol:
default: TCP
description: The IP protocol for this port.
Supports "TCP", "UDP", and "SCTP". Default
is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Number or name of the port to
access on the pods targeted by the service.
Number must be in the range 1 to 65535. Name
must be an IANA_SVC_NAME. If this is a string,
it will be looked up as a named port in the
target Pod''s container ports. If this is
not specified, the value of the ''port'' field
is used (an identity map). This field is ignored
for services with clusterIP=None, and should
be omitted or set equal to the ''port'' field.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
sessionAffinity:
description: 'sessionAffinity defines the Kubernetes
session affinity. The valid options are `ClientIP`
and `None`. `ClientIP` enables the client IP-based
session affinity. The default value is `None`. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
enum:
- ClientIP
- None
type: string
sessionAffinityConfig:
description: SessionAffinityConfig contains the configurations
of the session affinity.
properties:
clientIP:
description: clientIP contains the configurations
of Client IP based session affinity.
properties:
timeoutSeconds:
description: timeoutSeconds specifies the
seconds of ClientIP type session sticky
time. The value must be >0 && <=86400(for
1 day) if ServiceAffinity == "ClientIP".
Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
required:
- domain
type: object
nodePort:
description: nodePort specifies the configuration to create
a Kubernetes node port service.
properties:
advertisedURL:
description: advertisedURL specifies the configuration
for advertised listener per pod. It is only supported
for MDS currently. If it is enabled, instead of
using internal endpoint, the MDS advertised listener
for each broker will be set to `<httpSchema>://<host>:<nodePortOffset
+ podId + 1>, where`podId` starts from `0` to `replicaCount
- 1`. This is only recommended if you cannot add
internal SANs to the TLS certificates for MDS and
the external DNS must be resolved inside the Kubernetes
cluster.
properties:
enabled:
description: enabled indicates whether to set
the MDS advertised listener url with external
endpoint for each broker. Has no effect with
Zookeeper, which will always create a listener
per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix
for MDS/Zookeeper advertised endpoint. If not
configured, it uses `b` as default prefix for
MDS, such as `b#.domain` where `#` will start
from `0` to `replicaCount -1`. It uses 'zookeeper'
as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
- enabled
type: object
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and
value pairs. It specifies Kubernetes annotations
for this service.
type: object
x-kubernetes-map-type: granular
externalTrafficPolicy:
description: externalTrafficPolicy specifies the external
traffic policy for the service. Valid options are
`Local` and `Cluster`.
enum:
- Local
- Cluster
type: string
host:
description: host defines the host name of the cluster.
minLength: 1
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value
pairs. It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
nodePortOffset:
description: nodePortOffset specifies the starting
offset of the node ports. The port numbers go in
ascending order with respect to the replicas count.
NodePort service creation fails if the node port
is not in the range supported by the Kubernetes
API server. The default Kubernetes Node Port range
is `30000` - `32762`.
format: int32
minimum: 0
type: integer
servicePorts:
description: servicePorts specify user-provided service
port(s). For Kafka with the nodePort type, this
setting is only applied to Kafka bootstrap service.
items:
description: ServicePort contains information on
service's port.
properties:
appProtocol:
description: The application protocol for this
port. This field follows standard Kubernetes
label syntax. Un-prefixed names are reserved
for IANA standard service names (as per RFC-6335
and http://www.iana.org/assignments/service-names).
Non-standard protocols should use prefixed
names such as mycompany.com/my-custom-protocol.
type: string
name:
description: The name of this port within the
service. This must be a DNS_LABEL. All ports
within a ServiceSpec must have unique names.
When considering the endpoints for a Service,
this must match the 'name' field in the EndpointPort.
Optional if only one ServicePort is defined
on this service.
type: string
nodePort:
description: 'The port on each node on which
this service is exposed when type is NodePort
or LoadBalancer. Usually assigned by the
system. If a value is specified, in-range,
and not in use it will be used, otherwise
the operation will fail. If not specified,
a port will be allocated if this Service requires
one. If this field is specified when creating
a Service which does not need it, creation
will fail. This field will be wiped when updating
a Service to no longer need it (e.g. changing
type from NodePort to ClusterIP). More info:
https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: The port that will be exposed by
this service.
format: int32
type: integer
protocol:
default: TCP
description: The IP protocol for this port.
Supports "TCP", "UDP", and "SCTP". Default
is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Number or name of the port to
access on the pods targeted by the service.
Number must be in the range 1 to 65535. Name
must be an IANA_SVC_NAME. If this is a string,
it will be looked up as a named port in the
target Pod''s container ports. If this is
not specified, the value of the ''port'' field
is used (an identity map). This field is ignored
for services with clusterIP=None, and should
be omitted or set equal to the ''port'' field.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
sessionAffinity:
description: 'sessionAffinity defines the Kubernetes
session affinity. The valid options are `ClientIP`
and `None`. `ClientIP` enables the client IP-based
session affinity. The default value is `None`. More
info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
enum:
- ClientIP
- None
type: string
sessionAffinityConfig:
description: SessionAffinityConfig contains the configurations
of the session affinity.
properties:
clientIP:
description: clientIP contains the configurations
of Client IP based session affinity.
properties:
timeoutSeconds:
description: timeoutSeconds specifies the
seconds of ClientIP type session sticky
time. The value must be >0 && <=86400(for
1 day) if ServiceAffinity == "ClientIP".
Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
required:
- host
- nodePortOffset
type: object
route:
description: route specifies the configuration to create
a route service in OpenShift.
properties:
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and
value pairs. It specifies Kubernetes annotations
for this service.
type: object
x-kubernetes-map-type: granular
domain:
description: domain specifies the domain name of the
Confluent component cluster.
minLength: 1
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value
pairs. It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
prefix:
description: prefix specifies the component prefix
when configured for the domain. The default value
is the name of the cluster.
minLength: 1
type: string
wildcardPolicy:
description: wildcardPolicy allows you to define a
route that covers all hosts within a domain. Valid
options are `Subdomain` and `None`. The default
value is `None`.
enum:
- Subdomain
- None
type: string
required:
- domain
type: object
type:
description: type specifies the Kubernetes external service
for the component. Valid options are `loadBalancer`,
`nodePort`, and `route`.
enum:
- loadBalancer
- nodePort
- route
minLength: 1
type: string
required:
- type
type: object
tls:
description: tls specifies the TLS configuration for the listener.
properties:
directoryPathInContainer:
description: directoryPathInContainer specifies the directory
path in the container where `keystore.jks`, `truststore.jks`,
and `jksPassword.txt` keys are mounted. `truststore.jks`
is not configured and can be ignored when the `ignoreTrustStoreConfig`
field is set to `true`.
minLength: 1
type: string
enabled:
description: enabled specifies to enable the TLS configuration
for the Confluent component.
type: boolean
ignoreTrustStoreConfig:
description: ignoreTrustStoreConfig indicates whether
to ignore the truststore configuration for the Confluent
component.
type: boolean
jksPassword:
description: jksPassword references the secret containing
the JKS password.
properties:
secretRef:
description: 'secretRef references the name of the
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: 'secretRef references the secret containing
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- enabled
type: object
type: object
internal:
description: internal specifies the Confluent component's internal
listener. This internal listener is for intra-communication
between the pods.
properties:
port:
description: port binds the given port to the internal listener.
If not configured, it will be defaulted to the component-specific
internal port. Port numbers lower than `9093` are reserved
by CFK.
format: int32
minimum: 9093
type: integer
tls:
description: tls specifies the TLS configuration for the listener.
properties:
directoryPathInContainer:
description: directoryPathInContainer specifies the directory
path in the container where `keystore.jks`, `truststore.jks`,
and `jksPassword.txt` keys are mounted. `truststore.jks`
is not configured and can be ignored when the `ignoreTrustStoreConfig`
field is set to `true`.
minLength: 1
type: string
enabled:
description: enabled specifies to enable the TLS configuration
for the Confluent component.
type: boolean
ignoreTrustStoreConfig:
description: ignoreTrustStoreConfig indicates whether
to ignore the truststore configuration for the Confluent
component.
type: boolean
jksPassword:
description: jksPassword references the secret containing
the JKS password.
properties:
secretRef:
description: 'secretRef references the name of the
secret containing the JKS password. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- secretRef
type: object
secretRef:
description: 'secretRef references the secret containing
the certificates. More info: https://docs.confluent.io/operator/current/co-network-encryption.html#configure-user-provided-tls-certificates'
maxLength: 30
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- enabled
type: object
type: object
type: object
metrics:
description: metrics specify the security settings for the metric
services.
@ -4369,8 +4913,8 @@ spec:
type: boolean
type: object
tls:
description: tls specifies the TLS configurations for the REST API
endpoint.
description: tls specifies the global TLS configurations for the REST
API endpoint.
properties:
autoGeneratedCerts:
description: autoGeneratedCerts specifies that the certificates
@ -4503,6 +5047,41 @@ spec:
dependency.
type: boolean
type: object
listeners:
additionalProperties:
description: ListenerStatus describes general information about
the listeners.
properties:
advertisedExternalEndpoints:
description: advertisedExternalEndpoints specifies other advertised
endpoints used, especially for Kafka.
items:
type: string
type: array
authenticationType:
description: authenticationType shows the authentication type
configured by the listener.
type: string
externalAccessType:
description: externalAccessType shows the external access type
used for the listener.
type: string
externalEndpoint:
description: externalEndpoint specifies the external endpoint
to connect to the Confluent component cluster.
type: string
internalEndpoint:
description: internalEndpoint specifies the internal endpoint
to connect to the Confluent component cluster.
type: string
tls:
description: tls shows whether TLS is configured for the listener.
type: boolean
type: object
description: listeners is a map of listener type and the status of
Schema Registry Listeners.
type: object
x-kubernetes-map-type: granular
metricPrefix:
description: metricPrefix is the prefix for the JMX metric of the
Schema Registry cluster.

View File

@ -153,6 +153,394 @@ spec:
description: dataVolumeCapacity specifies the data volume size.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
externalAccess:
description: externalAccess specifies the external access configuration.
Should only be specified when Zookeeper peers are on another network.
properties:
loadBalancer:
description: loadBalancer specifies the configuration to create
a Kubernetes load balancer service.
properties:
advertisedURL:
description: 'advertisedURL specifies the configuration for
advertised listener per pod. It is only supported for MDS
currently. If it is enabled, instead of using internal endpoint,
the MDS advertised listener for each broker will be set
to: `<httpSchema>://<advertisedUrl.prefix><podId>.<domain>`
where podId starts from `0` to `replicaCount -1`. This is
only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster. This configuration will not
take effect if MDS enabled dual listener setup.'
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
- enabled
type: object
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and value
pairs. It specifies Kubernetes annotations for this service.
type: object
x-kubernetes-map-type: granular
domain:
description: domain is the domain name of the component cluster.
minLength: 1
type: string
externalTrafficPolicy:
description: externalTrafficPolicy specifies the external
traffic policy for the service. Valid options are `Local`
and `Cluster`.
enum:
- Local
- Cluster
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value pairs.
It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
loadBalancerSourceRanges:
description: loadBalancerSourceRanges specify the source ranges.
items:
type: string
type: array
port:
description: port specifies the external port for the client
consumption. If not configured, the same internal/external
port is configured for the component. Information about
the port can be retrieved through the status API.
format: int32
type: integer
prefix:
description: prefix specify the prefix for the given domain.
The default value is the name of the cluster.
minLength: 1
type: string
servicePorts:
description: servicePorts specify the user-provided service
port(s).
items:
description: ServicePort contains information on service's
port.
properties:
appProtocol:
description: The application protocol for this port.
This field follows standard Kubernetes label syntax.
Un-prefixed names are reserved for IANA standard service
names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
Non-standard protocols should use prefixed names such
as mycompany.com/my-custom-protocol.
type: string
name:
description: The name of this port within the service.
This must be a DNS_LABEL. All ports within a ServiceSpec
must have unique names. When considering the endpoints
for a Service, this must match the 'name' field in
the EndpointPort. Optional if only one ServicePort
is defined on this service.
type: string
nodePort:
description: 'The port on each node on which this service
is exposed when type is NodePort or LoadBalancer. Usually
assigned by the system. If a value is specified, in-range,
and not in use it will be used, otherwise the operation
will fail. If not specified, a port will be allocated
if this Service requires one. If this field is specified
when creating a Service which does not need it, creation
will fail. This field will be wiped when updating
a Service to no longer need it (e.g. changing type
from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: The port that will be exposed by this service.
format: int32
type: integer
protocol:
default: TCP
description: The IP protocol for this port. Supports
"TCP", "UDP", and "SCTP". Default is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Number or name of the port to access on
the pods targeted by the service. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
If this is a string, it will be looked up as a named
port in the target Pod''s container ports. If this
is not specified, the value of the ''port'' field
is used (an identity map). This field is ignored for
services with clusterIP=None, and should be omitted
or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
sessionAffinity:
description: 'sessionAffinity defines the Kubernetes session
affinity. The valid options are `ClientIP` and `None`. `ClientIP`
enables the client IP-based session affinity. The default
value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
enum:
- ClientIP
- None
type: string
sessionAffinityConfig:
description: SessionAffinityConfig contains the configurations
of the session affinity.
properties:
clientIP:
description: clientIP contains the configurations of Client
IP based session affinity.
properties:
timeoutSeconds:
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
required:
- domain
type: object
nodePort:
description: nodePort specifies the configuration to create a
Kubernetes node port service.
properties:
advertisedURL:
description: advertisedURL specifies the configuration for
advertised listener per pod. It is only supported for MDS
currently. If it is enabled, instead of using internal endpoint,
the MDS advertised listener for each broker will be set
to `<httpSchema>://<host>:<nodePortOffset + podId + 1>,
where`podId` starts from `0` to `replicaCount - 1`. This
is only recommended if you cannot add internal SANs to the
TLS certificates for MDS and the external DNS must be resolved
inside the Kubernetes cluster.
properties:
enabled:
description: enabled indicates whether to set the MDS
advertised listener url with external endpoint for each
broker. Has no effect with Zookeeper, which will always
create a listener per pod.
type: boolean
prefix:
description: prefix specifies the broker prefix for MDS/Zookeeper
advertised endpoint. If not configured, it uses `b`
as default prefix for MDS, such as `b#.domain` where
`#` will start from `0` to `replicaCount -1`. It uses
'zookeeper' as default prefix for Zookeeper in the same
way.
minLength: 1
type: string
required:
- enabled
type: object
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and value
pairs. It specifies Kubernetes annotations for this service.
type: object
x-kubernetes-map-type: granular
externalTrafficPolicy:
description: externalTrafficPolicy specifies the external
traffic policy for the service. Valid options are `Local`
and `Cluster`.
enum:
- Local
- Cluster
type: string
host:
description: host defines the host name of the cluster.
minLength: 1
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value pairs.
It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
nodePortOffset:
description: nodePortOffset specifies the starting offset
of the node ports. The port numbers go in ascending order
with respect to the replicas count. NodePort service creation
fails if the node port is not in the range supported by
the Kubernetes API server. The default Kubernetes Node Port
range is `30000` - `32762`.
format: int32
minimum: 0
type: integer
servicePorts:
description: servicePorts specify user-provided service port(s).
For Kafka with the nodePort type, this setting is only applied
to Kafka bootstrap service.
items:
description: ServicePort contains information on service's
port.
properties:
appProtocol:
description: The application protocol for this port.
This field follows standard Kubernetes label syntax.
Un-prefixed names are reserved for IANA standard service
names (as per RFC-6335 and http://www.iana.org/assignments/service-names).
Non-standard protocols should use prefixed names such
as mycompany.com/my-custom-protocol.
type: string
name:
description: The name of this port within the service.
This must be a DNS_LABEL. All ports within a ServiceSpec
must have unique names. When considering the endpoints
for a Service, this must match the 'name' field in
the EndpointPort. Optional if only one ServicePort
is defined on this service.
type: string
nodePort:
description: 'The port on each node on which this service
is exposed when type is NodePort or LoadBalancer. Usually
assigned by the system. If a value is specified, in-range,
and not in use it will be used, otherwise the operation
will fail. If not specified, a port will be allocated
if this Service requires one. If this field is specified
when creating a Service which does not need it, creation
will fail. This field will be wiped when updating
a Service to no longer need it (e.g. changing type
from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
format: int32
type: integer
port:
description: The port that will be exposed by this service.
format: int32
type: integer
protocol:
default: TCP
description: The IP protocol for this port. Supports
"TCP", "UDP", and "SCTP". Default is TCP.
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Number or name of the port to access on
the pods targeted by the service. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
If this is a string, it will be looked up as a named
port in the target Pod''s container ports. If this
is not specified, the value of the ''port'' field
is used (an identity map). This field is ignored for
services with clusterIP=None, and should be omitted
or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
x-kubernetes-int-or-string: true
required:
- port
type: object
type: array
sessionAffinity:
description: 'sessionAffinity defines the Kubernetes session
affinity. The valid options are `ClientIP` and `None`. `ClientIP`
enables the client IP-based session affinity. The default
value is `None`. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.'
enum:
- ClientIP
- None
type: string
sessionAffinityConfig:
description: SessionAffinityConfig contains the configurations
of the session affinity.
properties:
clientIP:
description: clientIP contains the configurations of Client
IP based session affinity.
properties:
timeoutSeconds:
description: timeoutSeconds specifies the seconds
of ClientIP type session sticky time. The value
must be >0 && <=86400(for 1 day) if ServiceAffinity
== "ClientIP". Default value is 10800(for 3 hours).
format: int32
type: integer
type: object
type: object
required:
- host
- nodePortOffset
type: object
route:
description: route specifies the configuration to create a route
service in OpenShift.
properties:
annotations:
additionalProperties:
type: string
description: annotations is a map of string key and value
pairs. It specifies Kubernetes annotations for this service.
type: object
x-kubernetes-map-type: granular
domain:
description: domain specifies the domain name of the Confluent
component cluster.
minLength: 1
type: string
labels:
additionalProperties:
type: string
description: labels is a map of string key and value pairs.
It specifies Kubernetes labels for this service.
type: object
x-kubernetes-map-type: granular
prefix:
description: prefix specifies the component prefix when configured
for the domain. The default value is the name of the cluster.
minLength: 1
type: string
wildcardPolicy:
description: wildcardPolicy allows you to define a route that
covers all hosts within a domain. Valid options are `Subdomain`
and `None`. The default value is `None`.
enum:
- Subdomain
- None
type: string
required:
- domain
type: object
type:
description: type specifies the Kubernetes external service for
the component. Valid options are `loadBalancer`, `nodePort`,
and `route`.
enum:
- loadBalancer
- nodePort
- route
minLength: 1
type: string
required:
- type
type: object
headlessService:
description: headlessService specifies the configuration of the Kubernetes
headless service.
@ -2036,6 +2424,15 @@ spec:
using the pod anti-affinity capability. Enabling this configuration
in an existing cluster will roll the cluster.
type: boolean
peers:
description: peers specify a list of dynamic peer configurations for
the Zookeeper cluster. This is only required when deploying stretch
Zookeeper for MRC deployments and should include all the Zookeeper
peers in other DCs that form the ensemble. This will either add
or update the existing configuration.
items:
type: string
type: array
podTemplate:
description: podTemplate specifies the statefulset pod template configuration.
properties:
@ -3746,10 +4143,6 @@ spec:
description: arbitraryData is the map for any arbitrary data associated
with this Confluent component.
x-kubernetes-preserve-unknown-fields: true
authenticationType:
description: authenticationType is the authentication method for the
Zookeeper cluster.
type: string
authorizationType:
description: authorizationType is the authorization type for this
Confluent component.
@ -3800,9 +4193,6 @@ spec:
description: currentReplicas is the number of currently running replicas.
format: int32
type: integer
endpoint:
description: endpoint is the Zookeeper cluster endpoint.
type: string
internalSecrets:
description: internalSecrets are internal secrets created by CFK for
this Confluent component.
@ -3842,15 +4232,41 @@ spec:
description: replicas is the number of replicas.
format: int32
type: integer
restConfig:
description: restConfig is the REST API configuration of the Zookeeper
cluster.
properties:
advertisedExternalEndpoints:
description: advertisedExternalEndpoints specifies other advertised
endpoints used, especially for Kafka.
items:
type: string
type: array
authenticationType:
description: authenticationType shows the authentication type
configured by the listener.
type: string
externalAccessType:
description: externalAccessType shows the external access type
used for the listener.
type: string
externalEndpoint:
description: externalEndpoint specifies the external endpoint
to connect to the Confluent component cluster.
type: string
internalEndpoint:
description: internalEndpoint specifies the internal endpoint
to connect to the Confluent component cluster.
type: string
tls:
description: tls shows whether TLS is configured for the listener.
type: boolean
type: object
selector:
description: selector gets the label selector of the child pod. The
Horizontal Pod Autoscaler(HPA) will scale using the label selector
of the child pod.
type: string
tls:
description: tls shows whether TLS is configured for the Zookeeper
cluster.
type: boolean
type: object
required:
- spec

View File

@ -1,5 +1,5 @@
{{- if .Values.rbac }}
{{- $clusterRole := or (not .Values.namespaced) (gt (len .Values.namespaceList) 0)}}
{{- $clusterRole := or (not .Values.namespaced) (.Values.kRaftEnabled) (gt (len .Values.namespaceList) 0)}}
apiVersion: rbac.authorization.k8s.io/v1
{{- if not $clusterRole }}
kind: Role
@ -66,11 +66,18 @@ rules:
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- persistentvolumes
- secrets
- secrets/finalizers
- pods

View File

@ -1,5 +1,5 @@
{{- if .Values.rbac }}
{{- $clusterRoleBinding := or (not .Values.namespaced) (gt (len .Values.namespaceList) 0)}}
{{- $clusterRoleBinding := or (not .Values.namespaced) (.Values.kRaftEnabled) (gt (len .Values.namespaceList) 0)}}
{{- if not $clusterRoleBinding }}
kind: RoleBinding
{{- else }}

View File

@ -97,6 +97,8 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: DEPLOYMENT_NAME
value: {{ .Values.name }}
{{- if .Values.managedCerts.enabled }}
{{- if and (empty .Values.managedCerts.caCertificate.secretRef) (empty .Values.managedCerts.caCertificate.directoryPathInContainer) }}
{{- $_ := required "secretRef or directoryPathInContainer must be configured when managedCerts is enabled" .Values.managedCerts.secretRef }}
@ -139,10 +141,14 @@ spec:
- name: CONFLUENT_LICENSE_DIRECTORY_PATH
value: {{ .Values.license.directoryPathInContainer }}
{{- end }}
{{- if .Values.telemetry.enabled }}
{{- if or (.Values.telemetry.enabled) (.Values.telemetry.operator.enabled) }}
{{- if and (empty .Values.telemetry.secretRef) (empty .Values.telemetry.directoryPathInContainer) }}
{{- $_ := required "secretRef or directoryPathInContainer must be configured when telemetry is enabled" .Values.telemetry.secretRef }}
{{- end }}
- name: CP_TELEMETRY_ENABLED
value: {{ quote .Values.telemetry.enabled }}
- name: OPERATOR_TELEMETRY_ENABLED
value: {{ quote .Values.telemetry.operator.enabled }}
{{- if .Values.telemetry.secretRef }}
- name: CONFLUENT_TELEMETRY_SECRET_NAME
value: {{ .Values.telemetry.secretRef }}

View File

@ -53,6 +53,7 @@ webhooks:
resources:
- zookeepers
- kafkas
- kraftcontrollers
- ksqldbs
- controlcenters
scope: Namespaced

View File

@ -81,7 +81,7 @@ image:
registry: docker.io
repository: confluentinc/confluent-operator
pullPolicy: IfNotPresent
tag: "0.581.55"
tag: "0.771.13"
###
## Priority class for Confluent Operator pod
@ -196,6 +196,8 @@ clusterRole:
## proxy.password=<proxy_password>
##
telemetry:
operator:
enabled: false
enabled: false
proxy:
enabled: false
@ -205,6 +207,11 @@ telemetry:
## you mount telemetry.txt in the path you provided here in each pod
directoryPathInContainer: ""
## In case of KRaft, we need to preserve the KRaft ClusterID in PV annotation
## for disaster recovery case. Enabling this ensures we create proper ClusterRoles
## to be able to set this annotation in PersistentVolumes.
kRaftEnabled: false
###
### Webhooks configuration
## To enable webhooks, it requires TLS certificates to set up webhook server,

View File

@ -1,5 +1,21 @@
# Datadog changelog
## 3.27.0
* Default `Agent` and `Cluster-Agent` to `7.44.0` version.
## 3.26.2
* Adds statx syscall to seccomp for system-probe
## 3.26.1
* Add support for `topologySpreadConstraints` in pod templates
## 3.26.0
* Default `Agent` and `Cluster-Agent` to `7.43.2` version.
## 3.25.5
* Adds securityContext and resource annotations for initContainers in cluster agent

View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.25.5
version: 3.27.0

View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.25.5](https://img.shields.io/badge/Version-3.25.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.27.0](https://img.shields.io/badge/Version-3.27.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -449,7 +449,7 @@ helm install <RELEASE_NAME> \
| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
| agents.image.tag | string | `"7.43.1"` | Define the Agent version to use |
| agents.image.tag | string | `"7.44.0"` | Define the Agent version to use |
| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@ -511,7 +511,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
| clusterAgent.image.tag | string | `"7.43.1"` | Cluster Agent image tag to use |
| clusterAgent.image.tag | string | `"7.44.0"` | Cluster Agent image tag to use |
| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@ -542,6 +542,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.token | string | `""` | Cluster Agent token is a preshared key between node agents and cluster agent (autogenerated if empty, needs to be at least 32 characters a-zA-z) |
| clusterAgent.tokenExistingSecret | string | `""` | Existing secret name to use for Cluster Agent token. Put the Cluster Agent token in a key named `token` inside the Secret |
| clusterAgent.tolerations | list | `[]` | Allow the Cluster Agent Deployment to schedule on tainted nodes ((requires Kubernetes >= 1.6)) |
| clusterAgent.topologySpreadConstraints | list | `[]` | Allow the Cluster Agent Deployment to schedule using pod topology spreading |
| clusterAgent.useHostNetwork | bool | `false` | Bind ports on the hostNetwork |
| clusterAgent.volumeMounts | list | `[]` | Specify additional volumes to mount in the cluster-agent container |
| clusterAgent.volumes | list | `[]` | Specify additional volumes to mount in the cluster-agent container |
@ -560,7 +561,7 @@ helm install <RELEASE_NAME> \
| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
| clusterChecksRunner.image.tag | string | `"7.43.1"` | Define the Agent version to use |
| clusterChecksRunner.image.tag | string | `"7.44.0"` | Define the Agent version to use |
| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |
@ -580,6 +581,7 @@ helm install <RELEASE_NAME> \
| clusterChecksRunner.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. |
| clusterChecksRunner.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the ClusterChecks deployment to perform a rolling update on helm update |
| clusterChecksRunner.tolerations | list | `[]` | Tolerations for pod assignment |
| clusterChecksRunner.topologySpreadConstraints | list | `[]` | Allow the ClusterChecks Deployment to schedule using pod topology spreading |
| clusterChecksRunner.volumeMounts | list | `[]` | Specify additional volumes to mount in the cluster checks container |
| clusterChecksRunner.volumes | list | `[]` | Specify additional volumes to mount in the cluster checks container |
| commonLabels | object | `{}` | Labels to apply to all resources |

View File

@ -254,4 +254,8 @@ spec:
tolerations:
{{ toYaml .Values.clusterChecksRunner.tolerations | indent 8 }}
{{- end }}
{{- with .Values.clusterChecksRunner.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}

View File

@ -419,4 +419,8 @@ spec:
{{- if .Values.clusterAgent.nodeSelector }}
{{ toYaml .Values.clusterAgent.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.clusterAgent.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}

View File

@ -239,6 +239,7 @@ data:
"stat",
"stat64",
"statfs",
"statx",
"symlinkat",
"sysinfo",
"tgkill",

View File

@ -802,7 +802,7 @@ clusterAgent:
name: cluster-agent
# clusterAgent.image.tag -- Cluster Agent image tag to use
tag: 7.43.1
tag: 7.44.0
# clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified
digest: ""
@ -1024,6 +1024,12 @@ clusterAgent:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# clusterAgent.topologySpreadConstraints -- Allow the Cluster Agent Deployment to schedule using pod topology spreading
## By default, no constraints are set, allowing cluster defaults to be used for scheduling
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# clusterAgent.healthPort -- Port number to use in the Cluster Agent for the healthz endpoint
healthPort: 5556
@ -1148,7 +1154,7 @@ agents:
name: agent
# agents.image.tag -- Define the Agent version to use
tag: 7.43.1
tag: 7.44.0
# agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
digest: ""
@ -1614,7 +1620,7 @@ clusterChecksRunner:
name: agent
# clusterChecksRunner.image.tag -- Define the Agent version to use
tag: 7.43.1
tag: 7.44.0
# clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
digest: ""
@ -1682,6 +1688,12 @@ clusterChecksRunner:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# clusterChecksRunner.topologySpreadConstraints -- Allow the ClusterChecks Deployment to schedule using pod topology spreading
## By default, no constraints are set, allowing cluster defaults to be used for scheduling
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# clusterChecksRunner.strategy -- Allow the ClusterChecks deployment to perform a rolling update on helm update
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
appVersion: 0.11.0
appVersion: 0.11.1
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
@ -20,4 +20,4 @@ name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
version: 0.11.0
version: 0.11.1

View File

@ -3383,6 +3383,16 @@ spec:
properties:
activeGate:
properties:
connectionInfoStatus:
properties:
endpoints:
type: string
lastRequest:
format: date-time
type: string
tenantUUID:
type: string
type: object
imageID:
type: string
lastProbeTimestamp:
@ -3477,12 +3487,6 @@ spec:
type: array
dynatraceApi:
properties:
lastActiveGateConnectionInfoRequest:
format: date-time
type: string
lastOneAgentConnectionInfoRequest:
format: date-time
type: string
lastTokenScopeRequest:
format: date-time
type: string
@ -3499,6 +3503,28 @@ spec:
type: string
oneAgent:
properties:
connectionInfoStatus:
properties:
communicationHosts:
items:
properties:
host:
type: string
port:
format: int32
type: integer
protocol:
type: string
type: object
type: array
endpoints:
type: string
lastRequest:
format: date-time
type: string
tenantUUID:
type: string
type: object
imageID:
type: string
instances:

View File

@ -89,4 +89,4 @@ sources:
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
version: 5.0.10
version: 5.0.11

View File

@ -177,8 +177,7 @@ honors global options as described below.
| global.serviceAccount.name | string | `nil` | Change the name of the service account. This is honored if you disable on this chart the creation of the service account so you can use your own |
| global.tolerations | list | `[]` | Sets pod's tolerations to node taints |
| global.verboseLog | bool | false | Sets the debug logs to this integration or all integrations if it is set globally |
| kube-state-metrics.collectors | object | See [`values.yaml`](values.yaml) of the kube-state-metric chart | Collectors configuration of kube-state-metric |
| kube-state-metrics.enabled | bool | `false` | Install the [`kube-state-metrics` chart](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics) from the stable helm charts repository. This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0. Note, kube-state-metrics v2+ disables labels/annotations metrics by default. You can enable the target labels/annotations metrics to be monitored by using the metricLabelsAllowlist/metricAnnotationsAllowList options described [here](https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md) in your Kubernetes clusters |
| kube-state-metrics.enabled | bool | `false` | Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository. This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0 |
| newrelic-infra-operator.enabled | bool | `false` | Install the [`newrelic-infra-operator` chart](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) (Beta) |
| newrelic-infrastructure.enabled | bool | `true` | Install the [`newrelic-infrastructure` chart](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) |
| newrelic-k8s-metrics-adapter.enabled | bool | `false` | Install the [`newrelic-k8s-metrics-adapter.` chart](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) (Beta) |

View File

@ -17,7 +17,7 @@ here is a list of components that this chart installs and where you can find mor
|------------------------------|-----------------------|-------------|
| [newrelic-infrastructure](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure) | Yes | Sends metrics about nodes, cluster objects (e.g. Deployments, Pods), and the control plane to New Relic. |
| [nri-metadata-injection](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection) | Yes | Enriches New Relic-instrumented applications (APM) with Kubernetes information. |
| [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. |
| [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) | | Required for `newrelic-infrastructure` to gather cluster-level metrics. |
| [nri-kube-events](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events) | | Reports Kubernetes events to New Relic. |
| [newrelic-infra-operator](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) | | (Beta) Used with Fargate or serverless environments to inject `newrelic-infrastructure` as a sidecar instead of the usual DaemonSet. |
| [newrelic-k8s-metrics-adapter](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) | | (Beta) Provides a source of data for Horizontal Pod Autoscalers (HPA) based on a NRQL query from New Relic. |

View File

@ -11,7 +11,7 @@ nri-metadata-injection:
enabled: true
kube-state-metrics:
# kube-state-metrics.enabled -- Install the [`kube-state-metrics` chart](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics) from the stable helm charts repository.
# kube-state-metrics.enabled -- Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository.
# This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0
enabled: false

View File

@ -22,6 +22,6 @@ dependencies:
version: 0.10.0
- name: mayastor
repository: https://openebs.github.io/mayastor-extensions
version: 2.0.1
digest: sha256:3f27864981685c4f67b201ecf1afd8f876685f3ffe5fec626dfd808e625674d4
generated: "2023-03-15T11:40:02.953579044Z"
version: 2.1.0
digest: sha256:7a5581f9f69600f76a026edd6057b40b598d989b7e8f4852409ba1f285777392
generated: "2023-04-26T18:11:53.841045084Z"

View File

@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: OpenEBS
catalog.cattle.io/release-name: openebs
apiVersion: v2
appVersion: 3.5.0
appVersion: 3.6.0
dependencies:
- condition: openebs-ndm.enabled
name: openebs-ndm
@ -36,7 +36,7 @@ dependencies:
- condition: mayastor.enabled
name: mayastor
repository: file://./charts/mayastor
version: 2.0.1
version: 2.1.0
description: Containerized Attached Storage for Kubernetes
home: http://www.openebs.io/
icon: https://raw.githubusercontent.com/cncf/artwork/HEAD/projects/openebs/icon/color/openebs-icon-color.png
@ -58,4 +58,4 @@ maintainers:
name: openebs
sources:
- https://github.com/openebs/openebs
version: 3.5.0
version: 3.6.0

View File

@ -148,7 +148,7 @@ The following table lists the common configurable parameters of the OpenEBS char
| `mayastor.etcd.persistence.size` | Set the size of the volume(s) used by the etcd | `""` |
| `mayastor.image.registry` | Set the container image registry for the mayastor containers | `"docker.io"` |
| `mayastor.image.repo` | Set the container image repository for the mayastor containers | `"openebs"` |
| `mayastor.image.tag` | Set the container image tag for the mayastor containers | `"v2.0.1"` |
| `mayastor.image.tag` | Set the container image tag for the mayastor containers | `"v2.1.0"` |
| `mayastor.image.pullPolicy` | Set the container ImagePullPolicy for the mayastor containers | `"Always"` |
| `mayastor.csi.image.registry` | Set the container image registry for the Kubernetes CSI sidecar containers | `"registry.k8s.io"` |
| `mayastor.csi.image.repo` | Set the container image repository for the Kubernetes CSI sidecar containers | `"sig-storage"` |

View File

@ -9,4 +9,4 @@ dependencies:
repository: https://grafana.github.io/helm-charts
version: 2.6.4
digest: sha256:3d832d0ef2dd68bda649805711ef21fd5e5fb3841c1c6b9a4200703475cf6c28
generated: "2023-03-13T17:37:10.19817861Z"
generated: "2023-04-26T16:19:24.221513168Z"

View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 2.0.1
appVersion: 2.1.0
dependencies:
- name: etcd
repository: https://charts.bitnami.com/bitnami
@ -15,4 +15,4 @@ dependencies:
description: Mayastor Helm chart for Kubernetes
name: mayastor
type: application
version: 2.0.1
version: 2.1.0

View File

@ -8,7 +8,7 @@ repository:
name: mayastor
chart:
name: mayastor
version: 2.0.1
version: 2.1.0
values: "-- generate from values file --"
valuesExample: "-- generate from values file --"
prerequisites:

View File

@ -98,14 +98,38 @@ Usage:
{{- end }}
{{- end -}}
{{/* Generate CPU list specification based on CPU count (-l param of mayastor) */}}
{{/* Generate Core list specification (-l param of io-engine) */}}
{{- define "cpuFlag" -}}
{{- range $i, $e := until (int .Values.io_engine.cpuCount) }}
{{- if gt $i 0 }}
{{- printf "," }}
{{- end }}
{{- printf "%d" (add $i 1) }}
{{- end }}
{{- include "coreListUniq" . -}}
{{- end -}}
{{/* Get the number of cores from the coreList */}}
{{- define "coreCount" -}}
{{- include "coreListUniq" . | split "," | len -}}
{{- end -}}
{{/* Get a list of cores as a comma-separated list */}}
{{- define "coreListUniq" -}}
{{- if .Values.io_engine.coreList -}}
{{- $cores_pre := .Values.io_engine.coreList -}}
{{- if not (kindIs "slice" .Values.io_engine.coreList) -}}
{{- $cores_pre = list $cores_pre -}}
{{- end -}}
{{- $cores := list -}}
{{- range $index, $value := $cores_pre | uniq -}}
{{- $value = $value | toString | replace " " "" }}
{{- if eq ($value | int | toString) $value -}}
{{- $cores = append $cores $value -}}
{{- end -}}
{{- end -}}
{{- $first := first $cores | required (print "At least one core must be specified in io_engine.coreList") -}}
{{- $cores | join "," -}}
{{- else -}}
{{- if gt 1 (.Values.io_engine.cpuCount | int) -}}
{{- fail ".Values.io_engine.cpuCount must be >= 1" -}}
{{- end -}}
{{- untilStep 1 (add 1 .Values.io_engine.cpuCount | int) 1 | join "," -}}
{{- end -}}
{{- end }}
{{/*

View File

@ -25,11 +25,11 @@ spec:
{{- include "base_pull_secrets" . }}
initContainers:
{{- include "base_init_core_containers" . }}
priorityClassName: {{ default "system-cluster-critical" .Values.priorityClassName }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
tolerations: {{- toYaml .Values.earlyEvictionTolerations | nindent 8}}
priorityClassName: system-cluster-critical # Priority class provided by k8s by default.
containers:
- name: agent-core
resources:
@ -39,7 +39,7 @@ spec:
requests:
cpu: {{ .Values.agents.core.resources.requests.cpu | quote }}
memory: {{ .Values.agents.core.resources.requests.memory | quote }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-core:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-core:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-s{{ .Release.Name }}-etcd:{{ .Values.etcd.service.port }}"
@ -47,6 +47,9 @@ spec:
- "--cache-period={{ .Values.base.cache_poll_period }}"{{ if .Values.base.jaeger.enabled }}
- "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }}
- "--grpc-server-addr=0.0.0.0:50051"
- "--pool-commitment={{ .Values.agents.core.capacity.thin.poolCommitment }}"
- "--volume-commitment-initial={{ .Values.agents.core.capacity.thin.volumeCommitmentInitial }}"
- "--volume-commitment={{ .Values.agents.core.capacity.thin.volumeCommitment }}"
ports:
- containerPort: 50051
env:
@ -72,7 +75,7 @@ spec:
requests:
cpu: {{ .Values.agents.ha.cluster.resources.requests.cpu | quote }}
memory: {{ .Values.agents.ha.cluster.resources.requests.memory | quote }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-cluster:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-cluster:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-g=0.0.0.0:50052"

View File

@ -31,6 +31,9 @@ spec:
{{- include "base_init_ha_node_containers" . }}
imagePullSecrets:
{{- include "base_pull_secrets" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{- toYaml .Values.nodeSelector | nindent 8 }}
@ -42,7 +45,7 @@ spec:
{{- end }}
containers:
- name: agent-ha-node
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-node:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-node:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
privileged: true

View File

@ -24,11 +24,11 @@ spec:
{{- include "base_pull_secrets" . }}
initContainers:
{{- include "base_init_containers" . }}
priorityClassName: {{ default "system-cluster-critical" .Values.priorityClassName }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
tolerations: {{- toYaml .Values.earlyEvictionTolerations | nindent 8 }}
priorityClassName: system-cluster-critical # Priority class provided by k8s by default.
containers:
- name: api-rest
resources:
@ -38,7 +38,7 @@ spec:
requests:
cpu: {{ .Values.apis.rest.resources.requests.cpu | quote }}
memory: {{ .Values.apis.rest.resources.requests.memory | quote }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-api-rest:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-api-rest:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "--dummy-certificates"

View File

@ -28,6 +28,9 @@ spec:
initContainers:
{{- include "jaeger_agent_init_container" . }}
{{- include "rest_agent_init_container" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
@ -67,7 +70,7 @@ spec:
requests:
cpu: {{ .Values.csi.controller.resources.requests.cpu | quote }}
memory: {{ .Values.csi.controller.resources.requests.memory | quote }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-csi-controller:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-csi-controller:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "--csi-socket=/var/lib/csi/sockets/pluginproxy/csi.sock"
@ -89,4 +92,3 @@ spec:
volumes:
- name: socket-dir
emptyDir:

View File

@ -31,6 +31,9 @@ spec:
hostNetwork: true
imagePullSecrets:
{{- include "base_pull_secrets" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{- toYaml .Values.nodeSelector | nindent 8 }}
@ -46,7 +49,7 @@ spec:
# the same.
containers:
- name: csi-node
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-csi-node:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-csi-node:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
# we need privileged because we mount filesystems and use mknod
securityContext:
@ -75,7 +78,7 @@ spec:
- "--nvme-core-io-timeout={{ .Values.csi.node.nvme.io_timeout }}"{{ end }}{{ if .Values.csi.node.nvme.ctrl_loss_tmo }}
- "--nvme-ctrl-loss-tmo={{ .Values.csi.node.nvme.ctrl_loss_tmo }}"{{ end }}{{ if .Values.csi.node.nvme.keep_alive_tmo }}
- "--nvme-keep-alive-tmo={{ .Values.csi.node.nvme.keep_alive_tmo }}"{{ end }}
- "--nvme-nr-io-queues={{ .Values.io_engine.cpuCount }}"
- "--nvme-nr-io-queues={{ include "coreCount" . }}"
{{- range $key, $val := .Values.csi.node.topology.segments }}
- "--node-selector={{ $key }}={{ $val }}"
{{- end }}

View File

@ -28,12 +28,15 @@ spec:
# To resolve services in the namespace
dnsPolicy: ClusterFirstWithHostNet
nodeSelector: {{- .Values.io_engine.nodeSelector | toYaml | nindent 8 }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
initContainers:
{{- include "base_init_containers" . }}
containers:
{{- if .Values.base.metrics.enabled }}
- name: metrics-exporter-pool
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-metrics-exporter-pool:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-metrics-exporter-pool:{{ default .Values.image.tag .Values.image.repoTags.extensions }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: MY_NODE_NAME
@ -55,7 +58,7 @@ spec:
name: metrics
{{- end }}
- name: io-engine
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-io-engine:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-io-engine:{{ default .Values.image.tag .Values.image.repoTags.dataPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: RUST_LOG
@ -109,11 +112,11 @@ spec:
mountPath: /dev/hugepages
resources:
limits:
cpu: {{ .Values.io_engine.resources.limits.cpu | default .Values.io_engine.cpuCount | quote }}
cpu: {{ .Values.io_engine.resources.limits.cpu | default (include "coreCount" .) | quote }}
memory: {{ .Values.io_engine.resources.limits.memory | quote }}
hugepages-2Mi: {{ .Values.io_engine.resources.limits.hugepages2Mi | quote }}
requests:
cpu: {{ .Values.io_engine.resources.requests.cpu | default .Values.io_engine.cpuCount | quote }}
cpu: {{ .Values.io_engine.resources.requests.cpu | default (include "coreCount" .) | quote }}
memory: {{ .Values.io_engine.resources.requests.memory | quote }}
hugepages-2Mi: {{ .Values.io_engine.resources.requests.hugepages2Mi | quote }}
ports:

View File

@ -23,12 +23,15 @@ spec:
serviceAccount: {{ .Release.Name }}-service-account
imagePullSecrets:
{{- include "base_pull_secrets" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
containers:
- name: obs-callhome
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-obs-callhome:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-obs-callhome:{{ default .Values.image.tag .Values.image.repoTags.extensions }}"
args:
- "-e http://{{ .Release.Name }}-api-rest:8081"
- "-n {{ .Release.Namespace }}"

View File

@ -25,6 +25,9 @@ spec:
{{- include "base_pull_secrets" . }}
initContainers:
{{- include "base_init_containers" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
@ -37,7 +40,7 @@ spec:
requests:
cpu: {{ .Values.operators.pool.resources.requests.cpu | quote }}
memory: {{ .Values.operators.pool.resources.requests.memory | quote }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-operator-diskpool:{{ .Values.image.tag }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-operator-diskpool:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-e http://{{ .Release.Name }}-api-rest:8081"

View File

@ -20,10 +20,14 @@ rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "get", "update", "list"]
# must read mayastorpools info. This is needed to handle upgrades from v1.
- apiGroups: [ "openebs.io" ]
resources: [ "mayastorpools" ]
verbs: ["get", "list", "patch", "delete", "deletecollection"]
# must read diskpool info
- apiGroups: ["openebs.io"]
resources: ["diskpools"]
verbs: ["get", "list", "watch", "update", "replace", "patch"]
verbs: ["get", "list", "watch", "update", "replace", "patch", "create"]
# must update diskpool status
- apiGroups: ["openebs.io"]
resources: ["diskpools/status"]

View File

@ -4,7 +4,17 @@ image:
# -- Image registry's namespace
repo: openebs
# -- Release tag for our images
tag: v2.0.1
tag: v2.1.0
repoTags:
# Note: Below image tag configuration is optional and typically should never be
# used. Setting specific image tags for the different repositories proves useful
# for some integration testing scenarios. Use the 'tag' option above to set
# release/pre-release container image tags.
# The below tag values will be picked for images by default.
# If not specified, 'tag' option provided above will be picked.
controlPlane: ""
dataPlane: ""
extensions: ""
# -- ImagePullPolicy for our images
pullPolicy: IfNotPresent
@ -15,6 +25,10 @@ image:
nodeSelector:
kubernetes.io/arch: amd64
# -- Pod scheduling priority
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
earlyEvictionTolerations:
- effect: NoExecute
key: node.kubernetes.io/unreachable
@ -119,6 +133,20 @@ agents:
core:
# -- Log level for the core service
logLevel: info
capacity:
thin:
# -- The allowed pool commitment limit when dealing with thin provisioned volumes.
# Example: If the commitment is 250 and the pool is 10GiB we can overcommit the pool
# up to 25GiB (create 2 10GiB and 1 5GiB volume) but no further.
poolCommitment: "250%"
# -- When creating replicas for an existing volume, each replica pool must have at least
# this much free space percentage of the volume size.
# Example: if this value is 40, the pool has 40GiB free, then the max volume size allowed
# to be created on the pool is 100GiB.
volumeCommitment: "40%"
# -- Same as the `volumeCommitment` argument, but applicable only when creating replicas
# for a new volume.
volumeCommitmentInitial: "40%"
resources:
limits:
# -- Cpu limits for core agents
@ -250,7 +278,7 @@ csi:
io_engine:
# -- Log level for the io-engine service
logLevel: info,io_engine=info
logLevel: info
api: "v1"
target:
nvmf:
@ -263,8 +291,11 @@ io_engine:
envcontext: ""
reactorFreezeDetection:
enabled: false
# -- The number of cpu that each io-engine instance will bind to.
# -- The number of cores that each io-engine instance will bind to.
cpuCount: "2"
# -- If not empty, overrides the cpuCount and explicitly sets the list of cores.
# Example: --set='io_engine.coreList={30,31}'
coreList: []
# -- Node selectors to designate storage nodes for diskpool creation
# Note that if multi-arch images support 'kubernetes.io/arch: amd64'
# should be removed.
@ -349,9 +380,13 @@ etcd:
# extra debug information on logs
debug: false
initialClusterState: "new"
# Pod anti-affinity preset
# -- Pod anti-affinity preset
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
podAntiAffinityPreset: "hard"
## -- nodeSelector [object] Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# etcd service parameters defines how the etcd service is exposed
service:

View File

@ -18,7 +18,7 @@ imagePullSecrets: []
release:
# "openebs.io/version" label for control plane components
version: "3.5.0"
version: "3.6.0"
# Legacy components will be installed if it is enabled.
# Legacy components are - admission-server, maya api-server, snapshot-operator
@ -404,7 +404,7 @@ mayastor:
# Sample configuration, if you want to configure mayastor with custom values.
# This is a small part of the full configuration. Full configuration available
# here - https://github.com/openebs/mayastor-extensions/blob/v2.0.1/chart/values.yaml
# here - https://github.com/openebs/mayastor-extensions/blob/v2.1.0/chart/values.yaml
image:
# -- Image registry to pull Mayastor product images
@ -412,9 +412,13 @@ mayastor:
# -- Image registry's namespace
repo: openebs
# -- Release tag for Mayastor images
tag: v2.0.1
tag: v2.1.0
# -- ImagePullPolicy for Mayastor images
pullPolicy: Always
pullPolicy: IfNotPresent
# -- Pod scheduling priority
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# priorityClassName: ""
# base:
# # docker-secrets required to pull images if the container registry from image.Registry is protected
@ -455,6 +459,20 @@ mayastor:
# core:
# # -- Log level for the core service
# logLevel: info
# capacity:
# thin:
# # -- The allowed pool commitment limit when dealing with thin provisioned volumes.
# # Example: If the commitment is 250 and the pool is 10GiB we can overcommit the pool
# # up to 25GiB (create 2 10GiB and 1 5GiB volume) but no further.
# poolCommitment: "250%"
# # -- When creating replicas for an existing volume, each replica pool must have at least
# # this much free space percentage of the volume size.
# # Example: if this value is 40, the pool has 40GiB free, then the max volume size allowed
# # to be created on the pool is 100GiB.
# volumeCommitment: "40%"
# # -- Same as the `volumeCommitment` argument, but applicable only when creating replicas
# # for a new volume.
# volumeCommitmentInitial: "40%"
# ha:
# enabled: true
# node:
@ -501,7 +519,7 @@ mayastor:
# io_engine:
# # -- Log level for the io-engine service
# logLevel: info,io_engine=info
# logLevel: info
# # -- Node selectors to designate storage nodes for diskpool creation
# # Note that if multi-arch images support 'kubernetes.io/arch: amd64'
# # should be removed.

View File

@ -16,4 +16,4 @@ maintainers:
- email: sergey.pronin@percona.com
name: spron-in
name: psmdb-operator
version: 1.14.1
version: 1.14.2

View File

@ -40,6 +40,7 @@ The chart can be customized using the following configurable parameters:
| `rbac.create` | If false RBAC will not be created. RBAC resources will need to be created manually | `true` |
| `securityContext` | Container Security Context | `{}` |
| `serviceAccount.create` | If false the ServiceAccounts will not be created. The ServiceAccounts must be created manually | `true` |
| `disableTelemetry` | Disable sending PSMDB Operator telemetry data to Percona | `false` |
Specify parameters using `--set key=value[,key=value]` argument to `helm install`

View File

@ -56,6 +56,8 @@ spec:
value: "{{ .Values.env.resyncPeriod }}"
- name: LOG_VERBOSE
value: "{{ .Values.env.logVerbose }}"
- name: DISABLE_TELEMETRY
value: "{{ .Values.disableTelemetry }}"
# livenessProbe:
# httpGet:
# path: /

View File

@ -9,6 +9,12 @@ image:
tag: 1.14.0
pullPolicy: IfNotPresent
# disableTelemetry: according to
# https://docs.percona.com/percona-operator-for-mongodb/telemetry.html
# this is how you can disable telemetry collection
# default is false which means telemetry will be collected
disableTelemetry: false
# set if you want to specify a namespace to watch
# defaults to `.Release.namespace` if left blank
# watchNamespace:

View File

@ -31,4 +31,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
version: 4.0.7
version: 4.0.12

View File

@ -19,7 +19,8 @@ statefulset:
external:
enabled: true
type: LoadBalancer
# was LoadBalancer, here we are concerned with external addresses working so this is ok
type: NodePort
domain: my-domain
addresses:
- redpanda-1

View File

@ -1,49 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
license_key: "dGVzdAo=.dGVzdAo="
storage:
tieredConfig:
cloud_storage_enabled: true
false_value: false
zero_value: 0
null_value: null
empty_array_value: []
empty_map_value: {}
empty_string_value: ""
config:
cluster:
false_value: false
zero_value: 0
null_value: null
empty_array_value: []
empty_map_value: {}
empty_string_value: ""
tunable:
false_value: false
zero_value: 0
null_value: null
empty_array_value: []
empty_map_value: {}
empty_string_value: ""
node:
false_value: false
zero_value: 0
null_value: null
empty_array_value: []
empty_map_value: {}
empty_string_value: ""

View File

@ -449,9 +449,8 @@ than 1 core.
{{- define "tunable" -}}
{{- $tunable := dig "tunable" dict .Values.config -}}
{{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool -}}
{{- toYaml $tunable | nindent 4 -}}
{{- range $key, $element := $tunable }}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}
@ -460,7 +459,7 @@ than 1 core.
{{- $tunable = unset $tunable "log_segment_size_max" -}}
{{- $tunable = unset $tunable "kafka_batch_max_bytes" -}}
{{- range $key, $element := $tunable }}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}

View File

@ -71,7 +71,7 @@ data:
{{- end }}
{{- with (dig "cluster" dict .Values.config) }}
{{- range $key, $element := .}}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}
@ -87,7 +87,7 @@ data:
{{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}}
{{- end }}
{{- range $key, $element := $tieredStorageConfig}}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}
@ -115,14 +115,14 @@ data:
{{- end }}
{{- with (dig "cluster" dict .Values.config) }}
{{- range $key, $element := .}}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}
{{- end }}
{{- with (dig "tunable" dict .Values.config) }}
{{- range $key, $element := .}}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}
@ -132,7 +132,7 @@ data:
{{- end }}
{{- with dig "node" dict .Values.config }}
{{- range $key, $element := .}}
{{- if $element }}
{{- if or (eq (typeOf $element) "bool") $element }}
{{ $key }}: {{ $element | toYaml }}
{{- end }}
{{- end }}
@ -200,7 +200,7 @@ data:
{{- $certPath := printf "/etc/tls/certs/%s" $certName }}
{{- $cert := get $values.tls.certs $certName }}
{{- if empty $cert }}
{{- fail (printf "Certificate, '%s', used but not defined")}}
{{- fail (printf "Certificate, '%s', used but not defined" $certName)}}
{{- end }}
- name: {{ $name }}
enabled: true

View File

@ -26,6 +26,15 @@ limitations under the License.
{{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset -}}
{{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset -}}
{{- $root := deepCopy . }}
{{- if not (include "redpanda-atleast-22-2-0" . | fromJson).bool -}}
{{- if eq (get .Values "force" | default false) false -}}
{{- fail (
printf "\n\nError: The Redpanda version (%s) is not longer supported \nTo accept this risk, run the upgrade again adding `--set force=true`\n" (( include "redpanda.semver" . ))
)
-}}
{{- end -}}
{{- end -}}
---
apiVersion: apps/v1
kind: StatefulSet
@ -68,7 +77,7 @@ spec:
rpk redpanda tune all
securityContext:
capabilities:
add: ["CAP_SYS_RESOURCE"]
add: ["SYS_RESOURCE"]
privileged: true
runAsUser: 0
runAsGroup: 0

View File

@ -14,9 +14,10 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.enabled (include "redpanda-atleast-23-1-1" .|fromJson).bool -}}
{{- $sasl := .Values.auth.sasl }}
{{- $useSaslSecret := and $sasl.enabled (not (empty $sasl.secretRef )) }}
{{- if .Values.rbac.enabled -}}
apiVersion: v1
kind: Pod
metadata:

View File

@ -149,7 +149,7 @@ tls:
# -- Example external tls configuration
# uncomment and set the right key to the listeners that require them
# also enable the tls setting for those listeners.
# external:
external:
# -- To use a custom pre-installed Issuer,
# add its name and kind to the `issuerRef` object.
# issuerRef:
@ -160,7 +160,7 @@ tls:
# name: my-tls-secret
# -- Set the `caEnabled` flag to `true` only for Certificates
# that are not authenticated using public authorities.
# caEnabled: true
caEnabled: true
# duration: 43800h
# -- External access settings.
@ -639,6 +639,9 @@ listeners:
# List one port if you want to use the same port for each broker (would be the case when using NodePort service).
# Otherwise, list the port you want to use for each broker in order of StatefulSet replicas.
# If undefined, `listeners.admin.port` is used.
tls:
# enabled: true
cert: external
advertisedPorts:
- 31644
# -- Optional TLS section (required if global TLS is enabled)
@ -666,11 +669,9 @@ listeners:
# -- If undefined, `listeners.kafka.external.default.port` is used.
advertisedPorts:
- 31092
# -- Uncomment to define external tls
# tls:
# # Optional flag to override the global TLS enabled flag.
# # enabled: true
# cert: external
tls:
# enabled: true
cert: external
# -- RPC listener (this is never externally accessible).
rpc:
port: 33145
@ -695,11 +696,9 @@ listeners:
port: 8084
advertisedPorts:
- 30081
# -- Uncomment to define external tls
# tls:
# # Optional flag to override the global TLS enabled flag.
# # enabled: true
# cert: external
tls:
# enabled: true
cert: external
# -- HTTP API listeners (aka PandaProxy).
http:
enabled: true
@ -716,11 +715,9 @@ listeners:
port: 8083
advertisedPorts:
- 30082
# -- Uncomment to define external tls
# tls:
# # Optional flag to override the global TLS enabled flag.
# # enabled: true
# cert: external
tls:
# enabled: true
cert: external
# Expert Config
# Here be dragons!

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 1.2.551
appVersion: 1.2.575
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
home: https://speedscale.com
@ -24,4 +24,4 @@ maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
version: 1.2.36
version: 1.2.40

View File

@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
### Upgrade to 1.2.36
### Upgrade to 1.2.40
```bash
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.36/templates/crds/trafficreplays.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.40/templates/crds/trafficreplays.yaml
```
### Upgrade to 1.1.0

View File

@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
### Upgrade to 1.2.36
### Upgrade to 1.2.40
```bash
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.36/templates/crds/trafficreplays.yaml
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.40/templates/crds/trafficreplays.yaml
```
### Upgrade to 1.1.0

View File

@ -58,15 +58,15 @@ spec:
image: '{{ .Values.image.registry }}/operator:{{ .Values.image.tag }}'
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
failureThreshold: 3
failureThreshold: 5
httpGet:
path: /healthz
port: health-check
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 2
timeoutSeconds: 5
name: operator
ports:
- containerPort: 9443
@ -74,15 +74,15 @@ spec:
- containerPort: 8081
name: health-check
readinessProbe:
failureThreshold: 5
failureThreshold: 10
httpGet:
path: /readyz
port: health-check
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 1
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
timeoutSeconds: 5
resources:
limits:
cpu: 100m

View File

@ -20,7 +20,7 @@ clusterName: "my-cluster"
# Speedscale components image settings.
image:
registry: gcr.io/speedscale
tag: v1.2.551
tag: v1.2.575
pullPolicy: Always
# Log level for Speedscale components.

Some files were not shown because too many files have changed in this diff Show More