andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #934 from nflondo/main-source 

Charts CI
pull/936/head
Nefi Munoz 2023-11-06 08:33:26 -07:00 committed by GitHub
parent f4bff192fd 9360591e81
commit 34adf40058
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
295 changed files with 6849 additions and 2062 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/amd/amd-gpu-0.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.49.0.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.51.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-10.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-26.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.14.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-13.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-18.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-8.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-18.1.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-12.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/crowdstrike/falcon-sensor-1.23.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.43.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.34.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/harbor/harbor-1.13.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/consul-1.2.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.0.1201.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.31.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.4.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.107.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-1.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.6.38.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.4.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.20.tgz Normal file
View File

Binary file not shown.

BIN
assets/weka/csi-wekafsplugin-2.3.1.tgz Normal file
View File

Binary file not shown.

6
charts/amd/amd-gpu/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: node-feature-discovery
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
version: 0.13.3
digest: sha256:a4f46d22c9ecd5b82cc2ed17da0c34b0e4936f6365bb61b474ec2780e9af3636
generated: "2023-08-23T02:41:44.856348249Z"
version: 0.14.3
digest: sha256:a1651e3e727f3f60f286930ab341af1009cce742b181d19b9ec75d392c5c339b
generated: "2023-11-03T05:15:42.351779792Z"

4
charts/amd/amd-gpu/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.18.0-0'
catalog.cattle.io/release-name: amd-gpu
apiVersion: v2
appVersion: 1.25.2.4
appVersion: 1.25.2.5
dependencies:
- condition: nfd.enabled
name: node-feature-discovery
@ -25,4 +25,4 @@ name: amd-gpu
sources:
- https://github.com/RadeonOpenCompute/k8s-device-plugin
type: application
version: 0.9.0
version: 0.10.0

2
charts/amd/amd-gpu/README.md
View File

@ -1,6 +1,6 @@
# AMD GPU Helm Chart
![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.4](https://img.shields.io/badge/AppVersion-1.25.2.4-informational?style=flat-square)
![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.5](https://img.shields.io/badge/AppVersion-1.25.2.5-informational?style=flat-square)
A Helm chart for deploying Kubernetes AMD GPU device plugin

4
charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: v0.13.3
appVersion: v0.14.3
description: 'Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels. '
home: https://github.com/kubernetes-sigs/node-feature-discovery
@ -11,4 +11,4 @@ name: node-feature-discovery
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.13.3
version: 0.14.3

2
charts/amd/amd-gpu/charts/node-feature-discovery/README.md
View File

@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs.
See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.13/deployment/helm.html)
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.14/deployment/helm.html)
for deployment instructions.

6
charts/amd/amd-gpu/charts/node-feature-discovery/crds/nfd-api-crds.yaml
View File

@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.12.1
name: nodefeatures.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
@ -114,8 +113,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.12.1
name: nodefeaturerules.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/_helpers.tpl
View File

@ -96,12 +96,12 @@ Create the name of the service account which topologyUpdater will use
{{- end -}}
{{/*
Create the name of the service account which topologyGC will use
Create the name of the service account which nfd-gc will use
*/}}
{{- define "node-feature-discovery.topologyGC.serviceAccountName" -}}
{{- if .Values.topologyGC.serviceAccount.create -}}
{{ default (printf "%s-topology-gc" (include "node-feature-discovery.fullname" .)) .Values.topologyGC.serviceAccount.name }}
{{- define "node-feature-discovery.gc.serviceAccountName" -}}
{{- if .Values.gc.serviceAccount.create -}}
{{ default (printf "%s-gc" (include "node-feature-discovery.fullname" .)) .Values.gc.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.topologyGC.serviceAccount.name }}
{{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}}
{{- end -}}

28
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrole.yaml
View File

@ -25,10 +25,25 @@ rules:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
{{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -65,12 +80,12 @@ rules:
- update
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
---
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
name: {{ include "node-feature-discovery.fullname" . }}-gc
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
@ -94,4 +109,11 @@ rules:
verbs:
- delete
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
{{- end }}

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrolebinding.yaml
View File

@ -15,8 +15,8 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@ -33,20 +33,20 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
---
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
name: {{ include "node-feature-discovery.fullname" . }}-gc
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects:
- kind: ServiceAccount
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }}
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

26
charts/amd/amd-gpu/charts/node-feature-discovery/templates/master.yaml
View File

@ -6,8 +6,10 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
role: master
{{- with .Values.master.deploymentAnnotations }}
annotations:
{{- toYaml .Values.master.deploymentAnnotations | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.master.replicaCount }}
selector:
@ -19,8 +21,10 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: master
{{- with .Values.master.annotations }}
annotations:
{{- toYaml .Values.master.annotations | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@ -66,6 +70,8 @@ spec:
ports:
- containerPort: {{ .Values.master.port | default "8080" }}
name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
env:
- name: NODE_NAME
valueFrom:
@ -80,8 +86,10 @@ spec:
- "-instance={{ .Values.master.instance }}"
{{- end }}
- "-port={{ .Values.master.port | default "8080" }}"
{{- if .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api"
{{- if not .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election"
{{- end }}
{{- if .Values.master.extraLabelNs | empty | not }}
- "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
@ -99,16 +107,23 @@ spec:
- "-crd-controller={{ .Values.master.crdController }}"
{{- else }}
## By default, disable crd controller for other than the default instances
- "-featurerules-controller={{ .Values.master.instance | empty }}"
- "-crd-controller={{ .Values.master.instance | empty }}"
{{- end }}
{{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
- "-featurerules-controller={{ .Values.master.featureRulesController }}"
{{- end }}
{{- if .Values.master.resyncPeriod }}
- "-resync-period={{ .Values.master.resyncPeriod }}"
{{- end }}
{{- if .Values.master.nfdApiParallelism | empty | not }}
- "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
- "-metrics={{ .Values.master.metricsPort | default "8081" }}"
volumeMounts:
{{- if .Values.tls.enable }}
- name: nfd-master-cert
@ -130,7 +145,6 @@ spec:
items:
- key: nfd-master.conf
path: nfd-master.conf
{{- with .Values.master.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

46
charts/amd/amd-gpu/charts/node-feature-discovery/templates/topology-gc.yaml → charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-gc.yaml
View File

@ -1,36 +1,42 @@
{{- if and .Values.topologyGC.enable .Values.topologyUpdater.enable -}}
{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
name: {{ include "node-feature-discovery.fullname" . }}-gc
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
role: topology-gc
role: gc
{{- with .Values.gc.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.topologyGC.replicaCount | default 1 }}
replicas: {{ .Values.gc.replicaCount | default 1 }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: topology-gc
role: gc
template:
metadata:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-gc
role: gc
{{- with .Values.gc.annotations }}
annotations:
{{- toYaml .Values.topologyGC.annotations | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.topologyGC.serviceAccountName | default "nfd-topology-gc" }}
serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.topologyGC.podSecurityContext | nindent 8 }}
{{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
containers:
- name: topology-gc
- name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env:
@ -39,25 +45,29 @@ spec:
fieldRef:
fieldPath: spec.nodeName
command:
- "nfd-topology-gc"
- "nfd-gc"
args:
{{- if .Values.topologyGC.interval | empty | not }}
- "-gc-interval={{ .Values.topologyGC.interval }}"
{{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.gc.interval }}"
{{- end }}
resources:
{{- toYaml .Values.topologyGC.resources | nindent 12 }}
{{- toYaml .Values.gc.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.topologyGC.securityContext | nindent 12 }}
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with .Values.topologyGC.nodeSelector }}
{{- with .Values.gc.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologyGC.affinity }}
{{- with .Values.gc.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologyGC.tolerations }}
{{- with .Values.gc.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

26
charts/amd/amd-gpu/charts/node-feature-discovery/templates/prometheus.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.prometheus.enable }}
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "node-feature-discovery.fullname" . }}
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
{{- with .Values.prometheus.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
podMetricsEndpoints:
- honorLabels: true
interval: 10s
path: /metrics
port: metrics
scheme: http
namespaceSelector:
matchNames:
- {{ include "node-feature-discovery.namespace" . }}
selector:
matchExpressions:
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }}

1
charts/amd/amd-gpu/charts/node-feature-discovery/templates/role.yaml
View File

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-worker
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:

1
charts/amd/amd-gpu/charts/node-feature-discovery/templates/rolebinding.yaml
View File

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-worker
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef:

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/serviceaccount.yaml
View File

@ -12,8 +12,8 @@ metadata:
{{- end }}
{{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
@ -27,23 +27,23 @@ metadata:
{{- end }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
---
{{- if and .Values.topologyGC.enable .Values.topologyGC.serviceAccount.create .Values.topologyUpdater.enable }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }}
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
{{- with .Values.topologyUpdater.serviceAccount.annotations }}
{{- with .Values.gc.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.worker.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:

16
charts/amd/amd-gpu/charts/node-feature-discovery/templates/topologyupdater.yaml
View File

@ -7,6 +7,10 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
role: topology-updater
{{- with .Values.topologyUpdater.daemonsetAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
@ -17,8 +21,10 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-updater
{{- with .Values.topologyUpdater.annotations }}
annotations:
{{- toYaml .Values.topologyUpdater.annotations | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet
@ -37,6 +43,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
command:
- "nfd-topology-updater"
args:
@ -66,6 +76,10 @@ spec:
# Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir="
{{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config

16
charts/amd/amd-gpu/charts/node-feature-discovery/templates/worker.yaml
View File

@ -6,8 +6,10 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
role: worker
{{- with .Values.worker.daemonsetAnnotations }}
annotations:
{{- toYaml .Values.worker.daemonsetAnnotations | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
@ -18,8 +20,10 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: worker
{{- with .Values.worker.annotations }}
annotations:
{{- toYaml .Values.worker.annotations | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
@ -46,14 +50,18 @@ spec:
- "nfd-worker"
args:
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
{{- if .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api"
{{- if not .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api=false"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
volumeMounts:
- name: host-boot
mountPath: "/host-boot"

47
charts/amd/amd-gpu/charts/node-feature-discovery/values.yaml
View File

@ -10,7 +10,7 @@ nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""
enableNodeFeatureApi: false
enableNodeFeatureApi: true
master:
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
@ -20,17 +20,43 @@ master:
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080
port: 8080
metricsPort: 8081
instance:
featureApi:
resyncPeriod:
denyLabelNs: []
extraLabelNs: []
resourceLabels: []
enableTaints: false
crdController: null
featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {}
replicaCount: 1
@ -154,6 +180,7 @@ worker:
# - "SSE4"
# - "SSE42"
# - "SSSE3"
# - "TDX_GUEST"
# attributeWhitelist:
# kernel:
# kconfigFile: "/path/to/kconfig"
@ -183,7 +210,7 @@ worker:
# - "vendor"
# - "device"
# local:
# hooksEnabled: true
# hooksEnabled: false
# custom:
# # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule"
@ -332,6 +359,7 @@ worker:
#
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
daemonsetAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
@ -404,6 +432,7 @@ topologyUpdater:
rbac:
create: true
metricsPort: 8081
kubeletConfigPath:
kubeletPodResourcesSockPath:
updateInterval: 60s
@ -433,10 +462,11 @@ topologyUpdater:
nodeSelector: {}
tolerations: []
annotations: {}
daemonsetAnnotations: {}
affinity: {}
podSetFingerprint: true
topologyGC:
gc:
enable: true
replicaCount: 1
@ -450,12 +480,6 @@ topologyGC:
interval: 1h
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
@ -472,6 +496,7 @@ topologyGC:
nodeSelector: {}
tolerations: []
annotations: {}
deploymentAnnotations: {}
affinity: {}
# Optionally use encryption for worker <--> master comms
@ -482,3 +507,7 @@ topologyGC:
tls:
enable: false
certManager: false
prometheus:
enable: false
labels: {}

4
charts/amd/amd-gpu/values.yaml
View File

@ -10,13 +10,13 @@ dp:
image:
repository: docker.io/rocm/k8s-device-plugin
# Overrides the image tag whose default is the chart appVersion.
tag: "1.25.2.4"
tag: "1.25.2.5"
resources: {}
lbl:
image:
repository: docker.io/rocm/k8s-device-plugin
tag: "labeller-1.25.2.4"
tag: "labeller-1.25.2.5"
resources: {}
imagePullSecrets: []

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: Add notification cluster role support
- kind: changed
description: Upgrade Argo CD to v2.9.0
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.8.5
appVersion: v2.9.0
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.49.0
version: 5.51.0

12
charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
View File

@ -90,6 +90,18 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.annotations
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.labels
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom:
configMapKeyRef:

2
charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }}
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

2
charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }}
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

12
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -231,6 +231,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.helm.manifest.max.extracted.size
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:

1
charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml
View File

@ -40,6 +40,7 @@ rules:
- argoproj.io
resources:
- applications
- applicationsets
verbs:
- get
- list

389
charts/argo/argo-cd/templates/crds/crd-application.yaml
View File

@ -359,6 +359,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -657,6 +688,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -797,7 +859,8 @@ spec:
properties:
name:
description: Name is an alternate way of specifying the target
cluster by its symbolic name
cluster by its symbolic name. This must be set if Server is
not set.
type: string
namespace:
description: Namespace specifies the target namespace for the
@ -805,8 +868,9 @@ spec:
namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster and
must be set to the Kubernetes control plane API
description: Server specifies the URL of the target cluster's
Kubernetes control plane API. This must be set if Name is not
set.
type: string
type: object
ignoreDifferences:
@ -1067,6 +1131,37 @@ spec:
description: Namespace sets the namespace that Kustomize adds
to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas override
specifications
@ -1355,6 +1450,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas override
specifications
@ -1796,6 +1922,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -2097,6 +2254,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -2542,6 +2730,37 @@ spec:
description: Namespace sets the namespace that
Kustomize adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -2860,6 +3079,38 @@ spec:
description: Namespace sets the namespace that
Kustomize adds to all resources
type: string
patches:
description: Patches is a list of Kustomize
patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize
Replicas override specifications
@ -3292,6 +3543,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -3603,6 +3885,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -3804,7 +4117,8 @@ spec:
properties:
name:
description: Name is an alternate way of specifying the
target cluster by its symbolic name
target cluster by its symbolic name. This must be set
if Server is not set.
type: string
namespace:
description: Namespace specifies the target namespace
@ -3813,8 +4127,9 @@ spec:
not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster
and must be set to the Kubernetes control plane API
description: Server specifies the URL of the target cluster's
Kubernetes control plane API. This must be set if Name
is not set.
type: string
type: object
ignoreDifferences:
@ -4056,6 +4371,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications
@ -4367,6 +4713,37 @@ spec:
description: Namespace sets the namespace that Kustomize
adds to all resources
type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas:
description: Replicas is a list of Kustomize Replicas
override specifications

1471
charts/argo/argo-cd/templates/crds/crd-applicationset.yaml
View File

File diff suppressed because it is too large Load Diff

2
charts/bitnami/airflow/Chart.yaml
View File

@ -50,4 +50,4 @@ maintainers:
name: airflow
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.0.7
version: 16.1.0

24
charts/bitnami/airflow/README.md
View File

@ -109,7 +109,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow web parameters
| Name | Description | Value |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
@ -154,6 +154,10 @@ The command removes all the Kubernetes components associated with the chart and
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
| `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` |
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
| `web.hostAliases` | Deployment pod host aliases | `[]` |
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
@ -183,7 +187,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow scheduler parameters
| Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
@ -207,6 +211,10 @@ The command removes all the Kubernetes components associated with the chart and
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
| `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` |
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
@ -236,7 +244,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow worker parameters
| Name | Description | Value |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
@ -279,6 +287,10 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` |
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
| `worker.hostAliases` | Deployment pod host aliases | `[]` |
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
@ -405,7 +417,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow metrics parameters
| Name | Description | Value |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
@ -423,6 +435,10 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |

40
charts/bitnami/airflow/values.yaml
View File

@ -311,11 +311,21 @@ web:
## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context
## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser
## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
## @param web.containerSecurityContext.allowPrivilegeEscalation Set web container's Security Context allowPrivilegeEscalation
## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param web.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
@ -515,11 +525,21 @@ scheduler:
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
## @param scheduler.containerSecurityContext.allowPrivilegeEscalation Set scheduler container's Security Context allowPrivilegeEscalation
## @param scheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param scheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
@ -767,11 +787,21 @@ worker:
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set worker container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
@ -1331,6 +1361,10 @@ metrics:
## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## e.g:
## containerSecurityContext:
## enabled: true
@ -1342,6 +1376,12 @@ metrics:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
##
lifecycleHooks: {}

2
charts/bitnami/cassandra/Chart.yaml
View File

@ -35,4 +35,4 @@ maintainers:
name: cassandra
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra
version: 10.5.8
version: 10.6.0

53
charts/bitnami/cassandra/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction
This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Cassandra in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use Apache Cassandra in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -33,9 +35,11 @@ Looking to use Apache Cassandra in production? Try [VMware Application Catalog](
To install the chart with the release name `my-release`:
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@ -78,10 +82,9 @@ The command removes all the Kubernetes components associated with the chart and
### Cassandra parameters
| Name | Description | Value |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Cassandra image registry | `docker.io` |
| `image.repository` | Cassandra image repository | `bitnami/cassandra` |
| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r71` |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | Cassandra image registry | `REGISTRY_NAME` |
| `image.repository` | Cassandra image repository | `REPOSITORY_NAME/cassandra` |
| `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Cassandra image pull secrets | `[]` |
@ -115,7 +118,7 @@ The command removes all the Kubernetes components associated with the chart and
### Statefulset parameters
| Name | Description | Value |
| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- |
| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of Cassandra replicas | `1` |
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
| `hostAliases` | Add deployment host aliases | `[]` |
@ -135,8 +138,13 @@ The command removes all the Kubernetes components associated with the chart and
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set Cassandra container's Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Force the container to be run as non root | `true` |
| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `resources.limits` | The resources limits for Cassandra containers | `{}` |
| `resources.requests` | The requested resources for Cassandra containers | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
@ -228,11 +236,10 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters
| Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------ |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -243,11 +250,10 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters
| Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------------- |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Cassandra exporter image registry | `docker.io` |
| `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` |
| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r429` |
| `metrics.image.registry` | Cassandra exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Cassandra exporter image name | `REPOSITORY_NAME/cassandra-exporter` |
| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -299,15 +305,18 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set dbUser.user=admin,dbUser.password=password \
oci://registry-1.docker.io/bitnamicharts/cassandra
oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/cassandra
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
@ -378,9 +387,11 @@ Find more information about how to deal with common errors related to Bitnami's
It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart:
```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/cassandra --set dbUser.password=[PASSWORD]
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra --set dbUser.password=[PASSWORD]
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes.
### To 9.0.0

34
charts/bitnami/cassandra/values.yaml
View File

@ -65,9 +65,9 @@ diagnosticMode:
## Bitnami Cassandra image
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
## @param image.registry Cassandra image registry
## @param image.repository Cassandra image repository
## @param image.tag Cassandra image tag (immutable tags are recommended)
## @param image.registry [default: REGISTRY_NAME] Cassandra image registry
## @param image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository
## @skip image.tag Cassandra image tag (immutable tags are recommended)
## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy image pull policy
## @param image.pullSecrets Cassandra image pull secrets
@ -287,13 +287,25 @@ podSecurityContext:
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
## @param containerSecurityContext.runAsUser Set Cassandra container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root
## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
## @param containerSecurityContext.readOnlyRootFilesystem Set Cassandra containers' Security Context readOnlyRootFilesystem
## @param containerSecurityContext.runAsNonRoot Set Cassandra containers' Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
## Cassandra pods' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## Minimum memory for development is 4GB and 2 CPU cores
@ -606,9 +618,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
##
enabled: false
## @param volumePermissions.image.registry Init container volume image registry
## @param volumePermissions.image.repository Init container volume image repository
## @param volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume image repository
## @skip volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
@ -674,9 +686,9 @@ metrics:
enabled: false
## Bitnami Cassandra Exporter image
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
## @param metrics.image.registry Cassandra exporter image registry
## @param metrics.image.repository Cassandra exporter image name
## @param metrics.image.tag Cassandra exporter image tag
## @param metrics.image.registry [default: REGISTRY_NAME] Cassandra exporter image registry
## @param metrics.image.repository [default: REPOSITORY_NAME/cassandra-exporter] Cassandra exporter image name
## @skip metrics.image.tag Cassandra exporter image tag
## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array

2
charts/bitnami/kafka/Chart.yaml
View File

@ -45,4 +45,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 26.2.0
version: 26.2.1

8
charts/bitnami/kafka/README.md
View File

@ -22,7 +22,7 @@ This chart bootstraps a [Kafka](https://github.com/bitnami/containers/tree/main/
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Kafka in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -1169,9 +1169,9 @@ The changes introduced in this version are:
- TLS settings have been moved from `auth.tls.*` to `tls.*`.
- Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*`
- Refactor externalAccess to support the new architecture:
- `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.controller.service.*`.
- Controller pods will not configure externalAccess unless:
- `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes.
- `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.broker.service.*`.
- Controller pods will not configure externalAccess unless either:
- `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes; or
- `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally.
#### Upgrading from Kraft mode

1
charts/bitnami/kafka/values.yaml
View File

@ -825,7 +825,6 @@ controller:
##
broker:
## @param broker.replicaCount Number of Kafka broker-only nodes
## Ignore this section if running in Zookeeper mode.
##
replicaCount: 0
## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization.

2
charts/bitnami/mysql/Chart.yaml
View File

@ -36,4 +36,4 @@ maintainers:
name: mysql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 9.14.1
version: 9.14.2

2
charts/bitnami/mysql/values.yaml
View File

@ -204,7 +204,7 @@ primary:
##
configuration: |-
[mysqld]
default_authentication_plugin={{- .Values.auth.defaultAuthPlugin | default "mysql_native_password" }}
default_authentication_plugin={{- .Values.auth.defaultAuthenticationPlugin | default "mysql_native_password" }}
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql

6
charts/bitnami/postgresql/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
generated: "2023-10-05T15:32:13.375699946Z"
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-11-03T20:45:06.276989379Z"

6
charts/bitnami/postgresql/Chart.yaml
View File

@ -8,9 +8,9 @@ annotations:
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r0
- name: postgresql
image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13
image: docker.io/bitnami/postgresql:16.0.0-debian-11-r14
licenses: Apache-2.0
apiVersion: v2
appVersion: 16.0.0
@ -38,4 +38,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 13.1.5
version: 13.2.1

99
charts/bitnami/postgresql/README.md
View File

@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction
This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@ -22,7 +24,7 @@ For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitna
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use PostgreSQL in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use PostgreSQL in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -35,9 +37,11 @@ Looking to use PostgreSQL in production? Try [VMware Application Catalog](https:
To install the chart with the release name `my-release`:
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@ -97,10 +101,9 @@ kubectl delete pvc -l release=my-release
### PostgreSQL common parameters
| Name | Description | Value |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r13` |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `image.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
| `image.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@ -208,13 +211,14 @@ kubectl delete pvc -l release=my-release
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
| `primary.podSecurityContext.enabled` | Enable security context | `true` |
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `primary.containerSecurityContext.enabled` | Enable container security context | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the container | `0` |
| `primary.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` |
| `primary.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` |
| `primary.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` |
| `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
@ -307,13 +311,14 @@ kubectl delete pvc -l release=my-release
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` |
| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` |
| `readReplicas.containerSecurityContext.runAsGroup` | Group ID for the container | `0` |
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` |
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` |
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` |
| `readReplicas.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` |
| `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
@ -382,14 +387,14 @@ kubectl delete pvc -l release=my-release
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
| `backup.cronjob.containerSecurityContext.enabled` | Enable container security context | `true` |
| `backup.cronjob.containerSecurityContext.runAsUser` | User ID for the backup container | `1001` |
| `backup.cronjob.containerSecurityContext.runAsGroup` | Group ID for the backup container | `0` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set backup container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Is the container itself readonly | `true` |
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate backup pod(s) privileges | `false` |
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set backup container's Security Context seccompProfile type | `RuntimeDefault` |
| `backup.cronjob.containerSecurityContext.capabilities.drop` | Set backup container's Security Context capabilities to drop | `["ALL"]` |
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
@ -426,11 +431,10 @@ kubectl delete pvc -l release=my-release
### Volume Permissions parameters
| Name | Description | Value |
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -457,23 +461,23 @@ kubectl delete pvc -l release=my-release
### Metrics Parameters
| Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------- |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r15` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `REPOSITORY_NAME/postgres-exporter` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup | `0` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type | `RuntimeDefault` |
| `metrics.containerSecurityContext.capabilities.drop` | Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop | `["ALL"]` |
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
@ -522,9 +526,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set auth.postgresPassword=secretpassword
oci://registry-1.docker.io/bitnamicharts/postgresql
oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the PostgreSQL `postgres` account password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -533,9 +539,10 @@ The above command sets the PostgreSQL `postgres` account password to `secretpass
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/postgresql
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details

4
charts/bitnami/postgresql/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.2
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.2
version: 2.13.3

4
charts/bitnami/postgresql/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- Kubernetes 1.23+
- Helm 3.8.0+
## Parameters

4
charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/*
Returns true if AdmissionConfiguration is supported
*/}}
{{- define "common.capabilities.admisionConfiguration.supported" -}}
{{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/*
Return the appropriate apiVersion for AdmissionConfiguration.
*/}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

124
charts/bitnami/postgresql/values.yaml
View File

@ -87,9 +87,9 @@ diagnosticMode:
## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
## @param image.registry PostgreSQL image registry
## @param image.repository PostgreSQL image repository
## @param image.tag PostgreSQL image tag (immutable tags are recommended)
## @param image.registry [default: REGISTRY_NAME] PostgreSQL image registry
## @param image.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
## @skip image.tag PostgreSQL image tag (immutable tags are recommended)
## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy PostgreSQL image pull policy
## @param image.pullSecrets Specify image pull secrets
@ -98,7 +98,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 16.0.0-debian-11-r13
tag: 16.0.0-debian-11-r14
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -458,25 +458,26 @@ primary:
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.containerSecurityContext.enabled Enable container security context
## @param primary.containerSecurityContext.runAsUser User ID for the container
## @param primary.containerSecurityContext.runAsGroup Group ID for the container
## @param primary.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container
## @param primary.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container
## @param primary.containerSecurityContext.capabilities.drop Set capabilities.drop for the container
## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param primary.hostAliases PostgreSQL primary pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -821,25 +822,26 @@ readReplicas:
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enable container security context
## @param readReplicas.containerSecurityContext.runAsUser User ID for the container
## @param readReplicas.containerSecurityContext.runAsGroup Group ID for the container
## @param readReplicas.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container
## @param readReplicas.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container
## @param readReplicas.containerSecurityContext.capabilities.drop Set capabilities.drop for the container
## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param readReplicas.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param readReplicas.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param readReplicas.hostAliases PostgreSQL read only pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -1108,26 +1110,25 @@ backup:
fsGroup: 1001
## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.enabled Enable container security context
## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container
## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type
## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param backup.cronjob.command Set backup container's command to run
command:
- /bin/sh
@ -1289,9 +1290,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
@ -1390,9 +1391,9 @@ metrics:
## @param metrics.enabled Start a prometheus exporter
##
enabled: false
## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry
## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository
## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
## @param metrics.image.registry [default: REGISTRY_NAME] PostgreSQL Prometheus Exporter image registry
## @param metrics.image.repository [default: REPOSITORY_NAME/postgres-exporter] PostgreSQL Prometheus Exporter image repository
## @skip metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy
## @param metrics.image.pullSecrets Specify image pull secrets
@ -1400,7 +1401,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.14.0-debian-11-r15
tag: 0.15.0-debian-11-r0
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1435,25 +1436,26 @@ metrics:
extraEnvVars: []
## PostgreSQL Prometheus exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup
## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.seccompProfile.type Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type
## @param metrics.containerSecurityContext.capabilities.drop Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers

8
charts/bitnami/redis/Chart.yaml
View File

@ -10,12 +10,12 @@ annotations:
- name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
- name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0
image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r0
- name: redis
image: docker.io/bitnami/redis:7.2.2-debian-11-r0
image: docker.io/bitnami/redis:7.2.3-debian-11-r0
licenses: Apache-2.0
apiVersion: v2
appVersion: 7.2.2
appVersion: 7.2.3
dependencies:
- name: common
repository: file://./charts/common
@ -37,4 +37,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.2.0
version: 18.2.1

4
charts/bitnami/redis/values.yaml
View File

@ -91,7 +91,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
tag: 7.2.2-debian-11-r0
tag: 7.2.3-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1056,7 +1056,7 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.2.2-debian-11-r0
tag: 7.2.3-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

4
charts/bitnami/spark/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: Infrastructure
images: |
- name: spark
image: docker.io/bitnami/spark:3.5.0-debian-11-r10
image: docker.io/bitnami/spark:3.5.0-debian-11-r12
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.5.0
@ -30,4 +30,4 @@ maintainers:
name: spark
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/spark
version: 8.0.2
version: 8.1.0

32
charts/bitnami/spark/README.md
View File

@ -24,7 +24,7 @@ Apache Spark includes APIs for Java, Python, Scala and R.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use Apache Spark in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -99,7 +99,7 @@ The command removes all the Kubernetes components associated with the chart and
### Spark master parameters
| Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` |
| `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` |
| `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` |
@ -116,10 +116,14 @@ The command removes all the Kubernetes components associated with the chart and
| `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` |
| `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` |
| `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` |
| `master.containerSecurityContext.enabled` | Enabled master containers' Security Context | `true` |
| `master.containerSecurityContext.runAsUser` | Set master containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsNonRoot` | Set master containers' Security Context runAsNonRoot | `true` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set master containers' Security Context runAsNonRoot | `false` |
| `master.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `master.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `master.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `master.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `master.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `master.command` | Override default container command (useful when using custom images) | `[]` |
| `master.args` | Override default container args (useful when using custom images) | `[]` |
| `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
@ -170,7 +174,7 @@ The command removes all the Kubernetes components associated with the chart and
### Spark worker parameters
| Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` |
| `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` |
| `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` |
@ -189,13 +193,15 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` |
| `worker.podSecurityContext.enabled` | Enable security context | `true` |
| `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` |
| `worker.podSecurityContext.runAsUser` | User ID for the container | `1001` |
| `worker.podSecurityContext.runAsGroup` | Group ID for the container | `0` |
| `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` |
| `worker.containerSecurityContext.enabled` | Enabled worker containers' Security Context | `true` |
| `worker.containerSecurityContext.runAsUser` | Set worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set worker containers' Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker containers' Security Context runAsNonRoot | `false` |
| `worker.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `worker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.command` | Override default container command (useful when using custom images) | `[]` |
| `worker.args` | Override default container args (useful when using custom images) | `[]` |
| `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` |

42
charts/bitnami/spark/values.yaml
View File

@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/spark
tag: 3.5.0-debian-11-r10
tag: 3.5.0-debian-11-r12
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -183,16 +183,26 @@ master:
seLinuxOptions: {}
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param master.containerSecurityContext.enabled Enabled master containers' Security Context
## @param master.containerSecurityContext.runAsUser Set master containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsNonRoot Set master containers' Security Context runAsNonRoot
## @param master.containerSecurityContext.readOnlyRootFilesystem Set master containers' Security Context runAsNonRoot
## @param master.containerSecurityContext.enabled Enabled containers' Security Context
## @param master.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param master.containerSecurityContext.privileged Set container's Security Context privileged
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param master.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param master.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param master.command Override default container command (useful when using custom images)
##
command: []
@ -451,28 +461,34 @@ worker:
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param worker.podSecurityContext.enabled Enable security context
## @param worker.podSecurityContext.fsGroup Group ID for the container
## @param worker.podSecurityContext.runAsUser User ID for the container
## @param worker.podSecurityContext.runAsGroup Group ID for the container
## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container
##
podSecurityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
runAsGroup: 0
seLinuxOptions: {}
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param worker.containerSecurityContext.enabled Enabled worker containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set worker containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.enabled Enabled containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set container's Security Context privileged
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.command Override default container command (useful when using custom images)
##
command: []

6
charts/bitnami/tomcat/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
generated: "2023-10-09T21:56:34.987847613Z"
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-31T12:41:05.52315381+01:00"

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -38,4 +38,4 @@ maintainers:
name: tomcat
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/tomcat
version: 10.10.10
version: 10.11.0

74
charts/bitnami/tomcat/README.md
View File

@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction
This chart bootstraps a [Tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@ -22,7 +24,7 @@ Tomcat implements several Java EE specifications including Java Servlet, JavaSer
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Tomcat in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use Apache Tomcat in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -36,9 +38,11 @@ Looking to use Apache Tomcat in production? Try [VMware Application Catalog](htt
To install the chart with the release name `my-release`:
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@ -78,10 +82,9 @@ The command removes all the Kubernetes components associated with the chart and
### Tomcat parameters
| Name | Description | Value |
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
| `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.15-debian-11-r0` |
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ |
| `image.registry` | Tomcat image registry | `REGISTRY_NAME` |
| `image.repository` | Tomcat image repository | `REPOSITORY_NAME/tomcat` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -100,7 +103,7 @@ The command removes all the Kubernetes components associated with the chart and
### Tomcat deployment parameters
| Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `replicaCount` | Specify number of Tomcat replicas | `1` |
| `deployment.type` | Use Deployment or StatefulSet | `deployment` |
| `updateStrategy.type` | StrategyType | `RollingUpdate` |
@ -108,9 +111,14 @@ The command removes all the Kubernetes components associated with the chart and
| `containerExtraPorts` | Extra ports to expose at container level | `[]` |
| `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enable Tomcat containers' SecurityContext | `true` |
| `containerSecurityContext.runAsUser` | User ID for the Tomcat container | `1001` |
| `containerSecurityContext.runAsNonRoot` | Force user to be root in Tomcat container | `true` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `resources.limits` | The resources limits for the Tomcat container | `{}` |
| `resources.requests` | The requested resources for the Tomcat container | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
@ -199,11 +207,10 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters
| Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r90` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -213,19 +220,23 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters
| Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` |
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r95` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.jmx.config` | Configuration file for JMX exporter | `""` |
| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` |
| `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` |
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.jmx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.jmx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.jmx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.jmx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.jmx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.jmx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` |
| `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` |
| `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` |
@ -250,9 +261,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set tomcatUsername=manager,tomcatPassword=password oci://registry-1.docker.io/bitnamicharts/tomcat
--set tomcatUsername=manager,tomcatPassword=password oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the Tomcat management username and password to `manager` and `password` respectively.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -260,9 +273,10 @@ The above command sets the Tomcat management username and password to `manager`
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/tomcat
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
@ -346,9 +360,11 @@ Consequences:
```console
export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d)
kubectl delete deployments.apps tomcat
helm upgrade tomcat oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
helm upgrade tomcat oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 7.0.0
[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
@ -364,15 +380,19 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat --set securityContext.enabled=false,image.tag=XXX
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set securityContext.enabled=false,image.tag=XXX
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 1.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.

4
charts/bitnami/tomcat/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.2
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.2
version: 2.13.3

4
charts/bitnami/tomcat/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- Kubernetes 1.23+
- Helm 3.8.0+
## Parameters

4
charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/*
Returns true if AdmissionConfiguration is supported
*/}}
{{- define "common.capabilities.admisionConfiguration.supported" -}}
{{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/*
Return the appropriate apiVersion for AdmissionConfiguration.
*/}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

54
charts/bitnami/tomcat/values.yaml
View File

@ -50,9 +50,9 @@ extraDeploy: []
## Bitnami Tomcat image version
## ref: https://hub.docker.com/r/bitnami/tomcat/tags/
## @param image.registry Tomcat image registry
## @param image.repository Tomcat image repository
## @param image.tag Tomcat image tag (immutable tags are recommended)
## @param image.registry [default: REGISTRY_NAME] Tomcat image registry
## @param image.repository [default: REPOSITORY_NAME/tomcat] Tomcat image repository
## @skip image.tag Tomcat image tag (immutable tags are recommended)
## @param image.digest Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Tomcat image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
@ -159,14 +159,26 @@ podSecurityContext:
fsGroup: 1001
## Tomcat containers' SecurityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param containerSecurityContext.enabled Enable Tomcat containers' SecurityContext
## @param containerSecurityContext.runAsUser User ID for the Tomcat container
## @param containerSecurityContext.runAsNonRoot Force user to be root in Tomcat container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Tomcat containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -575,9 +587,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
@ -635,9 +647,9 @@ metrics:
catalinaOpts: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true
## Bitnami JMX exporter image
## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/
## @param metrics.jmx.image.registry JMX exporter image registry
## @param metrics.jmx.image.repository JMX exporter image repository
## @param metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
## @param metrics.jmx.image.registry [default: REGISTRY_NAME] JMX exporter image registry
## @param metrics.jmx.image.repository [default: REPOSITORY_NAME/jmx-exporter] JMX exporter image repository
## @skip metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy
## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array
@ -671,13 +683,25 @@ metrics:
attrNameSnakeCase: true
## Prometheus JMX exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context
## @param metrics.jmx.containerSecurityContext.runAsUser Set Prometheus JMX exporter containers' Security Context runAsUser
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot
## @param metrics.jmx.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.jmx.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.jmx.containerSecurityContext.privileged Set container's Security Context privileged
## @param metrics.jmx.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param metrics.jmx.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param metrics.jmx.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.jmx.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Prometheus JMX Exporter' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: wordpress
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r8
licenses: Apache-2.0
apiVersion: v2
appVersion: 6.3.2
@ -47,4 +47,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 18.0.12
version: 18.1.3

15
charts/bitnami/wordpress/README.md
View File

@ -172,13 +172,14 @@ The command removes all the Kubernetes components associated with the chart and
| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` |
| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` |
| `podSecurityContext.seccompProfile.type` | Set WordPress container's Security Context seccomp profile | `RuntimeDefault` |
| `containerSecurityContext.enabled` | Enabled WordPress containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set WordPress container's Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set WordPress container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set WordPress container's privilege escalation | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set WordPress container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.capabilities.drop` | Set WordPress container's Security Context runAsNonRoot | `["ALL"]` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |

24
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.3.2-debian-11-r5
tag: 6.3.2-debian-11-r8
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -402,30 +402,32 @@ extraContainerPorts: []
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled WordPress pods' Security Context
## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup
## @param podSecurityContext.seccompProfile.type Set WordPress container's Security Context seccomp profile
##
podSecurityContext:
enabled: true
fsGroup: 1001
seccompProfile:
type: "RuntimeDefault"
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled WordPress containers' Security Context
## @param containerSecurityContext.runAsUser Set WordPress container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set WordPress container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Set WordPress container's privilege escalation
## @param containerSecurityContext.readOnlyRootFilesystem Set WordPress container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.capabilities.drop Set WordPress container's Security Context runAsNonRoot
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for WordPress containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe on WordPress containers

2
charts/bitnami/zookeeper/Chart.yaml
View File

@ -30,4 +30,4 @@ maintainers:
name: zookeeper
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.1.6
version: 12.3.0

46
charts/bitnami/zookeeper/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction
This chart bootstraps a [ZooKeeper](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use Apache ZooKeeper in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -33,9 +35,11 @@ Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](
To install the chart with the release name `my-release`:
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@ -79,10 +83,9 @@ The command removes all the Kubernetes components associated with the chart and
### ZooKeeper chart parameters
| Name | Description | Value |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r1` |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | ZooKeeper image registry | `REGISTRY_NAME` |
| `image.repository` | ZooKeeper image repository | `REPOSITORY_NAME/zookeeper` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -126,7 +129,7 @@ The command removes all the Kubernetes components associated with the chart and
### Statefulset parameters
| Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of ZooKeeper nodes | `1` |
| `containerPorts.client` | ZooKeeper client container port | `2181` |
| `containerPorts.tls` | ZooKeeper TLS container port | `3181` |
@ -161,10 +164,14 @@ The command removes all the Kubernetes components associated with the chart and
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled ZooKeeper containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set ZooKeeper containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set ZooKeeper containers' Security Context runAsNonRoot | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as nonprivilege | `false` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `hostAliases` | ZooKeeper pods host aliases | `[]` |
| `podLabels` | Extra labels for ZooKeeper pods | `{}` |
| `podAnnotations` | Annotations for ZooKeeper pods | `{}` |
@ -189,6 +196,7 @@ The command removes all the Kubernetes components associated with the chart and
| `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` |
| `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` |
| `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` |
| `enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
### Traffic Exposure parameters
@ -244,11 +252,10 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters
| Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -319,9 +326,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set auth.clientUser=newUser \
oci://registry-1.docker.io/bitnamicharts/zookeeper
oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the ZooKeeper user to `newUser`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -329,9 +338,10 @@ The above command sets the ZooKeeper user to `newUser`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details

1
charts/bitnami/zookeeper/templates/statefulset.yaml
View File

@ -43,6 +43,7 @@ spec:
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: zookeeper
spec:
enableServiceLinks: {{ .Values.enableServiceLinks }}
serviceAccountName: {{ template "zookeeper.serviceAccountName" . }}
{{- include "zookeeper.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }}

35
charts/bitnami/zookeeper/values.yaml
View File

@ -68,9 +68,9 @@ diagnosticMode:
## Bitnami ZooKeeper image version
## ref: https://hub.docker.com/r/bitnami/zookeeper/tags/
## @param image.registry ZooKeeper image registry
## @param image.repository ZooKeeper image repository
## @param image.tag ZooKeeper image tag (immutable tags are recommended)
## @param image.registry [default: REGISTRY_NAME] ZooKeeper image registry
## @param image.repository [default: REPOSITORY_NAME/zookeeper] ZooKeeper image repository
## @skip image.tag ZooKeeper image tag (immutable tags are recommended)
## @param image.digest ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy ZooKeeper image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
@ -332,16 +332,26 @@ podSecurityContext:
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled ZooKeeper containers' Security Context
## @param containerSecurityContext.runAsUser Set ZooKeeper containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set ZooKeeper containers' Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param hostAliases ZooKeeper pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@ -475,6 +485,11 @@ pdb:
create: false
minAvailable: ""
maxUnavailable: 1
## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @section Traffic Exposure parameters
@ -653,9 +668,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets

4
charts/crowdstrike/falcon-sensor/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>1.22.0-0'
catalog.cattle.io/release-name: falcon-sensor
apiVersion: v2
appVersion: 1.22.1
appVersion: 1.23.1
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@ -24,4 +24,4 @@ name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
version: 1.22.1
version: 1.23.1

34
charts/crowdstrike/falcon-sensor/templates/_helpers.tpl
View File

@ -94,26 +94,30 @@ Create the name of the service account to use
{{- define "falcon-sensor.daemonsetResources" -}}
{{- if .Values.node.gke.autopilot -}}
{{- if .Values.node.daemonset.resources -}}
resources:
{{- if .Values.node.daemonset.resources.limits -}}
{{- if (.Values.node.daemonset.resources | default dict ).limits }}
limits:
cpu: {{ .Values.node.daemonset.resources.limits.cpu | default "750m" }}
memory: {{ .Values.node.daemonset.resources.limits.memory | default "1.5Gi" }}
cpu: {{ (.Values.node.daemonset.resources.limits | default dict ).cpu | default "750m" }}
memory: {{ (.Values.node.daemonset.resources.limits | default dict ).memory | default "1.5Gi" }}
ephemeral-storage: {{ (index (.Values.node.daemonset.resources.limits | default dict ) "ephemeral-storage") | default "100Mi" }}
{{- else }}
limits:
cpu: 750m
memory: 1.5Gi
ephemeral-storage: 100Mi
{{- end }}
{{- if (.Values.node.daemonset.resources | default dict ).requests }}
requests:
cpu: {{ .Values.node.daemonset.resources.requests.cpu | default "750m" }}
memory: {{ .Values.node.daemonset.resources.requests.memory | default "1.5Gi" }}
{{- else -}}
resources:
limits:
cpu: "750m"
memory: "1.5Gi"
cpu: {{ (.Values.node.daemonset.resources.requests | default dict ).cpu | default "750m" }}
ephemeral-storage: {{ (index (.Values.node.daemonset.resources.requests | default dict ) "ephemeral-storage") | default "100Mi" }}
memory: {{ (.Values.node.daemonset.resources.requests | default dict ).memory | default "1.5Gi" }}
{{- else }}
requests:
cpu: "750m"
memory: "1.5Gi"
{{- end -}}
{{- else -}}
cpu: 750m
memory: 1.5Gi
ephemeral-storage: 100Mi
{{- end }}
{{- else -}}
{{- if .Values.node.daemonset.resources -}}
{{- toYaml .Values.node.daemonset.resources -}}
{{- end -}}

6
charts/crowdstrike/falcon-sensor/templates/daemonset.yaml
View File

@ -108,15 +108,17 @@ spec:
- name: falconstore-dir
mountPath: /host_opt
{{- end }}
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources:
requests:
cpu: 10m
ephemeral-storage: 10Mi
ephemeral-storage: 100Mi
memory: 50Mi
limits:
cpu: 10m
ephemeral-storage: 10Mi
ephemeral-storage: 100Mi
memory: 50Mi
{{- end }}
securityContext:
runAsUser: 0
privileged: true

12
charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml
View File

@ -100,15 +100,17 @@ spec:
- name: opt-crowdstrike
mountPath: /host_opt
{{- end }}
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources:
requests:
cpu: 10m
ephemeral-storage: 10Mi
ephemeral-storage: 100Mi
memory: 50Mi
limits:
cpu: 10m
ephemeral-storage: 10Mi
ephemeral-storage: 100Mi
memory: 50Mi
{{- end }}
securityContext:
runAsUser: 0
privileged: true
@ -133,15 +135,17 @@ spec:
- sleep 10
command:
- /bin/bash
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources:
requests:
cpu: 10m
ephemeral-storage: 10Mi
ephemeral-storage: 100Mi
memory: 50Mi
limits:
cpu: 10m
ephemeral-storage: 10Mi
ephemeral-storage: 100Mi
memory: 50Mi
{{- end }}
securityContext:
privileged: false
readOnlyRootFilesystem: true

2
charts/crowdstrike/falcon-sensor/values.yaml
View File

@ -62,9 +62,11 @@ node:
# resources:
# limits:
# cpu: 250m
# ephemeral-storage: 100Mi
# memory: 500Mi
# requests:
# cpu: 250m
# ephemeral-storage: 100Mi
# memory: 500Mi
# Update strategy to role out new daemonset configuration to the nodes.

8
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,13 @@
# Datadog changelog
## 3.43.1
* Fix docstring typos and remove unneeded lines.
## 3.43.0
* Default `Agent` and `Cluster-Agent` to `7.49.0` version.
## 3.42.1
* Bump FIPS proxy OpenSSL version to 3.0.12

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.42.1
version: 3.43.1

40
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.42.1](https://img.shields.io/badge/Version-3.42.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.43.1](https://img.shields.io/badge/Version-3.43.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -450,7 +450,7 @@ helm install <RELEASE_NAME> \
| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
| agents.image.tag | string | `"7.48.1"` | Define the Agent version to use |
| agents.image.tag | string | `"7.49.0"` | Define the Agent version to use |
| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@ -514,7 +514,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
| clusterAgent.image.tag | string | `"7.48.1"` | Cluster Agent image tag to use |
| clusterAgent.image.tag | string | `"7.49.0"` | Cluster Agent image tag to use |
| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@ -565,7 +565,7 @@ helm install <RELEASE_NAME> \
| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
| clusterChecksRunner.image.tag | string | `"7.48.1"` | Define the Agent version to use |
| clusterChecksRunner.image.tag | string | `"7.49.0"` | Define the Agent version to use |
| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |
@ -609,13 +609,13 @@ helm install <RELEASE_NAME> \
| datadog.clusterTagger.collectKubernetesTags | bool | `false` | Enables Kubernetes resources tags collection. |
| datadog.collectEvents | bool | `true` | Enables this to start event collection from the kubernetes API |
| datadog.confd | object | `{}` | Provide additional check configurations (static and Autodiscovery) |
| datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list |
| datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list |
| datadog.containerExclude | string | `nil` | Exclude containers from Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeLogs | string | `nil` | Exclude logs from Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from Agent Autodiscovery, as a space-separated list |
| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata |
| datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in the Autodiscovery |
| datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list |
| datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list |
| datadog.containerInclude | string | `nil` | Include containers in Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in Autodiscovery |
| datadog.containerIncludeLogs | string | `nil` | Include logs in Agent Autodiscovery, as a space-separated list |
| datadog.containerIncludeMetrics | string | `nil` | Include metrics in Agent Autodiscovery, as a space-separated list |
| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection |
| datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. |
| datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) |
@ -634,8 +634,8 @@ helm install <RELEASE_NAME> \
| datadog.env | list | `[]` | Set environment variables for all Agents |
| datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict |
| datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets |
| datadog.excludePauseContainer | bool | `true` | Exclude pause containers from the Agent Autodiscovery. |
| datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfer with the agentmetrics port from the cluster-agent, which defaults to 5000 |
| datadog.excludePauseContainer | bool | `true` | Exclude pause containers from Agent Autodiscovery. |
| datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 |
| datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true |
| datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true |
| datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true |
@ -662,7 +662,7 @@ helm install <RELEASE_NAME> \
| datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. |
| datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). |
| datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection |
| datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "confimaps". "" to automatically detect which one to use. |
| datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. |
| datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second |
| datadog.logLevel | string | `"INFO"` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off |
| datadog.logs.autoMultiLineDetection | bool | `false` | Allows the Agent to detect common multi-line patterns automatically. |
@ -747,17 +747,17 @@ helm install <RELEASE_NAME> \
| existingClusterAgent.serviceName | string | `nil` | Existing service name to use for reaching the external Cluster Agent |
| existingClusterAgent.tokenSecretName | string | `nil` | Existing secret name to use for external Cluster Agent token |
| fips.customFipsConfig | object | `{}` | Configure a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. |
| fips.enabled | bool | `false` | |
| fips.enabled | bool | `false` | Enable fips sidecar |
| fips.image.digest | string | `""` | Define the FIPS sidecar image digest to use, takes precedence over `fips.image.tag` if specified. |
| fips.image.name | string | `"fips-proxy"` | |
| fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy |
| fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. |
| fips.image.tag | string | `"0.6.1"` | Define the FIPS sidecar container version to use. |
| fips.local_address | string | `"127.0.0.1"` | |
| fips.port | int | `9803` | |
| fips.portRange | int | `15` | |
| fips.local_address | string | `"127.0.0.1"` | Set local IP address |
| fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. |
| fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 |
| fips.resources | object | `{}` | Resource requests and limits for the FIPS sidecar container. |
| fips.use_https | bool | `false` | |
| fips.use_https | bool | `false` | Option to enable https |
| fullnameOverride | string | `nil` | Override the full qualified app name |
| kube-state-metrics.image.repository | string | `"registry.k8s.io/kube-state-metrics/kube-state-metrics"` | Default kube-state-metrics image repository. |
| kube-state-metrics.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for KSM. KSM only supports Linux. |
@ -766,12 +766,12 @@ helm install <RELEASE_NAME> \
| kube-state-metrics.serviceAccount.create | bool | `true` | If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true |
| kube-state-metrics.serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. |
| nameOverride | string | `nil` | Override name of app |
| providers.aks.enabled | bool | `false` | Activate all specifities related to AKS configuration. Required as currently we cannot auto-detect AKS. |
| providers.aks.enabled | bool | `false` | Activate all specificities related to AKS configuration. Required as currently we cannot auto-detect AKS. |
| providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. |
| providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot |
| providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) |
| registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) |
| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overriden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. |
| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. |
| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) |
## Configuration options for Windows deployments

Some files were not shown because too many files have changed in this diff Show More