andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  bitnami/kafka:
    - 25.1.4
  bitnami/wordpress:
    - 17.1.4
  fairwinds/polaris:
    - 5.14.0
  harbor/harbor:
    - 1.13.0
  koor-tech/koor-operator:
    - 0.3.6
  kuma/kuma:
    - 2.4.0
  redpanda/redpanda:
    - 5.2.0
  sysdig/sysdig:
    - 1.16.9
  yugabyte/yugabyte:
    - 2.14.12
  yugabyte/yugaware:
    - 2.14.12
```
pull/871/head
github-actions[bot] 2023-08-30 19:40:56 +00:00
parent ce8b256541
commit 4f35b05b9d
151 changed files with 1301 additions and 2410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/bitnami/kafka-25.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-17.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/fairwinds/polaris-5.14.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/harbor/harbor-1.13.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/koor-tech/koor-operator-0.3.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/kuma/kuma-2.4.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.2.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.9.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.14.12.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2.14.12.tgz Normal file
View File

Binary file not shown.

8
charts/bitnami/kafka/Chart.lock
View File

@ -1,9 +1,9 @@
dependencies:
- name: zookeeper
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.1.0
version: 12.1.1
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.9.0
digest: sha256:a54db8d2946ff889eaa08317cdc9eccbfe55722b08c147ee0799925cd1b43c93
generated: "2023-08-23T10:11:09.64327+02:00"
version: 2.9.1
digest: sha256:d80576ab604d6ae40689f985ffff711a95525fd2e04df86f7524300fb5c7b6de
generated: "2023-08-30T12:23:35.3141937Z"

12
charts/bitnami/kafka/Chart.yaml
View File

@ -6,15 +6,15 @@ annotations:
category: Infrastructure
images: |
- name: jmx-exporter
image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r49
image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r57
- name: kafka-exporter
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r85
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r93
- name: kafka
image: docker.io/bitnami/kafka:3.5.1-debian-11-r25
image: docker.io/bitnami/kafka:3.5.1-debian-11-r35
- name: kubectl
image: docker.io/bitnami/kubectl:1.25.12-debian-11-r29
image: docker.io/bitnami/kubectl:1.25.13-debian-11-r5
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r43
image: docker.io/bitnami/os-shell:11-debian-11-r51
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.5.1
@ -45,4 +45,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 25.1.2
version: 25.1.4

152
charts/bitnami/kafka/README.md
View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Kafka image registry | `docker.io` |
| `image.repository` | Kafka image repository | `bitnami/kafka` |
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r25` |
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r35` |
| `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -365,73 +365,73 @@ The command removes all the Kubernetes components associated with the chart and
### Traffic Exposure parameters
| Name | Description | Value |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.client` | Kafka svc port for client connections | `9092` |
| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` |
| `service.ports.interbroker` | Kafka svc port for inter-broker connections | `9094` |
| `service.ports.external` | Kafka svc port for external connections | `9095` |
| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` |
| `service.nodePorts.client` | Node port for the Kafka client connections | `""` |
| `service.nodePorts.external` | Node port for the Kafka external connections | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` |
| `service.headless.controller.labels` | Labels for the controller-eligible headless service. | `{}` |
| `service.headless.broker.annotations` | Annotations for the broker-only headless service. | `{}` |
| `service.headless.broker.labels` | Labels for the broker-only headless service. | `{}` |
| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` |
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` |
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` |
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.12-debian-11-r29` |
| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.controller.forceExpose` | If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes | `false` |
| `externalAccess.controller.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.controller.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.controller.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.controller.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.controller.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.controller.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.controller.service.labels` | Service labels for external access | `{}` |
| `externalAccess.controller.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.controller.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `externalAccess.broker.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.broker.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.broker.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.broker.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.broker.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.broker.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.broker.service.labels` | Service labels for external access | `{}` |
| `externalAccess.broker.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.broker.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
| Name | Description | Value |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.client` | Kafka svc port for client connections | `9092` |
| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` |
| `service.ports.interbroker` | Kafka svc port for inter-broker connections | `9094` |
| `service.ports.external` | Kafka svc port for external connections | `9095` |
| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` |
| `service.nodePorts.client` | Node port for the Kafka client connections | `""` |
| `service.nodePorts.external` | Node port for the Kafka external connections | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` |
| `service.headless.controller.labels` | Labels for the controller-eligible headless service. | `{}` |
| `service.headless.broker.annotations` | Annotations for the broker-only headless service. | `{}` |
| `service.headless.broker.labels` | Labels for the broker-only headless service. | `{}` |
| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` |
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` |
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` |
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.13-debian-11-r5` |
| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.controller.forceExpose` | If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes | `false` |
| `externalAccess.controller.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.controller.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.controller.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.controller.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.controller.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.controller.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.controller.service.labels` | Service labels for external access | `{}` |
| `externalAccess.controller.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.controller.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `externalAccess.broker.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.broker.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.broker.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.broker.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.broker.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.broker.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.broker.service.labels` | Service labels for external access | `{}` |
| `externalAccess.broker.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.broker.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
### Volume Permissions parameters
@ -440,7 +440,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r43` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r51` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -465,7 +465,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` |
| `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` |
| `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` |
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r85` |
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r93` |
| `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` |
| `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -519,7 +519,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.kafkaJmxPort` | JMX port where the exporter will collect metrics, exposed in the Kafka container. | `5555` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r49` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r57` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -1087,6 +1087,10 @@ This guide is an adaptation from upstream documentation: [Migrate from ZooKeeper
## Upgrading
### To 25.0.0
This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200).
### To 24.0.0
This major version is a refactor of the Kafka chart and its architecture, to better adapt to Kraft features introduced in version 22.0.0.
@ -1209,10 +1213,6 @@ kubectl apply -f $NEW_PVC_MANIFEST_FILE
Repeat this process for each replica you had in your Kafka cluster. Once completed, upgrade the cluster and the new Statefulset should reuse the existing PVCs.
### To 25.0.0
This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200).
### To 23.0.0
This major updates Kafka to its newest version, 3.5.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/35/documentation.html#upgrade).
@ -1424,4 +1424,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.

4
charts/bitnami/kafka/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.9.0
appVersion: 2.9.1
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.9.0
version: 2.9.1

30
charts/bitnami/kafka/charts/common/templates/_affinities.tpl
View File

@ -60,12 +60,13 @@ Return a topologyKey definition
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution:
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1
{{- range $extraPodAffinityTerms }}
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: {{ .weight | default 1 -}}
{{- end -}}
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution:
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- range $extraPodAffinityTerms }}
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{- end -}}
{{/*

2
charts/bitnami/kafka/charts/zookeeper/Chart.yaml
View File

@ -26,4 +26,4 @@ maintainers:
name: zookeeper
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.1.0
version: 12.1.1

4
charts/bitnami/kafka/charts/zookeeper/README.md
View File

@ -423,6 +423,10 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
### To 12.0.0
This new version of the chart includes the new ZooKeeper major version 3.9.x. For more information, please refer to [Zookeeper 3.9.0 Release Notes](https://zookeeper.apache.org/doc/r3.9.0/releasenotes.html)
### To 11.0.0
This major version removes `commonAnnotations` and `commonLabels` from `volumeClaimTemplates`. Now annotations and labels can be set in volume claims using `persistence.annotations` and `persistence.labels` values. If the previous deployment has already set `commonAnnotations` and/or `commonLabels` values, to ensure a clean upgrade from previous version without loosing data, please set `persistence.annotations` and/or `persistence.labels` values with the same content as the common values.

4
charts/bitnami/kafka/templates/broker/statefulset.yaml
View File

@ -61,8 +61,8 @@ spec:
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.broker.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.broker.nodeAffinityPreset.type "key" .Values.broker.nodeAffinityPreset.key "values" .Values.broker.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.broker.nodeSelector }}

4
charts/bitnami/kafka/templates/controller-eligible/statefulset.yaml
View File

@ -61,8 +61,8 @@ spec:
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.controller.nodeSelector }}

10
charts/bitnami/kafka/templates/metrics/deployment.yaml
View File

@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- $releaseNamespace := include "common.names.namespace" . -}}
{{- $clusterDomain := .Values.clusterDomain -}}
{{- $fullname := include "common.names.fullname" . -}}
{{- $servicePort := int .Values.service.ports.client -}}
{{- $containerPort := int .Values.listeners.client.containerPort -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
@ -40,8 +40,8 @@ spec:
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "cluster-metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "cluster-metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.kafka.nodeAffinityPreset.type "key" .Values.metrics.kafka.nodeAffinityPreset.key "values" .Values.metrics.kafka.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.metrics.kafka.nodeSelector }}
@ -92,10 +92,10 @@ spec:
- |
kafka_exporter \
{{- range $i := until (int .Values.controller.replicaCount) }}
--kafka.server={{ $fullname }}-controller-{{ $i }}.{{ $fullname }}-controller-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }} \
--kafka.server={{ $fullname }}-controller-{{ $i }}.{{ $fullname }}-controller-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $containerPort }} \
{{- end }}
{{- range $i := until (int .Values.broker.replicaCount) }}
--kafka.server={{ $fullname }}-broker-{{ $i }}.{{ $fullname }}-broker-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }} \
--kafka.server={{ $fullname }}-broker-{{ $i }}.{{ $fullname }}-broker-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $containerPort }} \
{{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }}
--sasl.enabled \

10
charts/bitnami/kafka/values.yaml
View File

@ -80,7 +80,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/kafka
tag: 3.5.1-debian-11-r25
tag: 3.5.1-debian-11-r35
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1254,7 +1254,7 @@ externalAccess:
image:
registry: docker.io
repository: bitnami/kubectl
tag: 1.25.12-debian-11-r29
tag: 1.25.13-debian-11-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1504,7 +1504,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r43
tag: 11-debian-11-r51
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1586,7 +1586,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/kafka-exporter
tag: 1.7.0-debian-11-r85
tag: 1.7.0-debian-11-r93
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1840,7 +1840,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/jmx-exporter
tag: 0.19.0-debian-11-r49
tag: 0.19.0-debian-11-r57
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

8
charts/bitnami/wordpress/Chart.lock
View File

@ -4,9 +4,9 @@ dependencies:
version: 6.6.0
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.1.0
version: 13.1.2
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.9.0
digest: sha256:19433d22b87927464569967e128b716709f4b8e8c99e59c5b6d00b6c61ed98f4
generated: "2023-08-23T12:48:27.768104+02:00"
version: 2.9.1
digest: sha256:5df6e862af69422cc6e287bf9dd560b3a1e56d3b49b4bc81132b0db10903cd80
generated: "2023-08-30T09:41:25.351778314Z"

10
charts/bitnami/wordpress/Chart.yaml
View File

@ -6,14 +6,14 @@ annotations:
category: CMS
images: |
- name: apache-exporter
image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r23
image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r29
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r45
image: docker.io/bitnami/os-shell:11-debian-11-r51
- name: wordpress
image: docker.io/bitnami/wordpress:6.3.0-debian-11-r13
image: docker.io/bitnami/wordpress:6.3.1-debian-11-r0
licenses: Apache-2.0
apiVersion: v2
appVersion: 6.3.0
appVersion: 6.3.1
dependencies:
- condition: memcached.enabled
name: memcached
@ -47,4 +47,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 17.1.3
version: 17.1.4

22
charts/bitnami/wordpress/README.md
View File

@ -78,15 +78,15 @@ The command removes all the Kubernetes components associated with the chart and
### WordPress Image parameters
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.0-debian-11-r13` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.1-debian-11-r0` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
### WordPress Configuration parameters
@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r45` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r51` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r23` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r29` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |

4
charts/bitnami/wordpress/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.9.0
appVersion: 2.9.1
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.9.0
version: 2.9.1

30
charts/bitnami/wordpress/charts/common/templates/_affinities.tpl
View File

@ -60,12 +60,13 @@ Return a topologyKey definition
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution:
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1
{{- range $extraPodAffinityTerms }}
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: {{ .weight | default 1 -}}
{{- end -}}
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution:
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- range $extraPodAffinityTerms }}
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{- end -}}
{{/*

2
charts/bitnami/wordpress/charts/mariadb/Chart.yaml
View File

@ -33,4 +33,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 13.1.0
version: 13.1.2

2
charts/bitnami/wordpress/charts/mariadb/templates/primary/svc.yaml
View File

@ -27,7 +27,7 @@ spec:
externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }}
{{ end }}
{{- if (and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }}

2
charts/bitnami/wordpress/charts/mariadb/templates/secondary/svc.yaml
View File

@ -28,7 +28,7 @@ spec:
externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ .Values.secondary.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }}
{{ end }}
{{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }}

6
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.3.0-debian-11-r13
tag: 6.3.1-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -766,7 +766,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r45
tag: 11-debian-11-r51
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -860,7 +860,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 1.0.1-debian-11-r23
tag: 1.0.1-debian-11-r29
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

2
charts/fairwinds/polaris/Chart.yaml
View File

@ -12,4 +12,4 @@ maintainers:
- email: robertb@fairwinds.com
name: rbren
name: polaris
version: 5.13.0
version: 5.14.0

1
charts/fairwinds/polaris/README.md
View File

@ -79,6 +79,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
| webhook.validate | bool | `true` | Enables the Validating Webhook, to reject resources with issues |
| webhook.mutate | bool | `false` | Enables the Mutating Webhook, to modify resources with issues |
| webhook.replicas | int | `2` | Number of replicas |
| webhook.logLevel | string | `"info"` | Set the logging level for the Webhook command |
| webhook.nodeSelector | object | `{}` | Webhook pod nodeSelector |
| webhook.tolerations | list | `[]` | Webhook pod tolerations |
| webhook.affinity | object | `{}` | Webhook pods affinity |

3
charts/fairwinds/polaris/templates/webhook.deployment.yaml
View File

@ -52,6 +52,9 @@ spec:
{{- end }}
- --validate={{ .Values.webhook.validate }}
- --mutate={{ .Values.webhook.mutate }}
{{- if .Values.webhook.logLevel }}
- --log-level={{ .Values.webhook.logLevel }}
{{- end }}
image: '{{.Values.image.repository}}:{{.Values.image.tag | default .Chart.AppVersion }}'
imagePullPolicy: '{{.Values.image.pullPolicy}}'
ports:

2
charts/fairwinds/polaris/values.yaml
View File

@ -139,6 +139,8 @@ webhook:
mutate: false
# webhook.replicas -- Number of replicas
replicas: 2
# webhook.logLevel -- Set the logging level for the Webhook command
logLevel: info
# webhook.nodeSelector -- Webhook pod nodeSelector
nodeSelector: {}
# webhook.tolerations -- Webhook pod tolerations

6
charts/harbor/harbor/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>=1.20-0'
catalog.cattle.io/release-name: harbor
apiVersion: v1
appVersion: 2.8.4
appVersion: 2.9.0
description: An open source trusted cloud native registry that stores, signs, and
scans content
home: https://goharbor.io
icon: https://raw.githubusercontent.com/goharbor/website/master/static/img/logos/harbor-icon-color.png
icon: https://raw.githubusercontent.com/goharbor/website/main/static/img/logos/harbor-icon-color.png
keywords:
- docker
- registry
@ -24,4 +24,4 @@ name: harbor
sources:
- https://github.com/goharbor/harbor
- https://github.com/goharbor/harbor-helm
version: 1.12.4
version: 1.13.0

48
charts/harbor/harbor/README.md
View File

@ -1,6 +1,6 @@
# Helm Chart for Harbor
**Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be find [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment.
**Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be found [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment.
This repository, including the issues, focuses on deploying Harbor chart via helm. For functionality issues or Harbor questions, please open issues on [goharbor/harbor](https://github.com/goharbor/harbor)
@ -38,7 +38,7 @@ The following items can be set via `--set` flag during installation or configure
The external URL for Harbor core service is used to:
1. populate the docker/helm commands showed on portal
2. populate the token service URL returned to docker/notary client
2. populate the token service URL returned to docker client
Format: `protocol://domain[:port]`. Usually:
@ -83,37 +83,30 @@ The following table lists the configurable parameters of the Harbor chart and th
| `expose.tls.certSource` | The source of the TLS certificate. Set as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the TLS certificate automatically 2) secret: read the TLS certificate from the specified secret. The TLS certificate can be generated manually or by cert manager 3) none: configure no TLS certificate for the ingress. If the default TLS certificate is configured in the ingress controller, choose this option | `auto` |
| `expose.tls.auto.commonName` | The common name used to generate the certificate, it's necessary when the type isn't `ingress` | |
| `expose.tls.secret.secretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key | |
| `expose.tls.secret.notarySecretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key. Only needed when the `expose.type` is `ingress` | |
| `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` |
| `expose.ingress.hosts.notary` | The host of Harbor Notary service in ingress rule | `notary.harbor.domain` |
| `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce`, `alb`, `f5-bigip` and `ncp` | `default` |
| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | |
| `expose.ingress.annotations` | The annotations used commonly for ingresses | |
| `expose.ingress.harbor.annotations` | The annotations specific to harbor ingress | {} |
| `expose.ingress.harbor.labels` | The labels specific to harbor ingress | {} |
| `expose.ingress.notary.annotations` | The annotations specific to notary ingress | {} |
| `expose.ingress.notary.labels` | The labels specific to notary ingress | {} |
| `expose.clusterIP.name` | The name of ClusterIP service | `harbor` |
| `expose.clusterIP.annotations` | The annotations attached to the ClusterIP service | {} |
| `expose.clusterIP.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` |
| `expose.clusterIP.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `443` |
| `expose.clusterIP.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `4443` |
| `expose.nodePort.name` | The name of NodePort service | `harbor` |
| `expose.nodePort.ports.http.port` | The service port Harbor listens on when serving HTTP | `80` |
| `expose.nodePort.ports.http.nodePort` | The node port Harbor listens on when serving HTTP | `30002` |
| `expose.nodePort.ports.https.port` | The service port Harbor listens on when serving HTTPS | `443` |
| `expose.nodePort.ports.https.nodePort` | The node port Harbor listens on when serving HTTPS | `30003` |
| `expose.nodePort.ports.notary.port` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `4443` |
| `expose.nodePort.ports.notary.nodePort` | The node port Notary listens on. Only needed when `notary.enabled` is set to `true` | `30004` |
| `expose.loadBalancer.name` | The name of service | `harbor` |
| `expose.loadBalancer.IP` | The IP of the loadBalancer. It only works when loadBalancer supports assigning IP | `""` |
| `expose.loadBalancer.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` |
| `expose.loadBalancer.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `30002` |
| `expose.loadBalancer.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | |
| `expose.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} |
| `expose.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] |
| **Internal TLS** | | |
| `internalTLS.enabled` | Enable TLS for the components (core, jobservice, portal, registry, trivy) | `false` |
| `internalTLS.strong_ssl_ciphers` | Enable strong ssl ciphers for nginx and portal | `false`
| `internalTLS.certSource` | Method to provide TLS for the components, options are `auto`, `manual`, `secret`. | `auto` |
| `internalTLS.trustCa` | The content of trust CA, only available when `certSource` is `manual`. **Note**: all the internal certificates of the components must be issued by this CA | |
| `internalTLS.core.secretName` | The secret name for core component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
@ -201,6 +194,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `nginx.nodeSelector` | Node labels for pod assignment | `{}` |
| `nginx.tolerations` | Tolerations for pod assignment | `[]` |
| `nginx.affinity` | Node/Pod affinities | `{}` |
| `nginx.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `nginx.podAnnotations` | Annotations to add to the nginx pod | `{}` |
| `nginx.priorityClassName` | The priority class to run the pod as | |
| **Portal** | | |
@ -213,6 +207,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `portal.nodeSelector` | Node labels for pod assignment | `{}` |
| `portal.tolerations` | Tolerations for pod assignment | `[]` |
| `portal.affinity` | Node/Pod affinities | `{}` |
| `portal.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `portal.podAnnotations` | Annotations to add to the portal pod | `{}` |
| `portal.priorityClassName` | The priority class to run the pod as | |
| **Core** | | |
@ -226,8 +221,11 @@ The following table lists the configurable parameters of the Harbor chart and th
| `core.nodeSelector` | Node labels for pod assignment | `{}` |
| `core.tolerations` | Tolerations for pod assignment | `[]` |
| `core.affinity` | Node/Pod affinities | `{}` |
| `core.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `core.podAnnotations` | Annotations to add to the core pod | `{}` |
| `core.serviceAnnotations` | Annotations to add to the core service | `{}` |
| `core.configureUserSettings` | A JSON string to set in the environment variable `CONFIG_OVERWRITE_JSON` to configure user settings. See the [official docs](https://goharbor.io/docs/latest/install-config/configure-user-settings-cli/#configure-users-settings-using-an-environment-variable). | |
| `core.quotaUpdateProvider` | The provider for updating project quota(usage), there are 2 options, redis or db. By default it is implemented by db but you can configure it to redis which can improve the performance of high concurrent pushing to the same project, and reduce the database connections spike and occupies. Using redis will bring up some delay for quota usage updation for display, so only suggest switch provider to redis if you were ran into the db connections spike around the scenario of high concurrent pushing to same project, no improvment for other scenes. | `db` |
| `core.secret` | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| `core.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain keys named: `tls.crt` - the certificate and `tls.key` - the private key. The default key pair will be used if it isn't set | |
| `core.tokenKey` | PEM-formatted RSA private key used to sign service tokens. Only used if `core.secretName` is unset. If set, `core.tokenCert` MUST also be set. | |
@ -253,6 +251,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `jobservice.nodeSelector` | Node labels for pod assignment | `{}` |
| `jobservice.tolerations` | Tolerations for pod assignment | `[]` |
| `jobservice.affinity` | Node/Pod affinities | `{}` |
| `jobservice.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `jobservice.podAnnotations` | Annotations to add to the jobservice pod | `{}` |
| `jobservice.priorityClassName` | The priority class to run the pod as | |
| `jobservice.secret` | Secret is used when job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
@ -269,12 +268,13 @@ The following table lists the configurable parameters of the Harbor chart and th
| `registry.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `registry.tolerations` | Tolerations for pod assignment | `[]` |
| `registry.affinity` | Node/Pod affinities | `{}` |
| `registry.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `registry.middleware` | Middleware is used to add support for a CDN between backend storage and `docker pull` recipient. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#middleware). | |
| `registry.podAnnotations` | Annotations to add to the registry pod | `{}` |
| `registry.priorityClassName` | The priority class to run the pod as | |
| `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| `registry.credentials.username` | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
| `registry.credentials.password` | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
| `registry.credentials.username` | The username that harbor core uses internally to access the registry instance. Together with the `registry.credentials.password`, a htpasswd  is created. This is an alternative to providing `registry.credentials.htpasswdString`. For more details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
| `registry.credentials.password` | The password that harbor core uses internally to access the registry instance. Together with the `registry.credentials.username`, a htpasswd  is created. This is an alternative to providing `registry.credentials.htpasswdString`. For more details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_PASSWD` | `""` |
| `registry.credentials.htpasswdString` | Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. | undefined |
| `registry.relativeurls` | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | `false` |
@ -300,26 +300,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `trivy.timeout` | The duration to wait for scan completion | `5m0s` |
| `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | |
| `trivy.priorityClassName` | The priority class to run the pod as | |
| **Notary** | | |
| `notary.enabled` | Enable Notary? | `true` |
| `notary.server.image.repository` | Repository for notary server image | `goharbor/notary-server-photon` |
| `notary.server.image.tag` | Tag for notary server image | `dev` |
| `notary.server.replicas` | The replica count | `1` |
| `notary.server.resources` | The [resources] to allocate for container | undefined |
| `notary.server.priorityClassName` | The priority class to run the pod as | |
| `notary.server.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `notary.signer.image.repository` | Repository for notary signer image | `goharbor/notary-signer-photon` |
| `notary.signer.image.tag` | Tag for notary signer image | `dev` |
| `notary.signer.replicas` | The replica count | `1` |
| `notary.signer.resources` | The [resources] to allocate for container | undefined |
| `notary.signer.priorityClassName` | The priority class to run the pod as | |
| `notary.signer.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `notary.nodeSelector` | Node labels for pod assignment | `{}` |
| `notary.tolerations` | Tolerations for pod assignment | `[]` |
| `notary.affinity` | Node/Pod affinities | `{}` |
| `notary.podAnnotations` | Annotations to add to the notary pod | `{}` |
| `notary.serviceAnnotations` | Annotations to add to the notary service | `{}` |
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `ca.crt`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
| `trivy.topologySpreadConstraints` | The priority class to run the pod as | |
| **Database** | | |
| `database.type` | If external database is used, set it to `external` | `internal` |
| `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` |
@ -341,8 +322,6 @@ The following table lists the configurable parameters of the Harbor chart and th
| `database.external.username` | The username of external database | `user` |
| `database.external.password` | The password of external database | `password` |
| `database.external.coreDatabase` | The database used by core service | `registry` |
| `database.external.notaryServerDatabase` | The database used by Notary server | `notary_server` |
| `database.external.notarySignerDatabase` | The database used by Notary signer | `notary_signer` |
| `database.external.existingSecret` | An existing password containing the database password. the key must be `password`. | `""` |
| `database.external.sslmode` | Connection method of external database (require, verify-full, verify-ca, disable) | `disable` |
| `database.maxIdleConns` | The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. | `50` |
@ -384,6 +363,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `exporter.nodeSelector` | Node labels for pod assignment | `{}` |
| `exporter.tolerations` | Tolerations for pod assignment | `[]` |
| `exporter.affinity` | Node/Pod affinities | `{}` |
| `exporter.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `exporter.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `exporter.cacheDuration` | the cache duration for information that exporter collected from Harbor | `30` |
| `exporter.cacheCleanInterval` | cache clean interval for information that exporter collected from Harbor | `14400` |

28
charts/harbor/harbor/conf/notary-server.json
View File

@ -1,28 +0,0 @@
{
"server": {
"http_addr": ":4443"
},
"trust_service": {
"type": "remote",
"hostname": "{{ template "harbor.notary-signer" . }}",
"port": "7899",
"tls_ca_file": "/etc/ssl/notary/ca.crt",
"key_algorithm": "ecdsa"
},
"logging": {
"level": "{{ .Values.logLevel }}"
},
"storage": {
"backend": "postgres",
"db_url": "{{ template "harbor.database.notaryServer" . }}"
},
"auth": {
"type": "token",
"options": {
"realm": "{{ .Values.externalURL }}/service/token",
"service": "harbor-notary",
"issuer": "harbor-token-issuer",
"rootcertbundle": "/root.crt"
}
}
}

15
charts/harbor/harbor/conf/notary-signer.json
View File

@ -1,15 +0,0 @@
{
"server": {
"grpc_addr": ":7899",
"tls_cert_file": "/etc/ssl/notary/tls.crt",
"tls_key_file": "/etc/ssl/notary/tls.key"
},
"logging": {
"level": "{{ .Values.logLevel }}"
},
"storage": {
"backend": "postgres",
"db_url": "{{ template "harbor.database.notarySigner" . }}",
"default_alias": "defaultalias"
}
}

52
charts/harbor/harbor/templates/_helpers.tpl
View File

@ -111,22 +111,6 @@ app: "{{ template "harbor.name" . }}"
{{- end -}}
{{- end -}}
{{- define "harbor.database.notaryServerDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "notaryserver" -}}
{{- else -}}
{{- .Values.database.external.notaryServerDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.notarySignerDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "notarysigner" -}}
{{- else -}}
{{- .Values.database.external.notarySignerDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.sslmode" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "disable" -}}
@ -135,14 +119,6 @@ app: "{{ template "harbor.name" . }}"
{{- end -}}
{{- end -}}
{{- define "harbor.database.notaryServer" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.database.notarySigner" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.redis.scheme" -}}
{{- with .Values.redis }}
{{- ternary "redis+sentinel" "redis" (and (eq .type "external" ) (not (not .external.sentinelMasterSet))) }}
@ -263,14 +239,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- printf "%s-trivy" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.notary-server" -}}
{{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.notary-signer" -}}
{{- printf "%s-notary-signer" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.nginx" -}}
{{- printf "%s-nginx" (include "harbor.fullname" .) -}}
{{- end -}}
@ -283,12 +251,8 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- printf "%s-ingress" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.ingress-notary" -}}
{{- printf "%s-ingress-notary" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.noProxy" -}}
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
{{- end -}}
{{- define "harbor.caBundleVolume" -}}
@ -303,7 +267,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
subPath: ca.crt
{{- end -}}
{{/* scheme for all components except notary because it only support http mode */}}
{{/* scheme for all components because it only support http mode */}}
{{- define "harbor.component.scheme" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "https" -}}
@ -506,16 +470,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- end -}}
{{- end -}}
{{- define "harbor.tlsNotarySecretForIngress" -}}
{{- if eq .Values.expose.tls.certSource "none" -}}
{{- printf "" -}}
{{- else if eq .Values.expose.tls.certSource "secret" -}}
{{- .Values.expose.tls.secret.notarySecretName -}}
{{- else -}}
{{- include "harbor.ingress" . -}}
{{- end -}}
{{- end -}}
{{- define "harbor.tlsSecretForNginx" -}}
{{- if eq .Values.expose.tls.certSource "secret" -}}
{{- .Values.expose.tls.secret.secretName -}}
@ -537,7 +491,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
TRACE_SAMPLE_RATE: "{{ .Values.trace.sample_rate }}"
TRACE_NAMESPACE: "{{ .Values.trace.namespace }}"
{{- if .Values.trace.attributes }}
TRACE_ATTRIBUTES: "{{ .Values.trace.attributes | toJson }}"
TRACE_ATTRIBUTES: {{ .Values.trace.attributes | toJson | squote }}
{{- end }}
{{- if eq .Values.trace.provider "jaeger" }}
TRACE_JAEGER_ENDPOINT: "{{ .Values.trace.jaeger.endpoint }}"

6
charts/harbor/harbor/templates/core/core-cm.yaml
View File

@ -26,8 +26,6 @@ data:
JOBSERVICE_URL: "{{ template "harbor.jobserviceURL" . }}"
REGISTRY_URL: "{{ template "harbor.registryURL" . }}"
TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}"
WITH_NOTARY: "{{ .Values.notary.enabled }}"
NOTARY_URL: "http://{{ template "harbor.notary-server" . }}:4443"
CORE_LOCAL_URL: "{{ ternary "https://127.0.0.1:8443" "http://127.0.0.1:8080" .Values.internalTLS.enabled }}"
WITH_TRIVY: {{ .Values.trivy.enabled | quote }}
TRIVY_ADAPTER_URL: "{{ template "harbor.trivyAdapterURL" . }}"
@ -83,3 +81,7 @@ data:
CACHE_ENABLED: "true"
CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}"
{{- end }}
{{- if .Values.core.quotaUpdateProvider }}
QUOTA_UPDATE_PROVIDER: "{{ .Values.core.quotaUpdateProvider }}"
{{- end }}

16
charts/harbor/harbor/templates/core/core-dpl.yaml
View File

@ -17,6 +17,9 @@ spec:
labels:
{{ include "harbor.matchLabels" . | indent 8 }}
component: core
{{- if .Values.core.podLabels }}
{{ toYaml .Values.core.podLabels | indent 8 }}
{{- end }}
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
@ -42,6 +45,16 @@ spec:
{{- end }}
automountServiceAccountToken: {{ .Values.core.automountServiceAccountToken | default false }}
terminationGracePeriodSeconds: 120
{{- with .Values.core.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: core
{{- end }}
{{- end }}
containers:
- name: core
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
@ -117,6 +130,9 @@ spec:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- with .Values.core.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- containerPort: {{ template "harbor.core.containerPort" . }}
volumeMounts:

3
charts/harbor/harbor/templates/core/core-secret.yaml
View File

@ -25,4 +25,7 @@ data:
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
{{- end }}
CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }}
{{- if .Values.core.configureUserSettings }}
CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }}
{{- end }}
{{- template "harbor.traceJaegerPassword" . }}

6
charts/harbor/harbor/templates/database/database-ss.yaml
View File

@ -19,6 +19,9 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: database
{{- if .Values.database.podLabels }}
{{ toYaml .Values.database.podLabels | indent 8 }}
{{- end }}
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/database/database-secret.yaml") . | sha256sum }}
{{- if .Values.database.podAnnotations }}
@ -102,6 +105,9 @@ spec:
# more detail refer to https://github.com/goharbor/harbor-helm/issues/756
- name: PGDATA
value: "/var/lib/postgresql/data/pgdata"
{{- with .Values.database.internal.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: database-data
mountPath: /var/lib/postgresql/data

22
charts/harbor/harbor/templates/exporter/exporter-dpl.yaml
View File

@ -18,7 +18,15 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: exporter
{{- if .Values.exporter.podLabels }}
{{ toYaml .Values.exporter.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
checksum/tls: {{ include (print $.Template.BasePath "/core/core-tls.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.exporter.podAnnotations }}
{{ toYaml .Values.exporter.podAnnotations | indent 8 }}
{{- end }}
@ -34,6 +42,16 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.exporter.automountServiceAccountToken | default false }}
{{- with .Values.exporter.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: exporter
{{- end }}
{{- end }}
containers:
- name: exporter
image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
@ -74,6 +92,10 @@ spec:
{{- if .Values.exporter.resources }}
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
{{- end }}
{{- with .Values.exporter.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- containerPort: {{ template "harbor.core.containerPort" . }}

64
charts/harbor/harbor/templates/ingress/ingress.yaml
View File

@ -8,7 +8,6 @@
{{- $_ := set . "v2_path" "/v2/*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/*" -}}
{{- $_ := set . "controller_path" "/c/*" -}}
{{- $_ := set . "notary_path" "/" -}}
{{- else if eq .Values.expose.ingress.controller "ncp" }}
{{- $_ := set . "portal_path" "/.*" -}}
{{- $_ := set . "api_path" "/api/.*" -}}
@ -16,7 +15,6 @@
{{- $_ := set . "v2_path" "/v2/.*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}}
{{- $_ := set . "controller_path" "/c/.*" -}}
{{- $_ := set . "notary_path" "/.*" -}}
{{- else }}
{{- $_ := set . "portal_path" "/" -}}
{{- $_ := set . "api_path" "/api/" -}}
@ -24,7 +22,6 @@
{{- $_ := set . "v2_path" "/v2/" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/" -}}
{{- $_ := set . "controller_path" "/c/" -}}
{{- $_ := set . "notary_path" "/" -}}
{{- end }}
---
@ -145,65 +142,4 @@ spec:
host: {{ $ingress.hosts.core }}
{{- end }}
{{- if .Values.notary.enabled }}
---
{{- if semverCompare "<1.14-0" (include "harbor.ingress.kubeVersion" .) }}
apiVersion: extensions/v1beta1
{{- else if semverCompare "<1.19-0" (include "harbor.ingress.kubeVersion" .) }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: networking.k8s.io/v1
{{- end }}
kind: Ingress
metadata:
name: "{{ template "harbor.ingress-notary" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if $ingress.notary.labels }}
{{ toYaml $ingress.notary.labels | indent 4 }}
{{- end }}
annotations:
{{ toYaml $ingress.annotations | indent 4 }}
{{- if eq .Values.expose.ingress.controller "ncp" }}
ncp/use-regex: "true"
{{- if $tls.enabled }}
ncp/http-redirect: "true"
{{- end }}
{{- end }}
{{- if $ingress.notary.annotations }}
{{ toYaml $ingress.notary.annotations | indent 4 }}
{{- end }}
spec:
{{- if $ingress.className }}
ingressClassName: {{ $ingress.className }}
{{- end }}
{{- if $tls.enabled }}
tls:
- secretName: {{ template "harbor.tlsNotarySecretForIngress" . }}
{{- if $ingress.hosts.notary }}
hosts:
- {{ $ingress.hosts.notary }}
{{- end }}
{{- end }}
rules:
- http:
paths:
- path: {{ .notary_path }}
{{- if semverCompare "<1.19-0" (include "harbor.ingress.kubeVersion" .) }}
backend:
serviceName: {{ template "harbor.notary-server" . }}
servicePort: 4443
{{- else }}
pathType: Prefix
backend:
service:
name: {{ template "harbor.notary-server" . }}
port:
number: 4443
{{- end -}}
{{- if $ingress.hosts.notary }}
host: {{ $ingress.hosts.notary }}
{{- end }}
{{- end }}
{{- end }}

2
charts/harbor/harbor/templates/ingress/secret.yaml
View File

@ -1,6 +1,6 @@
{{- if eq (include "harbor.autoGenCertForIngress" .) "true" }}
{{- $ca := genCA "harbor-ca" 365 }}
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core .Values.expose.ingress.hosts.notary) 365 $ca }}
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:

16
charts/harbor/harbor/templates/jobservice/jobservice-dpl.yaml
View File

@ -22,6 +22,9 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: jobservice
{{- if .Values.jobservice.podLabels }}
{{ toYaml .Values.jobservice.podLabels | indent 8 }}
{{- end }}
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm.yaml") . | sha256sum }}
checksum/configmap-env: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm-env.yaml") . | sha256sum }}
@ -48,6 +51,16 @@ spec:
{{- end }}
automountServiceAccountToken: {{ .Values.jobservice.automountServiceAccountToken | default false }}
terminationGracePeriodSeconds: 120
{{- with .Values.jobservice.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: jobservice
{{- end }}
{{- end }}
containers:
- name: jobservice
image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
@ -93,6 +106,9 @@ spec:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- with .Values.jobservice.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "harbor.jobservice" . }}-env"

2
charts/harbor/harbor/templates/metrics/metrics-svcmon.yaml
View File

@ -1,4 +1,4 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:

53
charts/harbor/harbor/templates/nginx/configmap-https.yaml
View File

@ -36,12 +36,6 @@ data:
server "{{ template "harbor.portal" . }}:{{ template "harbor.portal.servicePort" . }}";
}
{{- if .Values.notary.enabled }}
upstream notary-server {
server {{ template "harbor.notary-server" . }}:4443;
}
{{- end }}
log_format timed_combined '[$time_local]:$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
@ -54,47 +48,6 @@ data:
"" $scheme;
}
{{- if .Values.notary.enabled }}
server {
{{- if .Values.ipFamily.ipv4.enabled }}
listen 4443 ssl;
{{- end}}
{{- if .Values.ipFamily.ipv6.enabled}}
listen [::]:4443 ssl;
{{- end }}
server_tokens off;
# ssl
ssl_certificate /etc/nginx/cert/tls.crt;
ssl_certificate_key /etc/nginx/cert/tls.key;
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
ssl_protocols tlsv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:ssl:10m;
# disable any limits to avoid http 413 for large image uploads
client_max_body_size 0;
# required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2/ {
proxy_pass http://notary-server/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_buffering off;
proxy_request_buffering off;
proxy_send_timeout 900;
proxy_read_timeout 900;
}
}
{{- end }}
server {
{{- if .Values.ipFamily.ipv4.enabled }}
listen 8443 ssl;
@ -109,8 +62,12 @@ data:
ssl_certificate_key /etc/nginx/cert/tls.key;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
{{- if .Values.internalTLS.strong_ssl_ciphers }}
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
{{ else }}
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
{{- end }}
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

17
charts/harbor/harbor/templates/nginx/deployment.yaml
View File

@ -18,6 +18,9 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: nginx
{{- if .Values.nginx.podLabels }}
{{ toYaml .Values.nginx.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.expose.tls.enabled }}
checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }}
@ -42,6 +45,16 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken | default false }}
{{- with .Values.nginx.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: nginx
{{- end }}
{{- end }}
containers:
- name: nginx
image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
@ -69,6 +82,10 @@ spec:
{{- if .Values.nginx.resources }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- end }}
{{- with .Values.nginx.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- containerPort: 8080

18
charts/harbor/harbor/templates/nginx/service.yaml
View File

@ -22,11 +22,6 @@ spec:
port: {{ $clusterIP.ports.httpsPort }}
targetPort: 8443
{{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $clusterIP.ports.notaryPort }}
targetPort: 4443
{{- end }}
{{- else if eq .Values.expose.type "nodePort" }}
{{- $nodePort := .Values.expose.nodePort }}
name: {{ $nodePort.name }}
@ -49,14 +44,6 @@ spec:
nodePort: {{ $nodePort.ports.https.nodePort }}
{{- end }}
{{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $nodePort.ports.notary.port }}
targetPort: 4443
{{- if $nodePort.ports.notary.nodePort }}
nodePort: {{ $nodePort.ports.notary.nodePort }}
{{- end }}
{{- end }}
{{- else if eq .Values.expose.type "loadBalancer" }}
{{- $loadBalancer := .Values.expose.loadBalancer }}
name: {{ $loadBalancer.name }}
@ -84,11 +71,6 @@ spec:
port: {{ $loadBalancer.ports.httpsPort }}
targetPort: 8443
{{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $loadBalancer.ports.notaryPort }}
targetPort: 4443
{{- end }}
{{- end }}
selector:
{{ include "harbor.matchLabels" . | indent 4 }}

22
charts/harbor/harbor/templates/notary/notary-secret.yaml
View File

@ -1,22 +0,0 @@
{{- if and .Values.notary.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.notary-server" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: notary
type: Opaque
data:
{{- if not .Values.notary.secretName }}
{{- $ca := genCA "harbor-notary-ca" 365 }}
{{- $cert := genSignedCert (include "harbor.notary-signer" .) nil (list (include "harbor.notary-signer" .)) 365 $ca }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
{{- end }}
server.json: {{ tpl (.Files.Get "conf/notary-server.json") . | b64enc }}
signer.json: {{ tpl (.Files.Get "conf/notary-signer.json") . | b64enc }}
NOTARY_SERVER_DB_URL: {{ include "harbor.database.notaryServer" . | b64enc }}
NOTARY_SIGNER_DB_URL: {{ include "harbor.database.notarySigner" . | b64enc }}
{{- end }}

111
charts/harbor/harbor/templates/notary/notary-server.yaml
View File

@ -1,111 +0,0 @@
{{ if .Values.notary.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.notary-server" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: notary-server
spec:
replicas: {{ .Values.notary.server.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: notary-server
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: notary-server
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if .Values.notary.server.podAnnotations }}
{{ toYaml .Values.notary.server.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
{{- if .Values.notary.server.serviceAccountName }}
serviceAccountName: {{ .Values.notary.server.serviceAccountName }}
{{- end -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.notary.server.automountServiceAccountToken | default false }}
containers:
- name: notary-server
image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /_notary_server/health
scheme: "HTTP"
port: 4443
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /_notary_server/health
scheme: "HTTP"
port: 4443
initialDelaySeconds: 20
periodSeconds: 10
{{- if .Values.notary.server.resources }}
resources:
{{ toYaml .Values.notary.server.resources | indent 10 }}
{{- end }}
env:
- name: MIGRATIONS_PATH
value: migrations/server/postgresql
- name: DB_URL
valueFrom:
secretKeyRef:
name: {{ template "harbor.notary-server" . }}
key: NOTARY_SERVER_DB_URL
volumeMounts:
- name: config
mountPath: /etc/notary/server-config.postgres.json
subPath: server.json
- name: token-service-certificate
mountPath: /root.crt
subPath: tls.crt
- name: signer-certificate
mountPath: /etc/ssl/notary/ca.crt
subPath: ca.crt
volumes:
- name: config
secret:
secretName: "{{ template "harbor.notary-server" . }}"
- name: token-service-certificate
secret:
{{- if .Values.core.secretName }}
secretName: {{ .Values.core.secretName }}
{{- else }}
secretName: {{ template "harbor.core" . }}
{{- end }}
- name: signer-certificate
secret:
{{- if .Values.notary.secretName }}
secretName: {{ .Values.notary.secretName }}
{{- else }}
secretName: {{ template "harbor.notary-server" . }}
{{- end }}
{{- with .Values.notary.server.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.server.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.server.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.notary.server.priorityClassName }}
priorityClassName: {{ .Values.notary.server.priorityClassName }}
{{- end }}
{{ end }}

105
charts/harbor/harbor/templates/notary/notary-signer.yaml
View File

@ -1,105 +0,0 @@
{{ if .Values.notary.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.notary-signer" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: notary-signer
spec:
replicas: {{ .Values.notary.signer.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: notary-signer
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: notary-signer
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }}
{{- if .Values.notary.signer.podAnnotations }}
{{ toYaml .Values.notary.signer.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
{{- if .Values.notary.signer.serviceAccountName }}
serviceAccountName: {{ .Values.notary.signer.serviceAccountName }}
{{- end -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.notary.signer.automountServiceAccountToken | default false }}
containers:
- name: notary-signer
image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /
scheme: "HTTPS"
port: 7899
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /
scheme: "HTTPS"
port: 7899
initialDelaySeconds: 20
periodSeconds: 10
{{- if .Values.notary.signer.resources }}
resources:
{{ toYaml .Values.notary.signer.resources | indent 10 }}
{{- end }}
env:
- name: MIGRATIONS_PATH
value: migrations/signer/postgresql
- name: DB_URL
valueFrom:
secretKeyRef:
name: {{ template "harbor.notary-server" . }}
key: NOTARY_SIGNER_DB_URL
- name: NOTARY_SIGNER_DEFAULTALIAS
value: defaultalias
volumeMounts:
- name: config
mountPath: /etc/notary/signer-config.postgres.json
subPath: signer.json
- name: signer-certificate
mountPath: /etc/ssl/notary/tls.crt
subPath: tls.crt
- name: signer-certificate
mountPath: /etc/ssl/notary/tls.key
subPath: tls.key
volumes:
- name: config
secret:
secretName: "{{ template "harbor.notary-server" . }}"
- name: signer-certificate
secret:
{{- if .Values.notary.secretName }}
secretName: {{ .Values.notary.secretName }}
{{- else }}
secretName: {{ template "harbor.notary-server" . }}
{{- end }}
{{- with .Values.notary.signer.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.signer.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.signer.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.notary.signer.priorityClassName }}
priorityClassName: {{ .Values.notary.signer.priorityClassName }}
{{- end }}
{{ end }}

35
charts/harbor/harbor/templates/notary/notary-svc.yaml
View File

@ -1,35 +0,0 @@
{{ if .Values.notary.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.notary-server" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- with .Values.notary.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }}
type: NodePort
{{- end }}
ports:
- port: 4443
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: notary-server
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.notary-signer" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- port: 7899
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: notary-signer
{{ end }}

6
charts/harbor/harbor/templates/portal/configmap.yaml
View File

@ -30,8 +30,12 @@ data:
ssl_certificate_key /etc/harbor/ssl/portal/tls.key;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
{{- if .Values.internalTLS.strong_ssl_ciphers }}
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
{{ else }}
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
{{- end }}
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
{{- else }}

17
charts/harbor/harbor/templates/portal/deployment.yaml
View File

@ -17,6 +17,9 @@ spec:
labels:
{{ include "harbor.matchLabels" . | indent 8 }}
component: portal
{{- if .Values.portal.podLabels }}
{{ toYaml .Values.portal.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
@ -39,6 +42,16 @@ spec:
serviceAccountName: {{ .Values.portal.serviceAccountName }}
{{- end }}
automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }}
{{- with .Values.portal.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: portal
{{- end }}
{{- end }}
containers:
- name: portal
image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
@ -46,6 +59,10 @@ spec:
{{- if .Values.portal.resources }}
resources:
{{ toYaml .Values.portal.resources | indent 10 }}
{{- end }}
{{- with .Values.portal.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }}
livenessProbe:
httpGet:

7
charts/harbor/harbor/templates/redis/statefulset.yaml
View File

@ -19,6 +19,9 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: redis
{{- if .Values.redis.podLabels }}
{{ toYaml .Values.redis.podLabels | indent 8 }}
{{- end }}
{{- if .Values.redis.podAnnotations }}
annotations:
{{ toYaml .Values.redis.podAnnotations | indent 8 }}
@ -53,6 +56,10 @@ spec:
{{- if .Values.redis.internal.resources }}
resources:
{{ toYaml .Values.redis.internal.resources | indent 10 }}
{{- end }}
{{- with .Values.redis.internal.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: data

23
charts/harbor/harbor/templates/registry/registry-dpl.yaml
View File

@ -24,6 +24,9 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: registry
{{- if .Values.registry.podLabels }}
{{ toYaml .Values.registry.podLabels | indent 8 }}
{{- end }}
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }}
@ -51,6 +54,16 @@ spec:
{{- end }}
automountServiceAccountToken: {{ .Values.registry.automountServiceAccountToken | default false }}
terminationGracePeriodSeconds: 120
{{- with .Values.registry.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: registry
{{- end }}
{{- end }}
containers:
- name: registry
image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
@ -107,6 +120,9 @@ spec:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
key: AZURE_STORAGE_ACCESS_KEY
{{- end }}
{{- with .Values.registry.registry.extraEnvVars }}
{{- toYaml . | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ template "harbor.registry.containerPort" . }}
- containerPort: 5001
@ -172,6 +188,10 @@ spec:
name: "{{ template "harbor.registry" . }}"
- secretRef:
name: "{{ template "harbor.registryCtl" . }}"
{{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
- secretRef:
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
{{- end }}
env:
- name: CORE_SECRET
valueFrom:
@ -215,6 +235,9 @@ spec:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
key: AZURE_STORAGE_ACCESS_KEY
{{- end }}
{{- with .Values.registry.controller.extraEnvVars }}
{{- toYaml . | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ template "harbor.registryctl.containerPort" . }}
volumeMounts:

16
charts/harbor/harbor/templates/trivy/trivy-sts.yaml
View File

@ -19,6 +19,9 @@ spec:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: trivy
{{- if .Values.trivy.podLabels }}
{{ toYaml .Values.trivy.podLabels | indent 8 }}
{{- end }}
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/trivy/trivy-secret.yaml") . | sha256sum }}
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
@ -41,6 +44,16 @@ spec:
runAsUser: 10000
fsGroup: 10000
automountServiceAccountToken: {{ .Values.trivy.automountServiceAccountToken | default false }}
{{- with .Values.trivy.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: trivy
{{- end }}
{{- end }}
containers:
- name: trivy
image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}
@ -111,6 +124,9 @@ spec:
secretKeyRef:
name: {{ template "harbor.trivy" . }}
key: redisURL
{{- with .Values.trivy.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: api-server
containerPort: {{ template "harbor.trivy.containerPort" . }}

196
charts/harbor/harbor/values.yaml
View File

@ -26,15 +26,9 @@ expose:
# "tls.crt" - the certificate
# "tls.key" - the private key
secretName: ""
# The name of secret which contains keys named:
# "tls.crt" - the certificate
# "tls.key" - the private key
# Only needed when the "expose.type" is "ingress".
notarySecretName: ""
ingress:
hosts:
core: core.harbor.domain
notary: notary.harbor.domain
# set to the type of ingress controller if it has specific requirements.
# leave as `default` for most ingress controllers.
# set to `gce` if using the GCE ingress controller
@ -52,11 +46,6 @@ expose:
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
notary:
# notary ingress-specific annotations
annotations: {}
# notary ingress-specific labels
labels: {}
harbor:
# harbor ingress-specific annotations
annotations: {}
@ -71,10 +60,6 @@ expose:
# The service port Harbor listens on when serving HTTP
httpPort: 80
# The service port Harbor listens on when serving HTTPS
httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
notaryPort: 4443
nodePort:
# The name of NodePort service
name: harbor
@ -89,12 +74,6 @@ expose:
port: 443
# The node port Harbor listens on when serving HTTPS
nodePort: 30003
# Only needed when notary.enabled is set to true
notary:
# The service port Notary listens on
port: 4443
# The node port Notary listens on
nodePort: 30004
loadBalancer:
# The name of LoadBalancer service
name: harbor
@ -105,15 +84,12 @@ expose:
httpPort: 80
# The service port Harbor listens on when serving HTTPS
httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
notaryPort: 4443
annotations: {}
sourceRanges: []
# The external URL for Harbor core service. It is used to
# 1) populate the docker/helm commands showed on portal
# 2) populate the token service URL returned to docker/notary client
# 2) populate the token service URL returned to docker client
#
# Format: protocol://domain[:port]. Usually:
# 1) if "expose.type" is "ingress", the "domain" should be
@ -127,10 +103,12 @@ expose:
externalURL: https://core.harbor.domain
# The internal TLS used for harbor components secure communicating. In order to enable https
# in each components tls cert files need to provided in advance.
# in each component tls cert files need to provided in advance.
internalTLS:
# If internal TLS enabled
enabled: false
# enable strong ssl ciphers (default: false)
strong_ssl_ciphers: false
# There are three ways to provide tls
# 1) "auto" will generate cert automatically
# 2) "manual" need provide cert file manually in following value
@ -249,14 +227,14 @@ persistence:
annotations: {}
# Define which storage backend is used for registry to store
# images and charts. Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#storage
# for the detail.
imageChartStorage:
# Specify whether to disable `redirect` for images and chart storage, for
# backends which not supported it (such as using minio for `s3` storage type), please disable
# it. To disable redirects, simply set `disableredirect` to `true` instead.
# Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
# for the detail.
disableredirect: false
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
@ -284,7 +262,7 @@ persistence:
encodedkey: base64-encoded-json-key-file
#rootdirectory: /gcs/object/name/prefix
#chunksize: "5242880"
# To use existing secret, the key must be gcs-key.json
# To use existing secret, the key must be GCS_KEY_DATA
existingSecret: ""
useWorkloadIdentity: false
s3:
@ -400,7 +378,7 @@ enableMigrateHelmHook: false
nginx:
image:
repository: goharbor/nginx-photon
tag: v2.8.4
tag: v2.9.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -411,18 +389,27 @@ nginx:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as
priorityClassName:
portal:
image:
repository: goharbor/harbor-portal
tag: v2.8.4
tag: v2.9.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -433,18 +420,27 @@ portal:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as
priorityClassName:
core:
image:
repository: goharbor/harbor-core
tag: v2.8.4
tag: v2.9.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -459,18 +455,37 @@ core:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
## Additional service annotations
serviceAnnotations: {}
## User settings configuration json string
configureUserSettings:
# The provider for updating project quota(usage), there are 2 options, redis or db.
# By default it is implemented by db but you can configure it to redis which
# can improve the performance of high concurrent pushing to the same project,
# and reduce the database connections spike and occupies.
# Using redis will bring up some delay for quota usage updation for display, so only
# suggest switch provider to redis if you were ran into the db connections spike around
# the scenario of high concurrent pushing to same project, no improvment for other scenes.
quotaUpdateProvider: db # Or redis
# Secret is used when core server communicates with other components.
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
secret: ""
# Fill the name of a kubernetes secret if you want to use your own
# Fill in the name of a kubernetes secret if you want to use your own
# TLS certificate and private key for token encryption/decryption.
# The secret must contain keys named:
# "tls.key" - the private key
@ -497,7 +512,7 @@ core:
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v2.8.4
tag: v2.9.0
replicas: 1
revisionHistoryLimit: 10
# set the service account to be used, default if left empty
@ -525,11 +540,20 @@ jobservice:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints:
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
# Secret is used when job service communicates with other components.
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
@ -545,32 +569,42 @@ registry:
registry:
image:
repository: goharbor/registry-photon
tag: v2.8.4
tag: v2.9.0
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
controller:
image:
repository: goharbor/harbor-registryctl
tag: v2.8.4
tag: v2.9.0
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
replicas: 1
revisionHistoryLimit: 10
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as
priorityClassName:
# Secret is used to secure the upload state from client
# and registry storage backend.
# See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
# See: https://github.com/distribution/distribution/blob/main/docs/configuration.md#http
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
secret: ""
@ -610,7 +644,7 @@ trivy:
# repository the repository for Trivy adapter image
repository: goharbor/trivy-adapter-photon
# tag the tag for Trivy adapter image
tag: v2.8.4
tag: v2.9.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -668,66 +702,23 @@ trivy:
limits:
cpu: 1
memory: 1Gi
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as
priorityClassName:
notary:
enabled: true
server:
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
image:
repository: goharbor/notary-server-photon
tag: v2.8.4
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## The priority class to run the pod as
priorityClassName:
## Additional service annotations
serviceAnnotations: {}
signer:
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
image:
repository: goharbor/notary-signer-photon
tag: v2.8.4
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## The priority class to run the pod as
priorityClassName:
# Fill the name of a kubernetes secret if you want to use your own
# TLS certificate authority, certificate and private key for notary
# communications.
# The secret must contain keys named ca.crt, tls.crt and tls.key that
# contain the CA, certificate and private key.
# They will be generated if not set.
secretName: ""
database:
# if external database is used, set "type" to "external"
# and fill the connection information in "external" section
@ -739,7 +730,7 @@ database:
automountServiceAccountToken: false
image:
repository: goharbor/harbor-db
tag: v2.8.4
tag: v2.9.0
# The initial superuser password for internal database
password: "changeit"
# The size limit for Shared memory, pgSQL use it for shared_buffer
@ -756,6 +747,7 @@ database:
# The timeout used in readinessProbe; 1 to 5 seconds
readinessProbe:
timeoutSeconds: 1
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
@ -778,8 +770,6 @@ database:
username: "user"
password: "password"
coreDatabase: "registry"
notaryServerDatabase: "notary_server"
notarySignerDatabase: "notary_signer"
# if using existing secret, the key must be "password"
existingSecret: ""
# "disable" - No SSL
@ -799,6 +789,8 @@ database:
maxOpenConns: 900
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
redis:
# if external Redis is used, set "type" to "external"
@ -811,11 +803,12 @@ redis:
automountServiceAccountToken: false
image:
repository: goharbor/redis-photon
tag: v2.8.4
tag: v2.9.0
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
nodeSelector: {}
tolerations: []
affinity: {}
@ -855,6 +848,8 @@ redis:
existingSecret: ""
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
exporter:
replicas: 1
@ -863,16 +858,25 @@ exporter:
# requests:
# memory: 256Mi
# cpu: 100m
extraEnvVars: []
podAnnotations: {}
## Additional deployment labels
podLabels: {}
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
image:
repository: goharbor/harbor-exporter
tag: v2.8.4
tag: v2.9.0
nodeSelector: {}
tolerations: []
affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
cacheDuration: 23
cacheCleanInterval: 14400
## The priority class to run the pod as
@ -894,7 +898,7 @@ metrics:
port: 8001
## Create prometheus serviceMonitor to scrape harbor metrics.
## This requires the monitoring.coreos.com/v1 CRD. Please see
## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
##
serviceMonitor:
enabled: false

2
charts/koor-tech/koor-operator/Chart.lock
View File

@ -3,4 +3,4 @@ dependencies:
repository: https://charts.jetstack.io
version: v1.12.3
digest: sha256:3110ca458f8a903dc025408701614af03df859bf827824478ed68c785b0e6209
generated: "2023-08-29T05:47:05.106503476Z"
generated: "2023-08-30T06:44:07.371307817Z"

4
charts/koor-tech/koor-operator/Chart.yaml
View File

@ -14,7 +14,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19.0'
catalog.cattle.io/release-name: koor-operator
apiVersion: v2
appVersion: v0.3.5
appVersion: v0.3.6
dependencies:
- alias: certmanager
condition: certmanager.enabled
@ -33,4 +33,4 @@ name: koor-operator
sources:
- https://github.com/koor-tech/koor-operator/
type: application
version: 0.3.5
version: 0.3.6

2
charts/koor-tech/koor-operator/README.md
View File

@ -52,7 +52,7 @@ The following table lists the configurable parameters of the rook-operator chart
| `controllerManager.manager.args` | Operator args | `["--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080","--leader-elect"]` |
| `controllerManager.manager.containerSecurityContext` | Operator container security context | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` |
| `controllerManager.manager.image.repository` | Operator image repository | `"docker.io/koorinc/koor-operator"` |
| `controllerManager.manager.image.tag` | Operator image tag | `"v0.3.5"` |
| `controllerManager.manager.image.tag` | Operator image tag | `"v0.3.6"` |
| `controllerManager.manager.resources` | Operator container resources | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"10m","memory":"128Mi"}}` |
| `controllerManager.replicas` | | `1` |
| `koorCluster.spec.dashboardEnabled` | Enable the Ceph MGR dashboard. | `true` |

1
charts/koor-tech/koor-operator/templates/koorcluster-job.yaml
View File

@ -8,6 +8,7 @@ metadata:
{{- include "koor-operator.labels" . | nindent 4 }}
spec:
backoffLimit: 20
ttlSecondsAfterFinished: 0
template:
metadata:
name: {{ include "koor-operator.jobName" . }}

2
charts/koor-tech/koor-operator/values.yaml
View File

@ -49,7 +49,7 @@ controllerManager:
# -- Operator image repository
repository: docker.io/koorinc/koor-operator
# -- Operator image tag
tag: v0.3.5
tag: v0.3.6
# -- Operator container resources
resources:
limits:

4
charts/kuma/kuma/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/namespace: kuma-system
catalog.cattle.io/release-name: kuma
apiVersion: v2
appVersion: 2.3.2
appVersion: 2.4.0
description: A Helm chart for the Kuma Control Plane
home: https://github.com/kumahq/kuma
icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
@ -20,4 +20,4 @@ maintainers:
name: nickolaev
name: kuma
type: application
version: 2.3.2
version: 2.4.0

2
charts/kuma/kuma/README.md
View File

@ -2,7 +2,7 @@
A Helm chart for the Kuma Control Plane
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.3.2](https://img.shields.io/badge/Version-2.3.2-informational?style=flat-square) ![AppVersion: 2.3.2](https://img.shields.io/badge/AppVersion-2.3.2-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square)
**Homepage:** <https://github.com/kumahq/kuma>

2
charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: circuitbreakers.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_containerpatches.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: containerpatches.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: dataplaneinsights.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_dataplanes.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: dataplanes.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_externalservices.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: externalservices.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_faultinjections.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: faultinjections.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_healthchecks.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: healthchecks.kuma.io
spec:
group: kuma.io

25
charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshaccesslogs.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshaccesslog
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -97,6 +104,11 @@ spec:
type: string
type: object
type: array
body:
description: Body is a raw string or an OTLP any
value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body
It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
x-kubernetes-preserve-unknown-fields: true
endpoint:
description: Endpoint of OpenTelemetry collector.
An empty port defaults to 4317.
@ -160,6 +172,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -194,6 +207,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -275,6 +289,11 @@ spec:
type: string
type: object
type: array
body:
description: Body is a raw string or an OTLP any
value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body
It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
x-kubernetes-preserve-unknown-fields: true
endpoint:
description: Endpoint of OpenTelemetry collector.
An empty port defaults to 4317.
@ -338,6 +357,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -368,3 +388,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

15
charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshcircuitbreakers.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshcircuitbreaker
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -301,6 +308,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -335,6 +343,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -619,6 +628,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -649,3 +659,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

2
charts/kuma/kuma/crds/kuma.io_meshes.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshes.kuma.io
spec:
group: kuma.io

14
charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshfaultinjections.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshfaultinjection
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -127,6 +134,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -161,6 +169,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -186,3 +195,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

2
charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshgatewayinstances.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshgatewayroutes.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_meshgateways.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshgateways.kuma.io
spec:
group: kuma.io

14
charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshhealthchecks.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshhealthcheck
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -45,6 +52,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -270,6 +278,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -300,3 +309,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

16
charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshhttproutes.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshhttproute
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -45,6 +52,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -88,6 +96,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -181,6 +190,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -473,6 +483,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -499,3 +510,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

2
charts/kuma/kuma/crds/kuma.io_meshinsights.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshinsights.kuma.io
spec:
group: kuma.io

14
charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshloadbalancingstrategies.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshloadbalancingstrategy
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -46,6 +53,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -382,6 +390,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -412,3 +421,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

13
charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshproxypatches.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshproxypatch
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -475,6 +482,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -501,3 +509,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

14
charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshratelimits.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshratelimit
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -165,6 +172,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -199,6 +207,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -224,3 +233,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

14
charts/kuma/kuma/crds/kuma.io_meshretries.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshretries.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshretry
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -45,6 +52,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -364,6 +372,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -394,3 +403,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

15
charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshtcproutes.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtcproute
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -45,6 +52,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -88,6 +96,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -132,6 +141,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -163,3 +173,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

15
charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshtimeouts.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtimeout
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -96,6 +103,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -130,6 +138,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -210,6 +219,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -240,3 +250,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

13
charts/kuma/kuma/crds/kuma.io_meshtraces.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshtraces.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtrace
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -193,6 +200,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -218,3 +226,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

14
charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: meshtrafficpermissions.kuma.io
spec:
group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtrafficpermission
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
@ -63,6 +70,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -97,6 +105,7 @@ spec:
enum:
- Mesh
- MeshSubset
- MeshGateway
- MeshService
- MeshServiceSubset
- MeshHTTPRoute
@ -122,3 +131,4 @@ spec:
type: object
served: true
storage: true
subresources: {}

2
charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: proxytemplates.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_ratelimits.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: ratelimits.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_retries.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: retries.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: serviceinsights.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_timeouts.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: timeouts.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: trafficlogs.kuma.io
spec:
group: kuma.io

2
charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml
View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
controller-gen.kubebuilder.io/version: v0.13.0
name: trafficpermissions.kuma.io
spec:
group: kuma.io

Some files were not shown because too many files have changed in this diff Show More