diff --git a/assets/argo/argo-cd-5.46.0.tgz b/assets/argo/argo-cd-5.46.0.tgz index 322a39aff..58369e0c7 100644 Binary files a/assets/argo/argo-cd-5.46.0.tgz and b/assets/argo/argo-cd-5.46.0.tgz differ diff --git a/assets/argo/argo-cd-5.46.2.tgz b/assets/argo/argo-cd-5.46.2.tgz new file mode 100644 index 000000000..6e492c5b9 Binary files /dev/null and b/assets/argo/argo-cd-5.46.2.tgz differ diff --git a/assets/bitnami/cassandra-10.5.3.tgz b/assets/bitnami/cassandra-10.5.3.tgz new file mode 100644 index 000000000..865a50981 Binary files /dev/null and b/assets/bitnami/cassandra-10.5.3.tgz differ diff --git a/assets/bitnami/mysql-9.12.2.tgz b/assets/bitnami/mysql-9.12.2.tgz new file mode 100644 index 000000000..990d8f933 Binary files /dev/null and b/assets/bitnami/mysql-9.12.2.tgz differ diff --git a/assets/bitnami/redis-18.0.4.tgz b/assets/bitnami/redis-18.0.4.tgz new file mode 100644 index 000000000..5b82cfd8c Binary files /dev/null and b/assets/bitnami/redis-18.0.4.tgz differ diff --git a/assets/bitnami/zookeeper-12.1.3.tgz b/assets/bitnami/zookeeper-12.1.3.tgz new file mode 100644 index 000000000..7b1461be6 Binary files /dev/null and b/assets/bitnami/zookeeper-12.1.3.tgz differ diff --git a/assets/cert-manager/cert-manager-v1.13.0.tgz b/assets/cert-manager/cert-manager-v1.13.0.tgz new file mode 100644 index 000000000..28cf9676d Binary files /dev/null and b/assets/cert-manager/cert-manager-v1.13.0.tgz differ diff --git a/assets/citrix/citrix-cpx-with-ingress-controller-1.35.6.tgz b/assets/citrix/citrix-cpx-with-ingress-controller-1.35.6.tgz new file mode 100644 index 000000000..727c79f15 Binary files /dev/null and b/assets/citrix/citrix-cpx-with-ingress-controller-1.35.6.tgz differ diff --git a/assets/citrix/citrix-ingress-controller-1.35.6.tgz b/assets/citrix/citrix-ingress-controller-1.35.6.tgz new file mode 100644 index 000000000..170e1ecdf Binary files /dev/null and b/assets/citrix/citrix-ingress-controller-1.35.6.tgz differ diff --git a/assets/crate/crate-operator-2.31.0.tgz b/assets/crate/crate-operator-2.31.0.tgz new file mode 100644 index 000000000..09f52336b Binary files /dev/null and b/assets/crate/crate-operator-2.31.0.tgz differ diff --git a/assets/datadog/datadog-3.36.0.tgz b/assets/datadog/datadog-3.36.0.tgz new file mode 100644 index 000000000..ad58a75df Binary files /dev/null and b/assets/datadog/datadog-3.36.0.tgz differ diff --git a/assets/datadog/datadog-operator-1.1.1.tgz b/assets/datadog/datadog-operator-1.1.1.tgz new file mode 100644 index 000000000..0bbe49e9c Binary files /dev/null and b/assets/datadog/datadog-operator-1.1.1.tgz differ diff --git a/assets/fairwinds/polaris-5.15.0.tgz b/assets/fairwinds/polaris-5.15.0.tgz new file mode 100644 index 000000000..f323c4277 Binary files /dev/null and b/assets/fairwinds/polaris-5.15.0.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.68.7.tgz b/assets/jfrog/artifactory-ha-107.68.7.tgz new file mode 100644 index 000000000..a950d66b2 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.68.7.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.68.7.tgz b/assets/jfrog/artifactory-jcr-107.68.7.tgz new file mode 100644 index 000000000..bd97631c6 Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.68.7.tgz differ diff --git a/assets/kasten/k10-6.0.701.tgz b/assets/kasten/k10-6.0.701.tgz new file mode 100644 index 000000000..f4790d292 Binary files /dev/null and b/assets/kasten/k10-6.0.701.tgz differ diff --git a/assets/kong/kong-2.27.0.tgz b/assets/kong/kong-2.27.0.tgz new file mode 100644 index 000000000..6584aa40e Binary files /dev/null and b/assets/kong/kong-2.27.0.tgz differ diff --git a/assets/minio/minio-operator-5.0.9.tgz b/assets/minio/minio-operator-5.0.9.tgz new file mode 100644 index 000000000..60e848470 Binary files /dev/null and b/assets/minio/minio-operator-5.0.9.tgz differ diff --git a/assets/redpanda/redpanda-5.3.4.tgz b/assets/redpanda/redpanda-5.3.4.tgz new file mode 100644 index 000000000..1dcd62432 Binary files /dev/null and b/assets/redpanda/redpanda-5.3.4.tgz differ diff --git a/assets/sysdig/sysdig-1.16.12.tgz b/assets/sysdig/sysdig-1.16.12.tgz new file mode 100644 index 000000000..5e4c8539f Binary files /dev/null and b/assets/sysdig/sysdig-1.16.12.tgz differ diff --git a/assets/trilio/k8s-triliovault-operator-3.1.3.tgz b/assets/trilio/k8s-triliovault-operator-3.1.3.tgz new file mode 100644 index 000000000..7c981f688 Binary files /dev/null and b/assets/trilio/k8s-triliovault-operator-3.1.3.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index edcc38010..e278974cc 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: added - description: added a toggle for the shared Helm working directory + - kind: changed + description: Improve readme migration notes artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -33,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.46.0 +version: 5.46.2 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 5b780b0bd..abb6be29e 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -106,7 +106,7 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. ### 5.35.0 -This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -126,7 +126,7 @@ This versions adds `global.affinity` options that are used as a presets. Overrid ### 5.19.0 -This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. ### 5.13.0 diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl index 058526862..b5d62a6ab 100644 --- a/charts/argo/argo-cd/templates/_helpers.tpl +++ b/charts/argo/argo-cd/templates/_helpers.tpl @@ -201,7 +201,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} {{- if .Values.applicationSet.enabled -}} -{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} {{- end -}} {{- toYaml $presets }} {{- end -}} diff --git a/charts/bitnami/cassandra/Chart.lock b/charts/bitnami/cassandra/Chart.lock index 6d4cb7174..f703ed914 100644 --- a/charts/bitnami/cassandra/Chart.lock +++ b/charts/bitnami/cassandra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.9.0 -digest: sha256:416ad278a896f0e9b51d5305bef5d875c7cca6fbb64b75e1f131b04763e2aff9 -generated: "2023-08-22T13:54:17.109546+02:00" + version: 2.10.0 +digest: sha256:023ded170632d04528f30332370f34fc8fb96efb2886a01d934cb3bd6e6d2e09 +generated: "2023-09-05T11:31:37.360128+02:00" diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index 40b47316e..6e5f106c0 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: Database images: | - name: cassandra-exporter - image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r383 + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r394 - name: cassandra - image: docker.io/bitnami/cassandra:4.1.3-debian-11-r24 + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r37 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r40 + image: docker.io/bitnami/os-shell:11-debian-11-r54 licenses: Apache-2.0 apiVersion: v2 appVersion: 4.1.3 @@ -35,4 +35,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.5.1 +version: 10.5.3 diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md index 7e09f82d8..da92ea299 100644 --- a/charts/bitnami/cassandra/README.md +++ b/charts/bitnami/cassandra/README.md @@ -81,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Cassandra image registry | `docker.io` | | `image.repository` | Cassandra image repository | `bitnami/cassandra` | -| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r24` | +| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r37` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` | @@ -232,7 +232,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r40` | +| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r54` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -247,7 +247,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | -| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r383` | +| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r394` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/cassandra/charts/common/Chart.yaml b/charts/bitnami/cassandra/charts/common/Chart.yaml index 644d2a798..e35c2d0e7 100644 --- a/charts/bitnami/cassandra/charts/common/Chart.yaml +++ b/charts/bitnami/cassandra/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.9.0 +version: 2.10.0 diff --git a/charts/bitnami/cassandra/charts/common/templates/_affinities.tpl b/charts/bitnami/cassandra/charts/common/templates/_affinities.tpl index b77534bb9..e85b1df45 100644 --- a/charts/bitnami/cassandra/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/cassandra/charts/common/templates/_affinities.tpl @@ -60,12 +60,13 @@ Return a topologyKey definition {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: @@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} {{- end -}} {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} @@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution: {{ $key }}: {{ $value | quote }} {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} {{- end -}} {{/* diff --git a/charts/bitnami/cassandra/charts/common/templates/_tplvalues.tpl b/charts/bitnami/cassandra/charts/common/templates/_tplvalues.tpl index dc15f7fdc..a8ed7637e 100644 --- a/charts/bitnami/cassandra/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/cassandra/charts/common/templates/_tplvalues.tpl @@ -11,17 +11,28 @@ Usage: {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} -{{- if .scope }} - {{- if typeIs "string" .value }} - {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} {{- else }} - {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- tpl $value .context }} {{- end }} {{- else }} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} + {{- $value }} +{{- end }} {{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} {{- end -}} diff --git a/charts/bitnami/cassandra/templates/headless-svc.yaml b/charts/bitnami/cassandra/templates/headless-svc.yaml index b494369b8..a9f77d28e 100644 --- a/charts/bitnami/cassandra/templates/headless-svc.yaml +++ b/charts/bitnami/cassandra/templates/headless-svc.yaml @@ -10,7 +10,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -29,5 +29,5 @@ spec: - name: cql port: {{ .Values.service.ports.cql }} targetPort: cql - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/bitnami/cassandra/templates/networkpolicy.yaml b/charts/bitnami/cassandra/templates/networkpolicy.yaml index 1019d9a63..7182dd866 100644 --- a/charts/bitnami/cassandra/templates/networkpolicy.yaml +++ b/charts/bitnami/cassandra/templates/networkpolicy.yaml @@ -14,7 +14,7 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} ingress: diff --git a/charts/bitnami/cassandra/templates/pdb.yaml b/charts/bitnami/cassandra/templates/pdb.yaml index f7c1c9dc3..07c37776a 100644 --- a/charts/bitnami/cassandra/templates/pdb.yaml +++ b/charts/bitnami/cassandra/templates/pdb.yaml @@ -20,7 +20,7 @@ spec: {{- if .Values.pdb.maxUnavailable }} maxUnavailable: {{ .Values.pdb.maxUnavailable }} {{- end }} - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} {{- end }} diff --git a/charts/bitnami/cassandra/templates/service.yaml b/charts/bitnami/cassandra/templates/service.yaml index f84409650..1dbb251a6 100644 --- a/charts/bitnami/cassandra/templates/service.yaml +++ b/charts/bitnami/cassandra/templates/service.yaml @@ -10,7 +10,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -52,5 +52,5 @@ spec: {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/bitnami/cassandra/templates/serviceaccount.yaml b/charts/bitnami/cassandra/templates/serviceaccount.yaml index b14c1985b..24e9b6984 100644 --- a/charts/bitnami/cassandra/templates/serviceaccount.yaml +++ b/charts/bitnami/cassandra/templates/serviceaccount.yaml @@ -11,7 +11,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} diff --git a/charts/bitnami/cassandra/templates/servicemonitor.yaml b/charts/bitnami/cassandra/templates/servicemonitor.yaml index 5b8713084..08748490f 100644 --- a/charts/bitnami/cassandra/templates/servicemonitor.yaml +++ b/charts/bitnami/cassandra/templates/servicemonitor.yaml @@ -9,7 +9,7 @@ kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - {{- $labels := merge .Values.metrics.serviceMonitor.labels .Values.commonLabels }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} diff --git a/charts/bitnami/cassandra/templates/statefulset.yaml b/charts/bitnami/cassandra/templates/statefulset.yaml index 4da03a0a1..30f929c67 100644 --- a/charts/bitnami/cassandra/templates/statefulset.yaml +++ b/charts/bitnami/cassandra/templates/statefulset.yaml @@ -13,7 +13,7 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} diff --git a/charts/bitnami/cassandra/values.schema.json b/charts/bitnami/cassandra/values.schema.json new file mode 100644 index 000000000..d1ef4fea9 --- /dev/null +++ b/charts/bitnami/cassandra/values.schema.json @@ -0,0 +1,1183 @@ +{ + "title": "Chart Values", + "type": "object", + "properties": { + "global": { + "type": "object", + "properties": { + "imageRegistry": { + "type": "string", + "description": "Global Docker image registry", + "default": "" + }, + "imagePullSecrets": { + "type": "array", + "description": "Global Docker registry secret names as an array", + "default": [], + "items": {} + }, + "storageClass": { + "type": "string", + "description": "Global StorageClass for Persistent Volume(s)", + "default": "" + } + } + }, + "nameOverride": { + "type": "string", + "description": "String to partially override common.names.fullname", + "default": "" + }, + "fullnameOverride": { + "type": "string", + "description": "String to fully override common.names.fullname", + "default": "" + }, + "kubeVersion": { + "type": "string", + "description": "Force target Kubernetes version (using Helm capabilities if not set)", + "default": "" + }, + "commonLabels": { + "type": "object", + "description": "Labels to add to all deployed objects (sub-charts are not considered)", + "default": {} + }, + "commonAnnotations": { + "type": "object", + "description": "Annotations to add to all deployed objects", + "default": {} + }, + "clusterDomain": { + "type": "string", + "description": "Kubernetes cluster domain name", + "default": "cluster.local" + }, + "extraDeploy": { + "type": "array", + "description": "Array of extra objects to deploy with the release", + "default": [], + "items": {} + }, + "diagnosticMode": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable diagnostic mode (all probes will be disabled and the command will be overridden)", + "default": false + }, + "command": { + "type": "array", + "description": "Command to override all containers in the deployment", + "default": [ + "sleep" + ], + "items": { + "type": "string" + } + }, + "args": { + "type": "array", + "description": "Args to override all containers in the deployment", + "default": [ + "infinity" + ], + "items": { + "type": "string" + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Cassandra image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "Cassandra image repository", + "default": "bitnami/cassandra" + }, + "tag": { + "type": "string", + "description": "Cassandra image tag (immutable tags are recommended)", + "default": "4.1.3-debian-11-r24" + }, + "digest": { + "type": "string", + "description": "Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "image pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Cassandra image pull secrets", + "default": [], + "items": {} + }, + "debug": { + "type": "boolean", + "description": "Enable image debug mode", + "default": false + } + } + }, + "dbUser": { + "type": "object", + "properties": { + "user": { + "type": "string", + "description": "Cassandra admin user", + "default": "cassandra" + }, + "forcePassword": { + "type": "boolean", + "description": "Force the user to provide a non", + "default": false + }, + "password": { + "type": "string", + "description": "Password for `dbUser.user`. Randomly generated if empty", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`)", + "default": "" + } + } + }, + "initDBConfigMap": { + "type": "string", + "description": "ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data", + "default": "" + }, + "initDBSecret": { + "type": "string", + "description": "Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data", + "default": "" + }, + "existingConfiguration": { + "type": "string", + "description": "ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart", + "default": "" + }, + "cluster": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Cassandra cluster name", + "default": "cassandra" + }, + "seedCount": { + "type": "number", + "description": "Number of seed nodes", + "default": 1 + }, + "numTokens": { + "type": "number", + "description": "Number of tokens for each node", + "default": 256 + }, + "datacenter": { + "type": "string", + "description": "Datacenter name", + "default": "dc1" + }, + "rack": { + "type": "string", + "description": "Rack name", + "default": "rack1" + }, + "endpointSnitch": { + "type": "string", + "description": "Endpoint Snitch", + "default": "SimpleSnitch" + }, + "internodeEncryption": { + "type": "string", + "description": "DEPRECATED: use tls.internode and tls.client instead. Encryption values.", + "default": "none" + }, + "clientEncryption": { + "type": "boolean", + "description": "Client Encryption", + "default": false + }, + "extraSeeds": { + "type": "array", + "description": "For an external/second cassandra ring.", + "default": [], + "items": {} + }, + "enableUDF": { + "type": "boolean", + "description": "Enable User defined functions", + "default": false + } + } + }, + "jvm": { + "type": "object", + "properties": { + "extraOpts": { + "type": "string", + "description": "Set the value for Java Virtual Machine extra options", + "default": "" + }, + "maxHeapSize": { + "type": "string", + "description": "Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil`", + "default": "" + }, + "newHeapSize": { + "type": "string", + "description": "Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil`", + "default": "" + } + } + }, + "command": { + "type": "array", + "description": "Command for running the container (set to default if not set). Use array form", + "default": [], + "items": {} + }, + "args": { + "type": "array", + "description": "Args for running the container (set to default if not set). Use array form", + "default": [], + "items": {} + }, + "extraEnvVars": { + "type": "array", + "description": "Extra environment variables to be set on cassandra container", + "default": [], + "items": {} + }, + "extraEnvVarsCM": { + "type": "string", + "description": "Name of existing ConfigMap containing extra env vars", + "default": "" + }, + "extraEnvVarsSecret": { + "type": "string", + "description": "Name of existing Secret containing extra env vars", + "default": "" + }, + "replicaCount": { + "type": "number", + "description": "Number of Cassandra replicas", + "default": 1 + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "updateStrategy for Cassandra statefulset", + "default": "RollingUpdate" + } + } + }, + "hostAliases": { + "type": "array", + "description": "Add deployment host aliases", + "default": [], + "items": {} + }, + "podManagementPolicy": { + "type": "string", + "description": "StatefulSet pod management policy", + "default": "OrderedReady" + }, + "priorityClassName": { + "type": "string", + "description": "Cassandra pods' priority.", + "default": "" + }, + "podAnnotations": { + "type": "object", + "description": "Additional pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "Additional pod labels", + "default": {} + }, + "podAffinityPreset": { + "type": "string", + "description": "Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`", + "default": "" + }, + "podAntiAffinityPreset": { + "type": "string", + "description": "Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`", + "default": "soft" + }, + "nodeAffinityPreset": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`", + "default": "" + }, + "key": { + "type": "string", + "description": "Node label key to match. Ignored if `affinity` is set", + "default": "" + }, + "values": { + "type": "array", + "description": "Node label values to match. Ignored if `affinity` is set", + "default": [], + "items": {} + } + } + }, + "affinity": { + "type": "object", + "description": "Affinity for pod assignment", + "default": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for pod assignment", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "Tolerations for pod assignment", + "default": [], + "items": {} + }, + "topologySpreadConstraints": { + "type": "array", + "description": "Topology Spread Constraints for pod assignment", + "default": [], + "items": {} + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enabled Cassandra pods' Security Context", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "Set Cassandra pod's Security Context fsGroup", + "default": 1001 + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enabled Cassandra containers' Security Context", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "Set Cassandra container's Security Context runAsUser", + "default": 1001 + }, + "runAsNonRoot": { + "type": "boolean", + "description": "Force the container to be run as non root", + "default": true + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for Cassandra containers", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for Cassandra containers", + "default": {} + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable livenessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for livenessProbe", + "default": 60 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for livenessProbe", + "default": 30 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for livenessProbe", + "default": 30 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for livenessProbe", + "default": 5 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for livenessProbe", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable readinessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 60 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for readinessProbe", + "default": 30 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 5 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable startupProbe", + "default": false + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for startupProbe", + "default": 0 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for startupProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for startupProbe", + "default": 5 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for startupProbe", + "default": 60 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for startupProbe", + "default": 1 + } + } + }, + "customLivenessProbe": { + "type": "object", + "description": "Custom livenessProbe that overrides the default one", + "default": {} + }, + "customReadinessProbe": { + "type": "object", + "description": "Custom readinessProbe that overrides the default one", + "default": {} + }, + "schedulerName": { + "type": "string", + "description": "Alternative scheduler", + "default": "" + }, + "terminationGracePeriodSeconds": { + "type": "string", + "description": "In seconds, time the given to the Cassandra pod needs to terminate gracefully", + "default": "" + }, + "extraVolumes": { + "type": "array", + "description": "Optionally specify extra list of additional volumes for cassandra container", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "Optionally specify extra list of additional volumeMounts for cassandra container", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "Add additional init containers to the cassandra pods", + "default": [], + "items": {} + }, + "sidecars": { + "type": "array", + "description": "Add additional sidecar containers to the cassandra pods", + "default": [], + "items": {} + }, + "pdb": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Enable/disable a Pod Disruption Budget creation", + "default": false + }, + "minAvailable": { + "type": "number", + "description": "Mininimum number of pods that must still be available after the eviction", + "default": 1 + }, + "maxUnavailable": { + "type": "string", + "description": "Max number of pods that can be unavailable after the eviction", + "default": "" + } + } + }, + "hostNetwork": { + "type": "boolean", + "description": "Enable HOST Network", + "default": false + }, + "containerPorts": { + "type": "object", + "properties": { + "intra": { + "type": "number", + "description": "Intra Port on the Host and Container", + "default": 7000 + }, + "tls": { + "type": "number", + "description": "TLS Port on the Host and Container", + "default": 7001 + }, + "jmx": { + "type": "number", + "description": "JMX Port on the Host and Container", + "default": 7199 + }, + "cql": { + "type": "number", + "description": "CQL Port on the Host and Container", + "default": 9042 + } + } + }, + "hostPorts": { + "type": "object", + "properties": { + "intra": { + "type": "string", + "description": "Intra Port on the Host", + "default": "" + }, + "tls": { + "type": "string", + "description": "TLS Port on the Host", + "default": "" + }, + "jmx": { + "type": "string", + "description": "JMX Port on the Host", + "default": "" + }, + "cql": { + "type": "string", + "description": "CQL Port on the Host", + "default": "" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Enable the creation of a ServiceAccount for Cassandra pods", + "default": true + }, + "name": { + "type": "string", + "description": "The name of the ServiceAccount to use.", + "default": "" + }, + "annotations": { + "type": "object", + "description": "Annotations for Cassandra Service Account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "Automount API credentials for a service account.", + "default": true + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Cassandra service type", + "default": "ClusterIP" + }, + "ports": { + "type": "object", + "properties": { + "cql": { + "type": "number", + "description": "Cassandra service CQL Port", + "default": 9042 + }, + "metrics": { + "type": "number", + "description": "Cassandra service metrics port", + "default": 8080 + } + } + }, + "nodePorts": { + "type": "object", + "properties": { + "cql": { + "type": "string", + "description": "Node port for CQL", + "default": "" + }, + "metrics": { + "type": "string", + "description": "Node port for metrics", + "default": "" + } + } + }, + "extraPorts": { + "type": "array", + "description": "Extra ports to expose in the service (normally used with the `sidecar` value)", + "default": [], + "items": {} + }, + "loadBalancerIP": { + "type": "string", + "description": "LoadBalancerIP if service type is `LoadBalancer`", + "default": "" + }, + "loadBalancerSourceRanges": { + "type": "array", + "description": "Service Load Balancer sources", + "default": [], + "items": {} + }, + "clusterIP": { + "type": "string", + "description": "Service Cluster IP", + "default": "" + }, + "externalTrafficPolicy": { + "type": "string", + "description": "Service external traffic policy", + "default": "Cluster" + }, + "annotations": { + "type": "object", + "description": "Provide any additional annotations which may be required.", + "default": {} + }, + "sessionAffinity": { + "type": "string", + "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", + "default": "None" + }, + "sessionAffinityConfig": { + "type": "object", + "description": "Additional settings for the sessionAffinity", + "default": {} + }, + "headless": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "Annotations for the headless service.", + "default": {} + } + } + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Specifies whether a NetworkPolicy should be created", + "default": false + }, + "allowExternal": { + "type": "boolean", + "description": "Don't require client label for connections", + "default": true + } + } + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir", + "default": true + }, + "existingClaim": { + "type": "string", + "description": "Name of an existing PVC to use", + "default": "" + }, + "storageClass": { + "type": "string", + "description": "PVC Storage Class for Cassandra data volume", + "default": "" + }, + "commitStorageClass": { + "type": "string", + "description": "PVC Storage Class for Cassandra Commit Log volume", + "default": "" + }, + "annotations": { + "type": "object", + "description": "Persistent Volume Claim annotations", + "default": {} + }, + "accessModes": { + "type": "array", + "description": "Persistent Volume Access Mode", + "default": [ + "ReadWriteOnce" + ], + "items": { + "type": "string" + } + }, + "size": { + "type": "string", + "description": "PVC Storage Request for Cassandra data volume", + "default": "8Gi" + }, + "commitLogsize": { + "type": "string", + "description": "PVC Storage Request for Cassandra commit log volume. Unset by default", + "default": "2Gi" + }, + "mountPath": { + "type": "string", + "description": "The path the data volume will be mounted at", + "default": "/bitnami/cassandra" + }, + "commitLogMountPath": { + "type": "string", + "description": "The path the commit log volume will be mounted at. Unset by default. Set it to '/bitnami/cassandra/commitlog' to enable a separate commit log volume", + "default": "" + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable init container that changes the owner and group of the persistent volume", + "default": false + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Init container volume image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "Init container volume image repository", + "default": "bitnami/os-shell" + }, + "tag": { + "type": "string", + "description": "Init container volume image tag (immutable tags are recommended)", + "default": "11-debian-11-r40" + }, + "digest": { + "type": "string", + "description": "Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "Init container volume pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Specify docker-registry secret names as an array", + "default": [], + "items": {} + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for the container", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for the container", + "default": {} + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "runAsUser": { + "type": "number", + "description": "User ID for the init container", + "default": 0 + } + } + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Start a side-car prometheus exporter", + "default": false + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Cassandra exporter image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "Cassandra exporter image name", + "default": "bitnami/cassandra-exporter" + }, + "tag": { + "type": "string", + "description": "Cassandra exporter image tag", + "default": "2.3.8-debian-11-r383" + }, + "digest": { + "type": "string", + "description": "Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "image pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Specify docker-registry secret names as an array", + "default": [], + "items": {} + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for the container", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for the container", + "default": {} + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 20 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for readinessProbe", + "default": 45 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + } + } + }, + "extraVolumeMounts": { + "type": "array", + "description": "Optionally specify extra list of additional volumeMounts for cassandra-exporter container", + "default": [], + "items": {} + }, + "podAnnotations": { + "type": "object", + "properties": { + "prometheus": { + "type": "object", + "properties": { + "io/scrape": { + "type": "string", + "description": "", + "default": "true" + }, + "io/port": { + "type": "string", + "description": "", + "default": "8080" + } + } + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)", + "default": false + }, + "namespace": { + "type": "string", + "description": "Namespace in which Prometheus is running", + "default": "monitoring" + }, + "interval": { + "type": "string", + "description": "Interval at which metrics should be scraped.", + "default": "" + }, + "scrapeTimeout": { + "type": "string", + "description": "Timeout after which the scrape is ended", + "default": "" + }, + "selector": { + "type": "object", + "description": "Prometheus instance selector labels", + "default": {} + }, + "metricRelabelings": { + "type": "array", + "description": "Specify Metric Relabelings to add to the scrape endpoint", + "default": [], + "items": {} + }, + "relabelings": { + "type": "array", + "description": "RelabelConfigs to apply to samples before scraping", + "default": [], + "items": {} + }, + "honorLabels": { + "type": "boolean", + "description": "Specify honorLabels parameter to add the scrape endpoint", + "default": false + }, + "jobLabel": { + "type": "string", + "description": "The name of the label on the target service to use as the job name in prometheus.", + "default": "" + }, + "labels": { + "type": "object", + "description": "Used to pass Labels that are required by the installed Prometheus Operator", + "default": {} + } + } + }, + "containerPorts": { + "type": "object", + "properties": { + "http": { + "type": "number", + "description": "HTTP Port on the Host and Container", + "default": 8080 + }, + "jmx": { + "type": "number", + "description": "JMX Port on the Host and Container", + "default": 5555 + } + } + }, + "hostPorts": { + "type": "object", + "properties": { + "http": { + "type": "string", + "description": "HTTP Port on the Host", + "default": "" + }, + "jmx": { + "type": "string", + "description": "JMX Port on the Host", + "default": "" + } + } + }, + "configuration": { + "type": "string", + "description": "Configure Cassandra-exporter with a custom config.yml file", + "default": "host: localhost:{{ .Values.containerPorts.jmx }}\nssl: False\nuser:\npassword:\nlistenPort: {{ .Values.metrics.containerPorts.http }}\nblacklist:\n # To profile the duration of jmx call you can start the program with the following options\n # > java -Dorg.slf4j.simpleLogger.defaultLogLevel=trace -jar cassandra_exporter.jar config.yml --oneshot\n #\n # To get intuition of what is done by cassandra when something is called you can look in cassandra\n # https://github.com/apache/cassandra/tree/trunk/src/java/org/apache/cassandra/metrics\n # Please avoid to scrape frequently those calls that are iterating over all sstables\n\n # Unaccessible metrics (not enough privilege)\n - java:lang:memorypool:.*usagethreshold.*\n\n # Leaf attributes not interesting for us but that are presents in many path\n - .*:999thpercentile\n - .*:95thpercentile\n - .*:fifteenminuterate\n - .*:fiveminuterate\n - .*:durationunit\n - .*:rateunit\n - .*:stddev\n - .*:meanrate\n - .*:mean\n - .*:min\n\n # Path present in many metrics but uninterresting\n - .*:viewlockacquiretime:.*\n - .*:viewreadtime:.*\n - .*:cas[a-z]+latency:.*\n - .*:colupdatetimedeltahistogram:.*\n\n # Mostly for RPC, do not scrap them\n - org:apache:cassandra:db:.*\n\n # columnfamily is an alias for Table metrics\n # https://github.com/apache/cassandra/blob/8b3a60b9a7dbefeecc06bace617279612ec7092d/src/java/org/apache/cassandra/metrics/TableMetrics.java#L162\n - org:apache:cassandra:metrics:columnfamily:.*\n\n # Should we export metrics for system keyspaces/tables ?\n - org:apache:cassandra:metrics:[^:]+:system[^:]*:.*\n\n # Don't scrap us\n - com:criteo:nosql:cassandra:exporter:.*\n\nmaxScrapFrequencyInSec:\n 50:\n - .*\n\n # Refresh those metrics only every hour as it is costly for cassandra to retrieve them\n 3600:\n - .*:snapshotssize:.*\n - .*:estimated.*\n - .*:totaldiskspaceused:.*\n" + } + } + }, + "tls": { + "type": "object", + "properties": { + "internodeEncryption": { + "type": "string", + "description": "Set internode encryption", + "default": "none" + }, + "clientEncryption": { + "type": "boolean", + "description": "Set client-server encryption", + "default": false + }, + "autoGenerated": { + "type": "boolean", + "description": "Generate automatically self-signed TLS certificates. Currently only supports PEM certificates", + "default": false + }, + "existingSecret": { + "type": "string", + "description": "Existing secret that contains Cassandra Keystore and truststore", + "default": "" + }, + "passwordsSecret": { + "type": "string", + "description": "Secret containing the Keystore and Truststore passwords if needed", + "default": "" + }, + "keystorePassword": { + "type": "string", + "description": "Password for the keystore, if needed.", + "default": "" + }, + "truststorePassword": { + "type": "string", + "description": "Password for the truststore, if needed.", + "default": "" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for the TLS init container", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for the TLS init container", + "default": {} + } + } + }, + "certificatesSecret": { + "type": "string", + "description": "Secret with the TLS certificates.", + "default": "" + }, + "tlsEncryptionSecretName": { + "type": "string", + "description": "Secret with the encryption of the TLS certificates", + "default": "" + } + } + } + } +} \ No newline at end of file diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 619d16182..9240a9a3a 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.3-debian-11-r24 + tag: 4.1.3-debian-11-r37 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -616,7 +616,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r40 + tag: 11-debian-11-r54 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -685,7 +685,7 @@ metrics: registry: docker.io pullPolicy: IfNotPresent repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r383 + tag: 2.3.8-debian-11-r394 digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/charts/bitnami/mysql/Chart.lock b/charts/bitnami/mysql/Chart.lock index 5a631bb03..1e78f05db 100644 --- a/charts/bitnami/mysql/Chart.lock +++ b/charts/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.9.0 -digest: sha256:416ad278a896f0e9b51d5305bef5d875c7cca6fbb64b75e1f131b04763e2aff9 -generated: "2023-08-22T14:23:05.454524+02:00" + version: 2.10.0 +digest: sha256:023ded170632d04528f30332370f34fc8fb96efb2886a01d934cb3bd6e6d2e09 +generated: "2023-09-05T11:34:55.400631+02:00" diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index 290e257e4..4af6ce813 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -36,4 +36,4 @@ maintainers: name: mysql sources: - https://github.com/bitnami/charts/tree/main/bitnami/mysql -version: 9.12.1 +version: 9.12.2 diff --git a/charts/bitnami/mysql/charts/common/Chart.yaml b/charts/bitnami/mysql/charts/common/Chart.yaml index 644d2a798..e35c2d0e7 100644 --- a/charts/bitnami/mysql/charts/common/Chart.yaml +++ b/charts/bitnami/mysql/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.9.0 +version: 2.10.0 diff --git a/charts/bitnami/mysql/charts/common/templates/_affinities.tpl b/charts/bitnami/mysql/charts/common/templates/_affinities.tpl index b77534bb9..e85b1df45 100644 --- a/charts/bitnami/mysql/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_affinities.tpl @@ -60,12 +60,13 @@ Return a topologyKey definition {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: @@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} {{- end -}} {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} @@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution: {{ $key }}: {{ $value | quote }} {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} {{- end -}} {{/* diff --git a/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl b/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl index dc15f7fdc..a8ed7637e 100644 --- a/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl @@ -11,17 +11,28 @@ Usage: {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} -{{- if .scope }} - {{- if typeIs "string" .value }} - {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} {{- else }} - {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- tpl $value .context }} {{- end }} {{- else }} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} + {{- $value }} +{{- end }} {{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} {{- end -}} diff --git a/charts/bitnami/mysql/templates/metrics-svc.yaml b/charts/bitnami/mysql/templates/metrics-svc.yaml index 39f61611e..7b49ef1b5 100644 --- a/charts/bitnami/mysql/templates/metrics-svc.yaml +++ b/charts/bitnami/mysql/templates/metrics-svc.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: metrics {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: diff --git a/charts/bitnami/mysql/templates/primary/pdb.yaml b/charts/bitnami/mysql/templates/primary/pdb.yaml index 3f99da468..91c2f7390 100644 --- a/charts/bitnami/mysql/templates/primary/pdb.yaml +++ b/charts/bitnami/mysql/templates/primary/pdb.yaml @@ -21,7 +21,7 @@ spec: {{- if .Values.primary.pdb.maxUnavailable }} maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} {{- end }} - {{- $podLabels := merge .Values.primary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: primary diff --git a/charts/bitnami/mysql/templates/primary/statefulset.yaml b/charts/bitnami/mysql/templates/primary/statefulset.yaml index 1fdce74f9..35b066228 100644 --- a/charts/bitnami/mysql/templates/primary/statefulset.yaml +++ b/charts/bitnami/mysql/templates/primary/statefulset.yaml @@ -16,7 +16,7 @@ metadata: spec: replicas: 1 podManagementPolicy: {{ .Values.primary.podManagementPolicy | quote }} - {{- $podLabels := merge .Values.primary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: primary @@ -373,7 +373,7 @@ spec: labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} app.kubernetes.io/component: primary {{- if or .Values.primary.persistence.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.primary.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.persistence.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 10 }} {{- end }} spec: diff --git a/charts/bitnami/mysql/templates/primary/svc-headless.yaml b/charts/bitnami/mysql/templates/primary/svc-headless.yaml index 5f4c03a25..7e55bade7 100644 --- a/charts/bitnami/mysql/templates/primary/svc-headless.yaml +++ b/charts/bitnami/mysql/templates/primary/svc-headless.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: primary {{- if or .Values.primary.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.primary.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -22,6 +22,6 @@ spec: - name: mysql port: {{ .Values.primary.service.ports.mysql }} targetPort: mysql - {{- $podLabels := merge .Values.primary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: primary diff --git a/charts/bitnami/mysql/templates/primary/svc.yaml b/charts/bitnami/mysql/templates/primary/svc.yaml index 2416fccec..5ecc0c199 100644 --- a/charts/bitnami/mysql/templates/primary/svc.yaml +++ b/charts/bitnami/mysql/templates/primary/svc.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: primary {{- if or .Values.primary.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.primary.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -47,6 +47,6 @@ spec: {{- if .Values.primary.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.primary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.primary.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: primary diff --git a/charts/bitnami/mysql/templates/secondary/pdb.yaml b/charts/bitnami/mysql/templates/secondary/pdb.yaml index dc75a85a1..390d15358 100644 --- a/charts/bitnami/mysql/templates/secondary/pdb.yaml +++ b/charts/bitnami/mysql/templates/secondary/pdb.yaml @@ -21,7 +21,7 @@ spec: {{- if .Values.secondary.pdb.maxUnavailable }} maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable }} {{- end }} - {{- $podLabels := merge .Values.secondary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: secondary diff --git a/charts/bitnami/mysql/templates/secondary/statefulset.yaml b/charts/bitnami/mysql/templates/secondary/statefulset.yaml index 481b6cd20..371f59c5c 100644 --- a/charts/bitnami/mysql/templates/secondary/statefulset.yaml +++ b/charts/bitnami/mysql/templates/secondary/statefulset.yaml @@ -17,7 +17,7 @@ metadata: spec: replicas: {{ .Values.secondary.replicaCount }} podManagementPolicy: {{ .Values.secondary.podManagementPolicy | quote }} - {{- $podLabels := merge .Values.secondary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: secondary @@ -353,7 +353,7 @@ spec: labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} app.kubernetes.io/component: secondary {{- if or .Values.secondary.persistence.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.secondary.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.persistence.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 10 }} {{- end }} spec: diff --git a/charts/bitnami/mysql/templates/secondary/svc-headless.yaml b/charts/bitnami/mysql/templates/secondary/svc-headless.yaml index 05d932088..067e8d638 100644 --- a/charts/bitnami/mysql/templates/secondary/svc-headless.yaml +++ b/charts/bitnami/mysql/templates/secondary/svc-headless.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: secondary {{- if or .Values.secondary.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.secondary.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -23,7 +23,7 @@ spec: - name: mysql port: {{ .Values.secondary.service.ports.mysql }} targetPort: mysql - {{- $podLabels := merge .Values.secondary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: secondary {{- end }} diff --git a/charts/bitnami/mysql/templates/secondary/svc.yaml b/charts/bitnami/mysql/templates/secondary/svc.yaml index 431a66dbc..edffd4aff 100644 --- a/charts/bitnami/mysql/templates/secondary/svc.yaml +++ b/charts/bitnami/mysql/templates/secondary/svc.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: secondary {{- if or .Values.secondary.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.secondary.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -48,7 +48,7 @@ spec: {{- if .Values.secondary.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.secondary.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.secondary.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.secondary.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: secondary {{- end }} diff --git a/charts/bitnami/mysql/templates/serviceaccount.yaml b/charts/bitnami/mysql/templates/serviceaccount.yaml index 20c8d2642..69705b5a6 100644 --- a/charts/bitnami/mysql/templates/serviceaccount.yaml +++ b/charts/bitnami/mysql/templates/serviceaccount.yaml @@ -11,7 +11,7 @@ metadata: namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} diff --git a/charts/bitnami/mysql/templates/servicemonitor.yaml b/charts/bitnami/mysql/templates/servicemonitor.yaml index 940ed3168..3390be89c 100644 --- a/charts/bitnami/mysql/templates/servicemonitor.yaml +++ b/charts/bitnami/mysql/templates/servicemonitor.yaml @@ -9,10 +9,10 @@ kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }} - {{- $labels := merge .Values.metrics.serviceMonitor.labels .Values.commonLabels }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} {{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: diff --git a/charts/bitnami/mysql/values.schema.json b/charts/bitnami/mysql/values.schema.json index df591567c..f75d785ee 100644 --- a/charts/bitnami/mysql/values.schema.json +++ b/charts/bitnami/mysql/values.schema.json @@ -1,195 +1,1670 @@ { - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MySQL architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "required": ["username", "password"], - "if": { - "properties": { - "createDatabase": { "enum": [ true ] } + "title": "Chart Values", + "type": "object", + "properties": { + "global": { + "type": "object", + "properties": { + "imageRegistry": { + "type": "string", + "description": "Global Docker image registry", + "default": "" + }, + "imagePullSecrets": { + "type": "array", + "description": "Global Docker registry secret names as an array", + "default": [], + "items": {} + }, + "storageClass": { + "type": "string", + "description": "Global StorageClass for Persistent Volume(s)", + "default": "" + } + } + }, + "kubeVersion": { + "type": "string", + "description": "Force target Kubernetes version (using Helm capabilities if not set)", + "default": "" + }, + "nameOverride": { + "type": "string", + "description": "String to partially override common.names.fullname template (will maintain the release name)", + "default": "" + }, + "fullnameOverride": { + "type": "string", + "description": "String to fully override common.names.fullname template", + "default": "" + }, + "namespaceOverride": { + "type": "string", + "description": "String to fully override common.names.namespace", + "default": "" + }, + "clusterDomain": { + "type": "string", + "description": "Cluster domain", + "default": "cluster.local" + }, + "commonAnnotations": { + "type": "object", + "description": "Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template", + "default": {} + }, + "commonLabels": { + "type": "object", + "description": "Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template", + "default": {} + }, + "extraDeploy": { + "type": "array", + "description": "Array with extra yaml to deploy with the chart. Evaluated as a template", + "default": [], + "items": {} + }, + "serviceBindings": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Create secret for service binding (Experimental)", + "default": false + } + } + }, + "diagnosticMode": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable diagnostic mode (all probes will be disabled and the command will be overridden)", + "default": false + }, + "command": { + "type": "array", + "description": "Command to override all containers in the deployment", + "default": [ + "sleep" + ], + "items": { + "type": "string" + } + }, + "args": { + "type": "array", + "description": "Args to override all containers in the deployment", + "default": [ + "infinity" + ], + "items": { + "type": "string" + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "MySQL image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "MySQL image repository", + "default": "bitnami/mysql" + }, + "tag": { + "type": "string", + "description": "MySQL image tag (immutable tags are recommended)", + "default": "8.0.34-debian-11-r31" + }, + "digest": { + "type": "string", + "description": "MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "MySQL image pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Specify docker-registry secret names as an array", + "default": [], + "items": {} + }, + "debug": { + "type": "boolean", + "description": "Specify if debug logs should be enabled", + "default": false + } + } + }, + "architecture": { + "type": "string", + "description": "MySQL architecture (`standalone` or `replication`)", + "default": "standalone" + }, + "auth": { + "type": "object", + "properties": { + "rootPassword": { + "type": "string", + "description": "Password for the `root` user. Ignored if existing secret is provided", + "default": "" + }, + "createDatabase": { + "type": "boolean", + "description": "Whether to create the .Values.auth.database or not", + "default": true + }, + "database": { + "type": "string", + "description": "Name for a custom database to create", + "default": "my_database" + }, + "username": { + "type": "string", + "description": "Name for a custom user to create", + "default": "" + }, + "password": { + "type": "string", + "description": "Password for the new user. Ignored if existing secret is provided", + "default": "" + }, + "replicationUser": { + "type": "string", + "description": "MySQL replication user", + "default": "replicator" + }, + "replicationPassword": { + "type": "string", + "description": "MySQL replication user password. Ignored if existing secret is provided", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password`", + "default": "" + }, + "usePasswordFiles": { + "type": "boolean", + "description": "Mount credentials as files instead of using an environment variable", + "default": false + }, + "customPasswordFiles": { + "type": "object", + "description": "Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication`", + "default": {} + } + } + }, + "initdbScripts": { + "type": "object", + "description": "Dictionary of initdb scripts", + "default": {} + }, + "initdbScriptsConfigMap": { + "type": "string", + "description": "ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)", + "default": "" + }, + "startdbScripts": { + "type": "object", + "description": "Dictionary of startdb scripts", + "default": {} + }, + "startdbScriptsConfigMap": { + "type": "string", + "description": "ConfigMap with the startdb scripts (Note: Overrides `startdbScripts`)", + "default": "" + }, + "primary": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the primary database (eg primary, master, leader, ...)", + "default": "primary" + }, + "command": { + "type": "array", + "description": "Override default container command on MySQL Primary container(s) (useful when using custom images)", + "default": [], + "items": {} + }, + "args": { + "type": "array", + "description": "Override default container args on MySQL Primary container(s) (useful when using custom images)", + "default": [], + "items": {} + }, + "lifecycleHooks": { + "type": "object", + "description": "for the MySQL Primary container(s) to automate configuration before or after startup", + "default": {} + }, + "hostAliases": { + "type": "array", + "description": "Deployment pod host aliases", + "default": [], + "items": {} + }, + "configuration": { + "type": "string", + "description": "Configure MySQL Primary with a custom my.cnf file", + "default": "[mysqld]\ndefault_authentication_plugin=mysql_native_password\nskip-name-resolve\nexplicit_defaults_for_timestamp\nbasedir=/opt/bitnami/mysql\nplugin_dir=/opt/bitnami/mysql/lib/plugin\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndatadir=/bitnami/mysql/data\ntmpdir=/opt/bitnami/mysql/tmp\nmax_allowed_packet=16M\nbind-address=*\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid\nlog-error=/opt/bitnami/mysql/logs/mysqld.log\ncharacter-set-server=UTF8\ncollation-server=utf8_general_ci\nslow_query_log=0\nlong_query_time=10.0\n\n[client]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndefault-character-set=UTF8\nplugin_dir=/opt/bitnami/mysql/lib/plugin\n\n[manager]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid" + }, + "existingConfigmap": { + "type": "string", + "description": "Name of existing ConfigMap with MySQL Primary configuration.", + "default": "" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Update strategy type for the MySQL primary statefulset", + "default": "RollingUpdate" + } + } + }, + "podAnnotations": { + "type": "object", + "description": "Additional pod annotations for MySQL primary pods", + "default": {} + }, + "podAffinityPreset": { + "type": "string", + "description": "MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`", + "default": "" + }, + "podAntiAffinityPreset": { + "type": "string", + "description": "MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`", + "default": "soft" + }, + "nodeAffinityPreset": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`", + "default": "" + }, + "key": { + "type": "string", + "description": "MySQL primary node label key to match Ignored if `primary.affinity` is set.", + "default": "" + }, + "values": { + "type": "array", + "description": "MySQL primary node label values to match. Ignored if `primary.affinity` is set.", + "default": [], + "items": {} + } + } + }, + "affinity": { + "type": "object", + "description": "Affinity for MySQL primary pods assignment", + "default": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for MySQL primary pods assignment", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "Tolerations for MySQL primary pods assignment", + "default": [], + "items": {} + }, + "priorityClassName": { + "type": "string", + "description": "MySQL primary pods' priorityClassName", + "default": "" + }, + "runtimeClassName": { + "type": "string", + "description": "MySQL primary pods' runtimeClassName", + "default": "" + }, + "schedulerName": { + "type": "string", + "description": "Name of the k8s scheduler (other than default)", + "default": "" + }, + "terminationGracePeriodSeconds": { + "type": "string", + "description": "In seconds, time the given to the MySQL primary pod needs to terminate gracefully", + "default": "" + }, + "topologySpreadConstraints": { + "type": "array", + "description": "Topology Spread Constraints for pod assignment", + "default": [], + "items": {} + }, + "podManagementPolicy": { + "type": "string", + "description": "podManagementPolicy to manage scaling operation of MySQL primary pods", + "default": "" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable security context for MySQL primary pods", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "Group ID for the mounted volumes' filesystem", + "default": 1001 + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "MySQL primary container securityContext", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "User ID for the MySQL primary container", + "default": 1001 + }, + "runAsNonRoot": { + "type": "boolean", + "description": "Set MySQL primary container's Security Context runAsNonRoot", + "default": true + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for MySQL primary containers", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for MySQL primary containers", + "default": {} + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable livenessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for livenessProbe", + "default": 5 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for livenessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for livenessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for livenessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for livenessProbe", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable readinessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 5 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for readinessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable startupProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for startupProbe", + "default": 15 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for startupProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for startupProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for startupProbe", + "default": 10 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for startupProbe", + "default": 1 + } + } + }, + "customLivenessProbe": { + "type": "object", + "description": "Override default liveness probe for MySQL primary containers", + "default": {} + }, + "customReadinessProbe": { + "type": "object", + "description": "Override default readiness probe for MySQL primary containers", + "default": {} + }, + "customStartupProbe": { + "type": "object", + "description": "Override default startup probe for MySQL primary containers", + "default": {} + }, + "extraFlags": { + "type": "string", + "description": "MySQL primary additional command line flags", + "default": "" + }, + "extraEnvVars": { + "type": "array", + "description": "Extra environment variables to be set on MySQL primary containers", + "default": [], + "items": {} + }, + "extraEnvVarsCM": { + "type": "string", + "description": "Name of existing ConfigMap containing extra env vars for MySQL primary containers", + "default": "" + }, + "extraEnvVarsSecret": { + "type": "string", + "description": "Name of existing Secret containing extra env vars for MySQL primary containers", + "default": "" + }, + "extraPorts": { + "type": "array", + "description": "Extra ports to expose", + "default": [], + "items": {} + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir", + "default": true + }, + "existingClaim": { + "type": "string", + "description": "Name of an existing `PersistentVolumeClaim` for MySQL primary replicas", + "default": "" + }, + "subPath": { + "type": "string", + "description": "The name of a volume's sub path to mount for persistence", + "default": "" + }, + "storageClass": { + "type": "string", + "description": "MySQL primary persistent volume storage Class", + "default": "" + }, + "annotations": { + "type": "object", + "description": "MySQL primary persistent volume claim annotations", + "default": {} + }, + "accessModes": { + "type": "array", + "description": "MySQL primary persistent volume access Modes", + "default": [ + "ReadWriteOnce" + ], + "items": { + "type": "string" + } + }, + "size": { + "type": "string", + "description": "MySQL primary persistent volume size", + "default": "8Gi" + }, + "selector": { + "type": "object", + "description": "Selector to match an existing Persistent Volume", + "default": {} + } + } + }, + "extraVolumes": { + "type": "array", + "description": "Optionally specify extra list of additional volumes to the MySQL Primary pod(s)", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s)", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "Add additional init containers for the MySQL Primary pod(s)", + "default": [], + "items": {} + }, + "sidecars": { + "type": "array", + "description": "Add additional sidecar containers for the MySQL Primary pod(s)", + "default": [], + "items": {} + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "MySQL Primary K8s service type", + "default": "ClusterIP" + }, + "ports": { + "type": "object", + "properties": { + "mysql": { + "type": "number", + "description": "MySQL Primary K8s service port", + "default": 3306 + } + } + }, + "nodePorts": { + "type": "object", + "properties": { + "mysql": { + "type": "string", + "description": "MySQL Primary K8s service node port", + "default": "" + } + } + }, + "clusterIP": { + "type": "string", + "description": "MySQL Primary K8s service clusterIP IP", + "default": "" + }, + "loadBalancerIP": { + "type": "string", + "description": "MySQL Primary loadBalancerIP if service type is `LoadBalancer`", + "default": "" + }, + "externalTrafficPolicy": { + "type": "string", + "description": "Enable client source IP preservation", + "default": "Cluster" + }, + "loadBalancerSourceRanges": { + "type": "array", + "description": "Addresses that are allowed when MySQL Primary service is LoadBalancer", + "default": [], + "items": {} + }, + "extraPorts": { + "type": "array", + "description": "Extra ports to expose (normally used with the `sidecar` value)", + "default": [], + "items": {} + }, + "annotations": { + "type": "object", + "description": "Additional custom annotations for MySQL primary service", + "default": {} + }, + "sessionAffinity": { + "type": "string", + "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", + "default": "None" + }, + "sessionAffinityConfig": { + "type": "object", + "description": "Additional settings for the sessionAffinity", + "default": {} + }, + "headless": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "Additional custom annotations for headless MySQL primary service.", + "default": {} + } + } + } + } + }, + "pdb": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Enable/disable a Pod Disruption Budget creation for MySQL primary pods", + "default": false + }, + "minAvailable": { + "type": "number", + "description": "Minimum number/percentage of MySQL primary pods that should remain scheduled", + "default": 1 + }, + "maxUnavailable": { + "type": "string", + "description": "Maximum number/percentage of MySQL primary pods that may be made unavailable", + "default": "" + } + } + }, + "podLabels": { + "type": "object", + "description": "MySQL Primary pod label. If labels are same as commonLabels , this will take precedence", + "default": {} + } + } + }, + "secondary": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the secondary database (eg secondary, slave, ...)", + "default": "secondary" + }, + "replicaCount": { + "type": "number", + "description": "Number of MySQL secondary replicas", + "default": 1 + }, + "hostAliases": { + "type": "array", + "description": "Deployment pod host aliases", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "Override default container command on MySQL Secondary container(s) (useful when using custom images)", + "default": [], + "items": {} + }, + "args": { + "type": "array", + "description": "Override default container args on MySQL Secondary container(s) (useful when using custom images)", + "default": [], + "items": {} + }, + "lifecycleHooks": { + "type": "object", + "description": "for the MySQL Secondary container(s) to automate configuration before or after startup", + "default": {} + }, + "configuration": { + "type": "string", + "description": "Configure MySQL Secondary with a custom my.cnf file", + "default": "[mysqld]\ndefault_authentication_plugin=mysql_native_password\nskip-name-resolve\nexplicit_defaults_for_timestamp\nbasedir=/opt/bitnami/mysql\nplugin_dir=/opt/bitnami/mysql/lib/plugin\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndatadir=/bitnami/mysql/data\ntmpdir=/opt/bitnami/mysql/tmp\nmax_allowed_packet=16M\nbind-address=*\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid\nlog-error=/opt/bitnami/mysql/logs/mysqld.log\ncharacter-set-server=UTF8\ncollation-server=utf8_general_ci\nslow_query_log=0\nlong_query_time=10.0\n\n[client]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndefault-character-set=UTF8\nplugin_dir=/opt/bitnami/mysql/lib/plugin\n\n[manager]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid" + }, + "existingConfigmap": { + "type": "string", + "description": "Name of existing ConfigMap with MySQL Secondary configuration.", + "default": "" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Update strategy type for the MySQL secondary statefulset", + "default": "RollingUpdate" + } + } + }, + "podAnnotations": { + "type": "object", + "description": "Additional pod annotations for MySQL secondary pods", + "default": {} + }, + "podAffinityPreset": { + "type": "string", + "description": "MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard`", + "default": "" + }, + "podAntiAffinityPreset": { + "type": "string", + "description": "MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard`", + "default": "soft" + }, + "nodeAffinityPreset": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard`", + "default": "" + }, + "key": { + "type": "string", + "description": "MySQL secondary node label key to match Ignored if `secondary.affinity` is set.", + "default": "" + }, + "values": { + "type": "array", + "description": "MySQL secondary node label values to match. Ignored if `secondary.affinity` is set.", + "default": [], + "items": {} + } + } + }, + "affinity": { + "type": "object", + "description": "Affinity for MySQL secondary pods assignment", + "default": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for MySQL secondary pods assignment", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "Tolerations for MySQL secondary pods assignment", + "default": [], + "items": {} + }, + "priorityClassName": { + "type": "string", + "description": "MySQL secondary pods' priorityClassName", + "default": "" + }, + "runtimeClassName": { + "type": "string", + "description": "MySQL secondary pods' runtimeClassName", + "default": "" + }, + "schedulerName": { + "type": "string", + "description": "Name of the k8s scheduler (other than default)", + "default": "" + }, + "terminationGracePeriodSeconds": { + "type": "string", + "description": "In seconds, time the given to the MySQL secondary pod needs to terminate gracefully", + "default": "" + }, + "topologySpreadConstraints": { + "type": "array", + "description": "Topology Spread Constraints for pod assignment", + "default": [], + "items": {} + }, + "podManagementPolicy": { + "type": "string", + "description": "podManagementPolicy to manage scaling operation of MySQL secondary pods", + "default": "" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable security context for MySQL secondary pods", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "Group ID for the mounted volumes' filesystem", + "default": 1001 + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "MySQL secondary container securityContext", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "User ID for the MySQL secondary container", + "default": 1001 + }, + "runAsNonRoot": { + "type": "boolean", + "description": "Set MySQL secondary container's Security Context runAsNonRoot", + "default": true + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for MySQL secondary containers", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for MySQL secondary containers", + "default": {} + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable livenessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for livenessProbe", + "default": 5 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for livenessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for livenessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for livenessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for livenessProbe", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable readinessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 5 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for readinessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable startupProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for startupProbe", + "default": 15 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for startupProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for startupProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for startupProbe", + "default": 15 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for startupProbe", + "default": 1 + } + } + }, + "customLivenessProbe": { + "type": "object", + "description": "Override default liveness probe for MySQL secondary containers", + "default": {} + }, + "customReadinessProbe": { + "type": "object", + "description": "Override default readiness probe for MySQL secondary containers", + "default": {} + }, + "customStartupProbe": { + "type": "object", + "description": "Override default startup probe for MySQL secondary containers", + "default": {} + }, + "extraFlags": { + "type": "string", + "description": "MySQL secondary additional command line flags", + "default": "" + }, + "extraEnvVars": { + "type": "array", + "description": "An array to add extra environment variables on MySQL secondary containers", + "default": [], + "items": {} + }, + "extraEnvVarsCM": { + "type": "string", + "description": "Name of existing ConfigMap containing extra env vars for MySQL secondary containers", + "default": "" + }, + "extraEnvVarsSecret": { + "type": "string", + "description": "Name of existing Secret containing extra env vars for MySQL secondary containers", + "default": "" + }, + "extraPorts": { + "type": "array", + "description": "Extra ports to expose", + "default": [], + "items": {} + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim`", + "default": true + }, + "existingClaim": { + "type": "string", + "description": "Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas", + "default": "" + }, + "subPath": { + "type": "string", + "description": "The name of a volume's sub path to mount for persistence", + "default": "" + }, + "storageClass": { + "type": "string", + "description": "MySQL secondary persistent volume storage Class", + "default": "" + }, + "annotations": { + "type": "object", + "description": "MySQL secondary persistent volume claim annotations", + "default": {} + }, + "accessModes": { + "type": "array", + "description": "MySQL secondary persistent volume access Modes", + "default": [ + "ReadWriteOnce" + ], + "items": { + "type": "string" + } + }, + "size": { + "type": "string", + "description": "MySQL secondary persistent volume size", + "default": "8Gi" + }, + "selector": { + "type": "object", + "description": "Selector to match an existing Persistent Volume", + "default": {} + } + } + }, + "extraVolumes": { + "type": "array", + "description": "Optionally specify extra list of additional volumes to the MySQL secondary pod(s)", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s)", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "Add additional init containers for the MySQL secondary pod(s)", + "default": [], + "items": {} + }, + "sidecars": { + "type": "array", + "description": "Add additional sidecar containers for the MySQL secondary pod(s)", + "default": [], + "items": {} + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "MySQL secondary Kubernetes service type", + "default": "ClusterIP" + }, + "ports": { + "type": "object", + "properties": { + "mysql": { + "type": "number", + "description": "MySQL secondary Kubernetes service port", + "default": 3306 + } + } + }, + "nodePorts": { + "type": "object", + "properties": { + "mysql": { + "type": "string", + "description": "MySQL secondary Kubernetes service node port", + "default": "" + } + } + }, + "clusterIP": { + "type": "string", + "description": "MySQL secondary Kubernetes service clusterIP IP", + "default": "" + }, + "loadBalancerIP": { + "type": "string", + "description": "MySQL secondary loadBalancerIP if service type is `LoadBalancer`", + "default": "" + }, + "externalTrafficPolicy": { + "type": "string", + "description": "Enable client source IP preservation", + "default": "Cluster" + }, + "loadBalancerSourceRanges": { + "type": "array", + "description": "Addresses that are allowed when MySQL secondary service is LoadBalancer", + "default": [], + "items": {} + }, + "extraPorts": { + "type": "array", + "description": "Extra ports to expose (normally used with the `sidecar` value)", + "default": [], + "items": {} + }, + "annotations": { + "type": "object", + "description": "Additional custom annotations for MySQL secondary service", + "default": {} + }, + "sessionAffinity": { + "type": "string", + "description": "Session Affinity for Kubernetes service, can be \"None\" or \"ClientIP\"", + "default": "None" + }, + "sessionAffinityConfig": { + "type": "object", + "description": "Additional settings for the sessionAffinity", + "default": {} + }, + "headless": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "Additional custom annotations for headless MySQL secondary service.", + "default": {} + } + } + } + } + }, + "pdb": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Enable/disable a Pod Disruption Budget creation for MySQL secondary pods", + "default": false + }, + "minAvailable": { + "type": "number", + "description": "Minimum number/percentage of MySQL secondary pods that should remain scheduled", + "default": 1 + }, + "maxUnavailable": { + "type": "string", + "description": "Maximum number/percentage of MySQL secondary pods that may be made unavailable", + "default": "" + } + } + }, + "podLabels": { + "type": "object", + "description": "Additional pod labels for MySQL secondary pods", + "default": {} + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Enable the creation of a ServiceAccount for MySQL pods", + "default": true + }, + "name": { + "type": "string", + "description": "Name of the created ServiceAccount", + "default": "" + }, + "annotations": { + "type": "object", + "description": "Annotations for MySQL Service Account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "Automount service account token for the server service account", + "default": true + } + } + }, + "rbac": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Whether to create & use RBAC resources or not", + "default": false + }, + "rules": { + "type": "array", + "description": "Custom RBAC rules to set", + "default": [], + "items": {} + } + } + }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable creation of NetworkPolicy resources", + "default": false + }, + "allowExternal": { + "type": "boolean", + "description": "The Policy model to apply.", + "default": true + }, + "explicitNamespacesSelector": { + "type": "object", + "description": "A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL", + "default": {} + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`", + "default": false + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Init container volume-permissions image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "Init container volume-permissions image repository", + "default": "bitnami/os-shell" + }, + "tag": { + "type": "string", + "description": "Init container volume-permissions image tag (immutable tags are recommended)", + "default": "11-debian-11-r43" + }, + "digest": { + "type": "string", + "description": "Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "Init container volume-permissions image pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Specify docker-registry secret names as an array", + "default": [], + "items": {} + } + } + }, + "resources": { + "type": "object", + "description": "Init container volume-permissions resources", + "default": {} + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Start a side-car prometheus exporter", + "default": false + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Exporter image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "Exporter image repository", + "default": "bitnami/mysqld-exporter" + }, + "tag": { + "type": "string", + "description": "Exporter image tag (immutable tags are recommended)", + "default": "0.15.0-debian-11-r24" + }, + "digest": { + "type": "string", + "description": "Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "Exporter image pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Specify docker-registry secret names as an array", + "default": [], + "items": {} + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "MySQL metrics container securityContext", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "User ID for the MySQL metrics container", + "default": 1001 + }, + "runAsNonRoot": { + "type": "boolean", + "description": "Set MySQL metrics container's Security Context runAsNonRoot", + "default": true + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Kubernetes service type for MySQL Prometheus Exporter", + "default": "ClusterIP" + }, + "clusterIP": { + "type": "string", + "description": "Kubernetes service clusterIP for MySQL Prometheus Exporter", + "default": "" + }, + "port": { + "type": "number", + "description": "MySQL Prometheus Exporter service port", + "default": 9104 + }, + "annotations": { + "type": "object", + "properties": { + "prometheus": { + "type": "object", + "properties": { + "io/scrape": { + "type": "string", + "description": "", + "default": "true" + }, + "io/port": { + "type": "string", + "description": "", + "default": "{{ .Values.metrics.service.port }}" + } + } + } + } + } + } + }, + "extraArgs": { + "type": "object", + "properties": { + "primary": { + "type": "array", + "description": "Extra args to be passed to mysqld_exporter on Primary pods", + "default": [], + "items": {} + }, + "secondary": { + "type": "array", + "description": "Extra args to be passed to mysqld_exporter on Secondary pods", + "default": [], + "items": {} + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "description": "The resources limits for MySQL prometheus exporter containers", + "default": {} + }, + "requests": { + "type": "object", + "description": "The requested resources for MySQL prometheus exporter containers", + "default": {} + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable livenessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for livenessProbe", + "default": 120 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for livenessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for livenessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for livenessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for livenessProbe", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable readinessProbe", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for readinessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Create ServiceMonitor Resource for scraping metrics using PrometheusOperator", + "default": false + }, + "namespace": { + "type": "string", + "description": "Specify the namespace in which the serviceMonitor resource will be created", + "default": "" + }, + "jobLabel": { + "type": "string", + "description": "The name of the label on the target service to use as the job name in prometheus.", + "default": "" + }, + "interval": { + "type": "string", + "description": "Specify the interval at which metrics should be scraped", + "default": "30s" + }, + "scrapeTimeout": { + "type": "string", + "description": "Specify the timeout after which the scrape is ended", + "default": "" + }, + "relabelings": { + "type": "array", + "description": "RelabelConfigs to apply to samples before scraping", + "default": [], + "items": {} + }, + "metricRelabelings": { + "type": "array", + "description": "MetricRelabelConfigs to apply to samples before ingestion", + "default": [], + "items": {} + }, + "selector": { + "type": "object", + "description": "ServiceMonitor selector labels", + "default": {} + }, + "honorLabels": { + "type": "boolean", + "description": "Specify honorLabels parameter to add the scrape endpoint", + "default": false + }, + "labels": { + "type": "object", + "description": "Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with", + "default": {} + }, + "annotations": { + "type": "object", + "description": "ServiceMonitor annotations", + "default": {} + } + } + }, + "prometheusRule": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Creates a Prometheus Operator prometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)", + "default": false + }, + "namespace": { + "type": "string", + "description": "Namespace for the prometheusRule Resource (defaults to the Release Namespace)", + "default": "" + }, + "additionalLabels": { + "type": "object", + "description": "Additional labels that can be used so prometheusRule will be discovered by Prometheus", + "default": {} + }, + "rules": { + "type": "array", + "description": "Prometheus Rule definitions", + "default": [], + "items": {} + } + } + } + } } - }, - "then": { - "properties": { - "database": { - "pattern": "[a-zA-Z0-9]{1,64}" - } - } - }, - "properties": { - "rootPassword": { - "type": "string", - "title": "MySQL root password", - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "database": { - "type": "string", - "title": "MySQL custom database name", - "maxLength": 64 - }, - "username": { - "type": "string", - "title": "MySQL custom username" - }, - "password": { - "type": "string", - "title": "MySQL custom password" - }, - "replicationUser": { - "type": "string", - "title": "MySQL replication username" - }, - "replicationPassword": { - "type": "string", - "title": "MySQL replication password" - }, - "createDatabase": { - "type": "boolean", - "title": "MySQL create custom database" - } - } - }, - "primary": { - "type": "object", - "title": "Primary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL primary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL primary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "primary/persistence/enabled" - } - } - } - } - } - }, - "secondary": { - "type": "object", - "title": "Secondary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL secondary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL secondary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "secondary/persistence/enabled" - } - } - } - } - } } - } -} +} \ No newline at end of file diff --git a/charts/bitnami/redis/Chart.lock b/charts/bitnami/redis/Chart.lock index d30db98a5..ef686f92b 100644 --- a/charts/bitnami/redis/Chart.lock +++ b/charts/bitnami/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.9.0 -digest: sha256:416ad278a896f0e9b51d5305bef5d875c7cca6fbb64b75e1f131b04763e2aff9 -generated: "2023-08-22T14:31:05.788165+02:00" + version: 2.10.0 +digest: sha256:023ded170632d04528f30332370f34fc8fb96efb2886a01d934cb3bd6e6d2e09 +generated: "2023-09-05T11:35:55.621686+02:00" diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index d801aa272..2fd84a8f9 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -6,16 +6,16 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r48 + image: docker.io/bitnami/os-shell:11-debian-11-r60 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.52.0-debian-11-r25 + image: docker.io/bitnami/redis-exporter:1.54.0-debian-11-r0 - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.2.0-debian-11-r0 + image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r0 - name: redis - image: docker.io/bitnami/redis:7.2.0-debian-11-r0 + image: docker.io/bitnami/redis:7.2.1-debian-11-r0 licenses: Apache-2.0 apiVersion: v2 -appVersion: 7.2.0 +appVersion: 7.2.1 dependencies: - name: common repository: file://./charts/common @@ -37,4 +37,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.0.2 +version: 18.0.4 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index 9db7246b5..1c807c8cf 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -101,7 +101,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- | | `image.registry` | Redis® image registry | `docker.io` | | `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.2.0-debian-11-r0` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.2.1-debian-11-r0` | | `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | | `image.pullSecrets` | Redis® image pull secrets | `[]` | @@ -347,7 +347,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.2.0-debian-11-r0` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r0` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -471,7 +471,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.52.0-debian-11-r25` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.54.0-debian-11-r0` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -544,7 +544,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r48` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r60` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -554,7 +554,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | OS Shell + Utility image registry | `docker.io` | | `sysctl.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r48` | +| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r60` | | `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -982,4 +982,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/charts/bitnami/redis/charts/common/Chart.yaml b/charts/bitnami/redis/charts/common/Chart.yaml index 644d2a798..e35c2d0e7 100644 --- a/charts/bitnami/redis/charts/common/Chart.yaml +++ b/charts/bitnami/redis/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.9.0 +appVersion: 2.9.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.9.0 +version: 2.10.0 diff --git a/charts/bitnami/redis/charts/common/templates/_affinities.tpl b/charts/bitnami/redis/charts/common/templates/_affinities.tpl index b77534bb9..e85b1df45 100644 --- a/charts/bitnami/redis/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/redis/charts/common/templates/_affinities.tpl @@ -60,12 +60,13 @@ Return a topologyKey definition {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: @@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} {{- end -}} {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} @@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution: {{ $key }}: {{ $value | quote }} {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} {{- end -}} {{/* diff --git a/charts/bitnami/redis/charts/common/templates/_tplvalues.tpl b/charts/bitnami/redis/charts/common/templates/_tplvalues.tpl index dc15f7fdc..a8ed7637e 100644 --- a/charts/bitnami/redis/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/redis/charts/common/templates/_tplvalues.tpl @@ -11,17 +11,28 @@ Usage: {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} -{{- if .scope }} - {{- if typeIs "string" .value }} - {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} {{- else }} - {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- tpl $value .context }} {{- end }} {{- else }} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} + {{- $value }} +{{- end }} {{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} {{- end -}} diff --git a/charts/bitnami/redis/templates/headless-svc.yaml b/charts/bitnami/redis/templates/headless-svc.yaml index 0dab3b63f..bd6121dee 100644 --- a/charts/bitnami/redis/templates/headless-svc.yaml +++ b/charts/bitnami/redis/templates/headless-svc.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} annotations: {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.sentinel.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} {{- include "redis.externalDNS.annotations" . | nindent 4 }} diff --git a/charts/bitnami/redis/templates/master/application.yaml b/charts/bitnami/redis/templates/master/application.yaml index 3d5de1c09..4b10b80db 100644 --- a/charts/bitnami/redis/templates/master/application.yaml +++ b/charts/bitnami/redis/templates/master/application.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.master.count }} - {{- $podLabels := merge .Values.master.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: master @@ -498,7 +498,7 @@ spec: kind: PersistentVolumeClaim metadata: name: redis-data - {{- $claimLabels := merge .Values.master.persistence.labels .Values.commonLabels }} + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} app.kubernetes.io/component: master {{- if .Values.master.persistence.annotations }} diff --git a/charts/bitnami/redis/templates/master/pvc.yaml b/charts/bitnami/redis/templates/master/pvc.yaml index f5ee385a8..5c60d0694 100644 --- a/charts/bitnami/redis/templates/master/pvc.yaml +++ b/charts/bitnami/redis/templates/master/pvc.yaml @@ -9,7 +9,7 @@ apiVersion: v1 metadata: name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} namespace: {{ .Release.Namespace | quote }} - {{- $labels := merge .Values.master.persistence.labels .Values.commonLabels }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: master {{- if .Values.master.persistence.annotations }} diff --git a/charts/bitnami/redis/templates/master/service.yaml b/charts/bitnami/redis/templates/master/service.yaml index 144cf9131..091e97fe7 100644 --- a/charts/bitnami/redis/templates/master/service.yaml +++ b/charts/bitnami/redis/templates/master/service.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: master {{- if or .Values.master.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.master.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -53,7 +53,7 @@ spec: {{- if .Values.master.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.master.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: master {{- end }} diff --git a/charts/bitnami/redis/templates/master/serviceaccount.yaml b/charts/bitnami/redis/templates/master/serviceaccount.yaml index 2b0d749b9..bb6c42aee 100644 --- a/charts/bitnami/redis/templates/master/serviceaccount.yaml +++ b/charts/bitnami/redis/templates/master/serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.master.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/redis/templates/metrics-svc.yaml b/charts/bitnami/redis/templates/metrics-svc.yaml index 7fd7f36e0..7d1d683dc 100644 --- a/charts/bitnami/redis/templates/metrics-svc.yaml +++ b/charts/bitnami/redis/templates/metrics-svc.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: metrics {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: diff --git a/charts/bitnami/redis/templates/replicas/service.yaml b/charts/bitnami/redis/templates/replicas/service.yaml index 7a0e070ed..415771b64 100644 --- a/charts/bitnami/redis/templates/replicas/service.yaml +++ b/charts/bitnami/redis/templates/replicas/service.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: replica {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.replica.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -50,7 +50,7 @@ spec: {{- if .Values.replica.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.replica.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: replica {{- end }} diff --git a/charts/bitnami/redis/templates/replicas/serviceaccount.yaml b/charts/bitnami/redis/templates/replicas/serviceaccount.yaml index 695115071..616e8bc87 100644 --- a/charts/bitnami/redis/templates/replicas/serviceaccount.yaml +++ b/charts/bitnami/redis/templates/replicas/serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.replica.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/redis/templates/replicas/statefulset.yaml b/charts/bitnami/redis/templates/replicas/statefulset.yaml index 9690765ec..e7a927327 100644 --- a/charts/bitnami/redis/templates/replicas/statefulset.yaml +++ b/charts/bitnami/redis/templates/replicas/statefulset.yaml @@ -18,7 +18,7 @@ spec: {{- if not .Values.replica.autoscaling.enabled }} replicas: {{ .Values.replica.replicaCount }} {{- end }} - {{- $podLabels := merge .Values.replica.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: replica @@ -495,7 +495,7 @@ spec: kind: PersistentVolumeClaim metadata: name: redis-data - {{- $claimLabels := merge .Values.master.persistence.labels .Values.commonLabels }} + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} app.kubernetes.io/component: replica {{- if .Values.replica.persistence.annotations }} diff --git a/charts/bitnami/redis/templates/sentinel/node-services.yaml b/charts/bitnami/redis/templates/sentinel/node-services.yaml index 924ee39ac..721185bcb 100644 --- a/charts/bitnami/redis/templates/sentinel/node-services.yaml +++ b/charts/bitnami/redis/templates/sentinel/node-services.yaml @@ -24,7 +24,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: node {{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }} - {{- $annotations := merge $.Values.sentinel.service.annotations $.Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.sentinel.service.annotations $.Values.commonAnnotations ) "context" $ ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: diff --git a/charts/bitnami/redis/templates/sentinel/service.yaml b/charts/bitnami/redis/templates/sentinel/service.yaml index 1a8631b20..18126f4ef 100644 --- a/charts/bitnami/redis/templates/sentinel/service.yaml +++ b/charts/bitnami/redis/templates/sentinel/service.yaml @@ -23,7 +23,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: node {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.sentinel.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -94,7 +94,7 @@ spec: {{- if .Values.sentinel.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.replica.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: node {{- end }} diff --git a/charts/bitnami/redis/templates/sentinel/statefulset.yaml b/charts/bitnami/redis/templates/sentinel/statefulset.yaml index 342950bb8..12a750e0e 100644 --- a/charts/bitnami/redis/templates/sentinel/statefulset.yaml +++ b/charts/bitnami/redis/templates/sentinel/statefulset.yaml @@ -13,12 +13,12 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: node {{- if or .Values.commonAnnotations .Values.sentinel.annotations }} - {{- $annotations := merge .Values.sentinel.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: replicas: {{ .Values.replica.replicaCount }} - {{- $podLabels := merge .Values.replica.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: node @@ -751,7 +751,7 @@ spec: {{- if .Values.sentinel.persistence.enabled }} - metadata: name: sentinel-data - {{- $claimLabels := merge .Values.sentinel.persistence.labels .Values.commonLabels }} + {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.persistence.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} app.kubernetes.io/component: node {{- if .Values.sentinel.persistence.annotations }} diff --git a/charts/bitnami/redis/templates/serviceaccount.yaml b/charts/bitnami/redis/templates/serviceaccount.yaml index 74f8f6524..4306b3e85 100644 --- a/charts/bitnami/redis/templates/serviceaccount.yaml +++ b/charts/bitnami/redis/templates/serviceaccount.yaml @@ -12,7 +12,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - {{- $annotations := merge .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index 1ed7b8455..410b1a75d 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -91,7 +91,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.2.0-debian-11-r0 + tag: 7.2.1-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1036,7 +1036,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.2.0-debian-11-r0 + tag: 7.2.1-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1493,7 +1493,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.52.0-debian-11-r25 + tag: 1.54.0-debian-11-r0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1767,7 +1767,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r48 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1815,7 +1815,7 @@ sysctl: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r48 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/zookeeper/Chart.lock b/charts/bitnami/zookeeper/Chart.lock index 9c54bcfb7..f54586cc7 100644 --- a/charts/bitnami/zookeeper/Chart.lock +++ b/charts/bitnami/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.9.2 -digest: sha256:0d1ed3ab5c6a7e3ab3bfaea47851d574aae674797326572c51719718026e1f63 -generated: "2023-08-31T16:47:39.182152921Z" + version: 2.10.0 +digest: sha256:023ded170632d04528f30332370f34fc8fb96efb2886a01d934cb3bd6e6d2e09 +generated: "2023-09-05T11:24:06.99508+02:00" diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index 65eda9e34..2aa5a99c2 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -30,4 +30,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 12.1.2 +version: 12.1.3 diff --git a/charts/bitnami/zookeeper/charts/common/Chart.yaml b/charts/bitnami/zookeeper/charts/common/Chart.yaml index 67e9a92ce..e35c2d0e7 100644 --- a/charts/bitnami/zookeeper/charts/common/Chart.yaml +++ b/charts/bitnami/zookeeper/charts/common/Chart.yaml @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.9.2 +version: 2.10.0 diff --git a/charts/bitnami/zookeeper/charts/common/templates/_tplvalues.tpl b/charts/bitnami/zookeeper/charts/common/templates/_tplvalues.tpl index edf99392c..a8ed7637e 100644 --- a/charts/bitnami/zookeeper/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/zookeeper/charts/common/templates/_tplvalues.tpl @@ -22,3 +22,17 @@ Usage: {{- $value }} {{- end }} {{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/charts/bitnami/zookeeper/templates/metrics-svc.yaml b/charts/bitnami/zookeeper/templates/metrics-svc.yaml index adc35c397..f66557c39 100644 --- a/charts/bitnami/zookeeper/templates/metrics-svc.yaml +++ b/charts/bitnami/zookeeper/templates/metrics-svc.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: metrics {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - {{- $annotations := merge .Values.metrics.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -21,7 +21,7 @@ spec: - name: tcp-metrics port: {{ .Values.metrics.service.port }} targetPort: metrics - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: zookeeper {{- end }} diff --git a/charts/bitnami/zookeeper/templates/networkpolicy.yaml b/charts/bitnami/zookeeper/templates/networkpolicy.yaml index 4165e4a60..34d36f971 100644 --- a/charts/bitnami/zookeeper/templates/networkpolicy.yaml +++ b/charts/bitnami/zookeeper/templates/networkpolicy.yaml @@ -14,7 +14,7 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} podSelector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} policyTypes: diff --git a/charts/bitnami/zookeeper/templates/pdb.yaml b/charts/bitnami/zookeeper/templates/pdb.yaml index d657c9c5e..27b7bdcb2 100644 --- a/charts/bitnami/zookeeper/templates/pdb.yaml +++ b/charts/bitnami/zookeeper/templates/pdb.yaml @@ -22,7 +22,7 @@ spec: {{- if .Values.pdb.maxUnavailable }} maxUnavailable: {{ .Values.pdb.maxUnavailable }} {{- end }} - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: zookeeper diff --git a/charts/bitnami/zookeeper/templates/serviceaccount.yaml b/charts/bitnami/zookeeper/templates/serviceaccount.yaml index f6113b9af..8e6d79cdd 100644 --- a/charts/bitnami/zookeeper/templates/serviceaccount.yaml +++ b/charts/bitnami/zookeeper/templates/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: app.kubernetes.io/component: zookeeper role: zookeeper {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - {{- $annotations := merge .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} diff --git a/charts/bitnami/zookeeper/templates/statefulset.yaml b/charts/bitnami/zookeeper/templates/statefulset.yaml index 1d91580c2..9c9b5dfcf 100644 --- a/charts/bitnami/zookeeper/templates/statefulset.yaml +++ b/charts/bitnami/zookeeper/templates/statefulset.yaml @@ -17,7 +17,7 @@ metadata: spec: replicas: {{ .Values.replicaCount }} podManagementPolicy: {{ .Values.podManagementPolicy }} - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: zookeeper diff --git a/charts/bitnami/zookeeper/templates/svc-headless.yaml b/charts/bitnami/zookeeper/templates/svc-headless.yaml index 611b84ab3..d571b0af4 100644 --- a/charts/bitnami/zookeeper/templates/svc-headless.yaml +++ b/charts/bitnami/zookeeper/templates/svc-headless.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: zookeeper {{- if or .Values.commonAnnotations .Values.service.headless.annotations }} - {{- $annotations := merge .Values.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -35,6 +35,6 @@ spec: - name: tcp-election port: {{ .Values.service.ports.election }} targetPort: election - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: zookeeper diff --git a/charts/bitnami/zookeeper/templates/svc.yaml b/charts/bitnami/zookeeper/templates/svc.yaml index 2a894767f..bfa8b928e 100644 --- a/charts/bitnami/zookeeper/templates/svc.yaml +++ b/charts/bitnami/zookeeper/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: zookeeper {{- if or .Values.commonAnnotations .Values.service.annotations }} - {{- $annotations := merge .Values.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: @@ -64,6 +64,6 @@ spec: {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} - {{- $podLabels := merge .Values.podLabels .Values.commonLabels }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: zookeeper diff --git a/charts/cert-manager/cert-manager/Chart.yaml b/charts/cert-manager/cert-manager/Chart.yaml index 941e4cb5c..4375e3898 100644 --- a/charts/cert-manager/cert-manager/Chart.yaml +++ b/charts/cert-manager/cert-manager/Chart.yaml @@ -1,4 +1,5 @@ annotations: + artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "false" artifacthub.io/signKey: | fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E @@ -9,7 +10,7 @@ annotations: catalog.cattle.io/namespace: cert-manager catalog.cattle.io/release-name: cert-manager apiVersion: v1 -appVersion: v1.12.4 +appVersion: v1.13.0 description: A Helm chart for cert-manager home: https://github.com/cert-manager/cert-manager icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png @@ -26,4 +27,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.12.4 +version: v1.13.0 diff --git a/charts/cert-manager/cert-manager/README.md b/charts/cert-manager/cert-manager/README.md index 678da960a..0fbc308d6 100644 --- a/charts/cert-manager/cert-manager/README.md +++ b/charts/cert-manager/cert-manager/README.md @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.crds.yaml ``` To install the chart with the release name `my-release`: @@ -29,7 +29,7 @@ To install the chart with the release name `my-release`: $ helm repo add jetstack https://charts.jetstack.io ## Install the cert-manager helm chart -$ helm install my-release --namespace cert-manager --version v1.12.4 jetstack/cert-manager +$ helm install my-release --namespace cert-manager --version v1.13.0 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.crds.yaml ``` ## Configuration @@ -86,7 +86,7 @@ The following table lists the configurable parameters of the cert-manager chart | `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | | | `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` | | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v1.12.4` | +| `image.tag` | Image tag | `v1.13.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicaCount` | Number of cert-manager replicas | `1` | | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod | @@ -142,6 +142,8 @@ The following table lists the configurable parameters of the cert-manager chart | `dns01RecursiveNameservers` | Comma separated string with host and port of the recursive nameservers cert-manager should query | `` | | `dns01RecursiveNameserversOnly` | Forces cert-manager to only use the recursive nameservers for verification. | `false` | | `enableCertificateOwnerRef` | When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted | `false` | +| `config` | ControllerConfiguration YAML used to configure flags for the controller. Generates a ConfigMap containing contents of the field. See `values.yaml` for example. | `{}` | +| `enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | | `webhook.replicaCount` | Number of cert-manager webhook replicas | `1` | | `webhook.timeoutSeconds` | Seconds the API server should wait the webhook to respond before treating the call as a failure. | `10` | | `webhook.podAnnotations` | Annotations to add to the webhook pods | `{}` | @@ -169,7 +171,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` | | `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` | | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v1.12.4` | +| `webhook.image.tag` | Webhook image tag | `v1.13.0` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | | `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` | | `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -188,6 +190,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.readinessProbe.periodSeconds` | The readiness probe period (in seconds) | `5` | | `webhook.readinessProbe.successThreshold` | The readiness probe success threshold | `1` | | `webhook.readinessProbe.timeoutSeconds` | The readiness probe timeout (in seconds) | `1` | +| `webhook.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | | `cainjector.enabled` | Toggles whether the cainjector component should be installed (required for the webhook component to work) | `true` | | `cainjector.replicaCount` | Number of cert-manager cainjector replicas | `1` | | `cainjector.podAnnotations` | Annotations to add to the cainjector pods | `{}` | @@ -207,12 +210,13 @@ The following table lists the configurable parameters of the cert-manager chart | `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` | | `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` | | `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` | -| `cainjector.image.tag` | cainjector image tag | `v1.12.4` | +| `cainjector.image.tag` | cainjector image tag | `v1.13.0` | | `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` | | `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) | | `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) | +| `cainjector.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | | `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` | -| `acmesolver.image.tag` | acmesolver image tag | `v1.12.4` | +| `acmesolver.image.tag` | acmesolver image tag | `v1.13.0` | | `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` | | `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` | | `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -228,12 +232,13 @@ The following table lists the configurable parameters of the cert-manager chart | `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` | | `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` | | `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` | -| `startupapicheck.image.tag` | startupapicheck image tag | `v1.12.4` | +| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.0` | | `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` | | `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` | | `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | | | `startupapicheck.serviceAccount.annotations` | Annotations to add to the service account for the startupapicheck component | | | `startupapicheck.serviceAccount.automountServiceAccountToken` | Automount API credentials for the startupapicheck Service Account | `true` | +| `startupapicheck.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | | `maxConcurrentChallenges` | The maximum number of challenges that can be scheduled as 'processing' at once | `60` | ### Default Security Contexts diff --git a/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml b/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml index 122017374..f14168924 100644 --- a/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml @@ -45,6 +45,7 @@ spec: {{- if hasKey .Values.cainjector "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.cainjector.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.cainjector.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml index f080b753a..6a7d60913 100644 --- a/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml +++ b/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -17,10 +17,13 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" - {{- with .Values.cainjector.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} + {{- if not (or (hasKey .Values.cainjector.podDisruptionBudget "minAvailable") (hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set {{- end }} - {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.cainjector.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.cainjector.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.cainjector.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/controller-config.yaml b/charts/cert-manager/cert-manager/templates/controller-config.yaml new file mode 100644 index 000000000..a1b337572 --- /dev/null +++ b/charts/cert-manager/cert-manager/templates/controller-config.yaml @@ -0,0 +1,25 @@ +{{- if .Values.config -}} + {{- if not .Values.config.apiVersion -}} + {{- fail "config.apiVersion must be set" -}} + {{- end -}} + + {{- if not .Values.config.kind -}} + {{- fail "config.kind must be set" -}} + {{- end -}} +{{- end -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "cert-manager.fullname" . }} + namespace: {{ include "cert-manager.namespace" . }} + labels: + app: {{ include "cert-manager.name" . }} + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + {{- include "labels" . | nindent 4 }} +data: + {{- if .Values.config }} + config.yaml: | + {{ .Values.config | toYaml | nindent 4 }} + {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/crds.yaml b/charts/cert-manager/cert-manager/templates/crds.yaml index 820698742..6cce90551 100644 --- a/charts/cert-manager/cert-manager/templates/crds.yaml +++ b/charts/cert-manager/cert-manager/templates/crds.yaml @@ -51,10 +51,8 @@ spec: type: date schema: openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used." + description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `Ready` status condition and its `status.failureTime` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used." type: object - required: - - spec properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -65,14 +63,14 @@ spec: metadata: type: object spec: - description: Desired state of the CertificateRequest resource. + description: Specification of the desired state of the CertificateRequest resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - issuerRef - request properties: duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. + description: Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. type: string extra: description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. @@ -88,10 +86,10 @@ spec: type: string x-kubernetes-list-type: atomic isCA: - description: IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`. + description: "Requested basic constraints isCA value. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. \n NOTE: If the CSR in the `Request` field has a BasicConstraints extension, it must have the same isCA value as specified here. \n If true, this will automatically add the `cert sign` usage to the list of requested `usages`." type: boolean issuerRef: - description: IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty. + description: "Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. \n The `name` field of the reference must always be specified." type: object required: - name @@ -106,14 +104,14 @@ spec: description: Name of the resource being referred to. type: string request: - description: The PEM-encoded x509 certificate signing request to be submitted to the CA for signing. + description: "The PEM-encoded X.509 certificate signing request to be submitted to the issuer for signing. \n If the CSR has a BasicConstraints extension, its isCA attribute must match the `isCA` value of this CertificateRequest. If the CSR has a KeyUsage extension, its key usages must match the key usages in the `usages` field of this CertificateRequest. If the CSR has a ExtKeyUsage extension, its extended key usages must match the extended key usages in the `usages` field of this CertificateRequest." type: string format: byte uid: description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. type: string usages: - description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified. + description: "Requested key usages and extended key usages. \n NOTE: If the CSR in the `Request` field has uses the KeyUsage or ExtKeyUsage extension, these extensions must have the same values as specified here without any additional values. \n If unset, defaults to `digital signature` and `key encipherment`." type: array items: description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" @@ -146,19 +144,19 @@ spec: description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. type: string status: - description: Status of the CertificateRequest. This is set and managed automatically. + description: 'Status of the CertificateRequest. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' type: object properties: ca: - description: The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + description: The PEM encoded X.509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. type: string format: byte certificate: - description: The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + description: The PEM encoded X.509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. type: string format: byte conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. + description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. type: array items: description: CertificateRequestCondition contains condition information for a CertificateRequest. @@ -244,10 +242,8 @@ spec: type: date schema: openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)." + description: "A Certificate resource should be created to ensure an up to date and signed X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)." type: object - required: - - spec properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -258,14 +254,14 @@ spec: metadata: type: object spec: - description: Desired state of the Certificate resource. + description: Specification of the desired state of the Certificate resource. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - issuerRef - secretName properties: additionalOutputFormats: - description: AdditionalOutputFormats defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option on both the controller and webhook components. + description: "Defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. \n This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both the controller and webhook components." type: array items: description: CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. @@ -280,34 +276,34 @@ spec: - DER - CombinedPEM commonName: - description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' + description: "Requested common name X509 certificate subject attribute. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 NOTE: TLS clients will ignore this value when any subject alternative name is set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). \n Should have a length of 64 characters or fewer to avoid generating invalid CSRs. Cannot be set if the `literalSubject` field is set." type: string dnsNames: - description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. + description: Requested DNS subject alternative names. type: array items: type: string duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + description: "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the issuer may choose to ignore the requested duration, just like any other requested attribute. \n If unset, this defaults to 90 days. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration." type: string emailAddresses: - description: EmailAddresses is a list of email subjectAltNames to be set on the Certificate. + description: Requested email subject alternative names. type: array items: type: string encodeUsagesInRequest: - description: EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest + description: "Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. \n This option defaults to true, and should only be disabled if the target issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions." type: boolean ipAddresses: - description: IPAddresses is a list of IP address subjectAltNames to be set on the Certificate. + description: Requested IP address subject alternative names. type: array items: type: string isCA: - description: IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`. + description: "Requested basic constraints isCA value. The isCA value is used to set the `isCA` field on the created CertificateRequest resources. Note that the issuer may choose to ignore the requested isCA value, just like any other requested attribute. \n If true, this will automatically add the `cert sign` usage to the list of requested `usages`." type: boolean issuerRef: - description: IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. + description: "Reference to the issuer responsible for issuing the certificate. If the issuer is namespace-scoped, it must be in the same namespace as the Certificate. If the issuer is cluster-scoped, it can be used from any namespace. \n The `name` field of the reference must always be specified." type: object required: - name @@ -322,7 +318,7 @@ spec: description: Name of the resource being referred to. type: string keystores: - description: Keystores configures additional keystore output formats stored in the `secretName` Secret resource. + description: Additional keystore output formats to be stored in the Certificate's Secret. type: object properties: jks: @@ -370,46 +366,46 @@ spec: description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string literalSubject: - description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + description: "Requested X.509 certificate subject, represented using the LDAP \"String Representation of a Distinguished Name\" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 \n Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components." type: string privateKey: - description: Options to control private keys used for the Certificate. + description: Private key options. These include the key algorithm and size, the used encoding and the rotation policy. type: object properties: algorithm: - description: Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + description: "Algorithm is the private key algorithm of the corresponding private key for this certificate. \n If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. If `algorithm` is specified and `size` is not provided, key size of 2048 will be used for `RSA` key algorithm and key size of 256 will be used for `ECDSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm." type: string enum: - RSA - ECDSA - Ed25519 encoding: - description: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + description: "The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. \n If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified." type: string enum: - PKCS1 - PKCS8 rotationPolicy: - description: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility. + description: "RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. \n If set to `Never`, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to `Always`, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is `Never` for backward compatibility." type: string enum: - Never - Always size: - description: Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + description: "Size is the key bit size of the corresponding private key for this certificate. \n If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed." type: integer renewBefore: - description: How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + description: "How long before the currently issued certificate's expiry cert-manager should renew the certificate. For example, if a certificate is valid for 60 minutes, and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate 50 minutes after it was issued (i.e. when there are 10 minutes remaining until the certificate is no longer valid). \n NOTE: The actual lifetime of the issued certificate is used to determine the renewal time. If an issuer returns a certificate with a different lifetime than the one requested, cert-manager will use the lifetime of the issued certificate. \n If unset, this defaults to 1/3 of the issued certificate's lifetime. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration." type: string revisionHistoryLimit: - description: revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + description: "The maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. \n If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`." type: integer format: int32 secretName: - description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. + description: Name of the Secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. The Secret resource lives in the same namespace as the Certificate resource. type: string secretTemplate: - description: SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + description: Defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. type: object properties: annotations: @@ -423,7 +419,7 @@ spec: additionalProperties: type: string subject: - description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + description: "Requested set of X509 certificate subject attributes. More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 \n The common name attribute is specified separately in the `commonName` field. Cannot be set if the `literalSubject` field is set." type: object properties: countries: @@ -465,12 +461,12 @@ spec: items: type: string uris: - description: URIs is a list of URI subjectAltNames to be set on the Certificate. + description: Requested URI subject alternative names. type: array items: type: string usages: - description: Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified. + description: "Requested key usages and extended key usages. These usages are used to set the `usages` field on the created CertificateRequest resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages will additionally be encoded in the `request` field which contains the CSR blob. \n If unset, defaults to `digital signature` and `key encipherment`." type: array items: description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" @@ -500,7 +496,7 @@ spec: - microsoft sgc - netscape sgc status: - description: Status of the Certificate. This is set and managed automatically. + description: 'Status of the Certificate. This is set and managed automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' type: object properties: conditions: @@ -555,7 +551,7 @@ spec: type: string format: date-time notBefore: - description: The time after which the certificate stored in the secret named by this resource in spec.secretName is valid. + description: The time after which the certificate stored in the secret named by this resource in `spec.secretName` is valid. type: string format: date-time renewalTime: @@ -965,7 +961,7 @@ spec: description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." type: object required: - name @@ -977,7 +973,7 @@ spec: maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ kind: - description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." type: string default: Gateway maxLength: 63 @@ -989,19 +985,19 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 minimum: 1 sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" type: string maxLength: 253 minLength: 1 @@ -2080,7 +2076,7 @@ spec: description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." type: object required: - name @@ -2092,7 +2088,7 @@ spec: maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ kind: - description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." type: string default: Gateway maxLength: 63 @@ -2104,19 +2100,19 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 minimum: 1 sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" type: string maxLength: 253 minLength: 1 @@ -3398,7 +3394,7 @@ spec: description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." type: object required: - name @@ -3410,7 +3406,7 @@ spec: maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ kind: - description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." type: string default: Gateway maxLength: 63 @@ -3422,19 +3418,19 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 minimum: 1 sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" type: string maxLength: 253 minLength: 1 diff --git a/charts/cert-manager/cert-manager/templates/deployment.yaml b/charts/cert-manager/cert-manager/templates/deployment.yaml index aea5736c0..e0f347ad9 100644 --- a/charts/cert-manager/cert-manager/templates/deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/deployment.yaml @@ -52,6 +52,7 @@ spec: {{- if hasKey .Values "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -59,9 +60,16 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volumes }} + {{- if or .Values.volumes .Values.config}} volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "cert-manager.fullname" . }} + {{- end }} + {{ with .Values.volumes }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} containers: - name: {{ .Chart.Name }}-controller @@ -73,6 +81,10 @@ spec: {{- if .Values.global.logLevel }} - --v={{ .Values.global.logLevel }} {{- end }} + {{- if .Values.config }} + - --config=/var/cert-manager/config/config.yaml + {{- end }} + {{- $config := default .Values.config "" }} {{- if .Values.clusterResourceNamespace }} - --cluster-resource-namespace={{ .Values.clusterResourceNamespace }} {{- else }} @@ -133,9 +145,15 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.volumeMounts }} + {{- if or .Values.config .Values.volumeMounts }} volumeMounts: + {{- if .Values.config}} + - name: config + mountPath: /var/cert-manager/config + {{- end }} + {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} env: - name: POD_NAMESPACE diff --git a/charts/cert-manager/cert-manager/templates/networkpolicy-webhooks.yaml b/charts/cert-manager/cert-manager/templates/networkpolicy-webhooks.yaml index 349877a8b..92818563a 100644 --- a/charts/cert-manager/cert-manager/templates/networkpolicy-webhooks.yaml +++ b/charts/cert-manager/cert-manager/templates/networkpolicy-webhooks.yaml @@ -12,13 +12,13 @@ spec: {{- end }} podSelector: matchLabels: - app: {{ include "webhook.name" . }} - app.kubernetes.io/name: {{ include "webhook.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "webhook" - {{- with .Values.webhook.podLabels }} - {{- toYaml . | nindent 6 }} - {{- end }} + app: {{ include "webhook.name" . }} + app.kubernetes.io/name: {{ include "webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "webhook" + {{- with .Values.webhook.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} policyTypes: - Ingress diff --git a/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml b/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml index dab75ce68..ae71eed29 100644 --- a/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml +++ b/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml @@ -17,10 +17,13 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "controller" - {{- with .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} + {{- if not (or (hasKey .Values.podDisruptionBudget "minAvailable") (hasKey .Values.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/rbac.yaml b/charts/cert-manager/cert-manager/templates/rbac.yaml index 830e37285..94b0950b7 100644 --- a/charts/cert-manager/cert-manager/templates/rbac.yaml +++ b/charts/cert-manager/cert-manager/templates/rbac.yaml @@ -398,6 +398,26 @@ subjects: namespace: {{ include "cert-manager.namespace" . }} kind: ServiceAccount +{{- if .Values.global.rbac.aggregateClusterRoles }} +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "cert-manager.fullname" . }}-cluster-view + labels: + app: {{ include "cert-manager.name" . }} + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + {{- include "labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers"] + verbs: ["get", "list", "watch"] + +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -414,6 +434,7 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" {{- end }} rules: - apiGroups: ["cert-manager.io"] diff --git a/charts/cert-manager/cert-manager/templates/serviceaccount.yaml b/charts/cert-manager/cert-manager/templates/serviceaccount.yaml index 6026842ff..87fc00ea7 100644 --- a/charts/cert-manager/cert-manager/templates/serviceaccount.yaml +++ b/charts/cert-manager/cert-manager/templates/serviceaccount.yaml @@ -20,6 +20,6 @@ metadata: app.kubernetes.io/component: "controller" {{- include "labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} - {{ toYaml . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/servicemonitor.yaml b/charts/cert-manager/cert-manager/templates/servicemonitor.yaml index 9d9e89992..bfb2292ff 100644 --- a/charts/cert-manager/cert-manager/templates/servicemonitor.yaml +++ b/charts/cert-manager/cert-manager/templates/servicemonitor.yaml @@ -42,4 +42,7 @@ spec: interval: {{ .Values.prometheus.servicemonitor.interval }} scrapeTimeout: {{ .Values.prometheus.servicemonitor.scrapeTimeout }} honorLabels: {{ .Values.prometheus.servicemonitor.honorLabels }} + {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml b/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml index a9b965e18..52aadecc2 100644 --- a/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml +++ b/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml @@ -37,6 +37,7 @@ spec: {{- if hasKey .Values.startupapicheck "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.startupapicheck.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.startupapicheck.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml index 043c4b150..4935694d7 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml @@ -44,6 +44,7 @@ spec: {{- if hasKey .Values.webhook "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.webhook.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -54,6 +55,9 @@ spec: {{- if .Values.webhook.hostNetwork }} hostNetwork: true {{- end }} + {{- if .Values.webhook.hostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + {{- end }} containers: - name: {{ .Chart.Name }}-webhook {{- with .Values.webhook.image }} @@ -72,7 +76,7 @@ spec: - --secure-port={{ .Values.webhook.securePort }} {{- end }} {{- if .Values.featureGates }} - - --feature-gates={{ .Values.featureGates }} + - --feature-gates={{ .Values.webhook.featureGates }} {{- end }} {{- $tlsConfig := default $config.tlsConfig "" }} {{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}} diff --git a/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml b/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml index c8a357cb1..ab2a48109 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -17,10 +17,13 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- with .Values.webhook.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} + {{- if not (or (hasKey .Values.webhook.podDisruptionBudget "minAvailable") (hasKey .Values.webhook.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set {{- end }} - {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.webhook.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if hasKey .Values.webhook.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.webhook.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml b/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml index a5d168e29..ce33cc797 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-validating-webhook.yaml @@ -21,10 +21,6 @@ webhooks: operator: "NotIn" values: - "true" - - key: "name" - operator: "NotIn" - values: - - {{ include "cert-manager.namespace" . }} rules: - apiGroups: - "cert-manager.io" diff --git a/charts/cert-manager/cert-manager/values.yaml b/charts/cert-manager/cert-manager/values.yaml index 66df39a4b..2d47d7141 100644 --- a/charts/cert-manager/cert-manager/values.yaml +++ b/charts/cert-manager/cert-manager/values.yaml @@ -63,17 +63,14 @@ strategy: {} podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) + # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # minAvailable: 1 + # maxUnavailable: 1 -# Comma separated list of feature gates that should be enabled on the controller -# Note: do not use this field to pass feature gate values into webhook -# component as this behaviour relies on a bug that will be fixed in cert-manager 1.13 -# https://github.com/cert-manager/cert-manager/pull/6093 -# Use webhook.extraArgs to pass --feature-gates flag directly instead. +# Comma separated list of feature gates that should be enabled on the +# controller pod. featureGates: "" # The maximum number of challenges that can be scheduled as 'processing' at once @@ -122,6 +119,29 @@ serviceAccount: # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted enableCertificateOwnerRef: false +# Used to configure options for the controller pod. +# This allows setting options that'd usually be provided via flags. +# An APIVersion and Kind must be specified in your values.yaml file. +# Flags will override options that are set here. +config: +# apiVersion: controller.config.cert-manager.io/v1alpha1 +# kind: ControllerConfiguration +# logging: +# verbosity: 2 +# format: text +# leaderElectionConfig: +# namespace: kube-system +# kubernetesAPIQPS: 9000 +# kubernetesAPIBurst: 9000 +# numberOfConcurrentWorkers: 200 +# featureGates: +# additionalCertificateOutputFormats: true +# experimentalCertificateSigningRequestControllers: true +# experimentalGatewayAPISupport: true +# serverSideApply: true +# literalCertificateSubject: true +# useCertificateRequestBasicConstraints: true + # Setting Nameservers for DNS01 Self Check # See: https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check @@ -214,6 +234,7 @@ prometheus: labels: {} annotations: {} honorLabels: false + endpointAdditionalProperties: {} # Use these variables to configure the HTTP_PROXY environment variables # http_proxy: "http://proxy:8080" @@ -270,6 +291,11 @@ livenessProbe: successThreshold: 1 failureThreshold: 8 +# enableServiceLinks indicates whether information about services should be +# injected into pod's environment variables, matching the syntax of Docker +# links. +enableServiceLinks: false + webhook: replicaCount: 1 timeoutSeconds: 10 @@ -307,11 +333,11 @@ webhook: podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) + # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # minAvailable: 1 + # maxUnavailable: 1 # Container Security Context to be set on the webhook component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -344,6 +370,10 @@ webhook: # Path to a file containing a WebhookConfiguration object used to configure the webhook # - --config= + # Comma separated list of feature gates that should be enabled on the + # webhook pod. + featureGates: "" + resources: {} # requests: # cpu: 10m @@ -468,6 +498,11 @@ webhook: volumes: [] volumeMounts: [] + # enableServiceLinks indicates whether information about services should be + # injected into pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false + cainjector: enabled: true replicaCount: 1 @@ -488,11 +523,11 @@ cainjector: podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) + # if neither minAvailable or maxUnavailable is set, we default to `minAvailable: 1` + # minAvailable: 1 + # maxUnavailable: 1 # Container Security Context to be set on the cainjector component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -568,6 +603,11 @@ cainjector: volumes: [] volumeMounts: [] + # enableServiceLinks indicates whether information about services should be + # injected into pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false + acmesolver: image: repository: quay.io/jetstack/cert-manager-acmesolver @@ -690,3 +730,8 @@ startupapicheck: volumes: [] volumeMounts: [] + + # enableServiceLinks indicates whether information about services should be + # injected into pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml index 77abe8dae..872687df7 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=v1.16.0-0' catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller apiVersion: v2 -appVersion: 1.34.16 +appVersion: 1.35.6 description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running as sidecar. home: https://www.cloud.com @@ -18,4 +18,4 @@ maintainers: name: citrix-cpx-with-ingress-controller sources: - https://github.com/citrix/citrix-k8s-ingress-controller -version: 1.34.16 +version: 1.35.6 diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/README.md b/charts/citrix/citrix-cpx-with-ingress-controller/README.md index 478a45149..258899a37 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/README.md +++ b/charts/citrix/citrix-cpx-with-ingress-controller/README.md @@ -442,6 +442,29 @@ Here tolerations[0].key, tolerations[0].value and tolerations[0].effect are the Effect represents what should happen to the pod if the pod don't have any matching toleration. It can have values `NoSchedule`, `NoExecute` and `PreferNoSchedule`. Operator represents the operation to be used for key and value comparison between taint and tolerations. It can have values `Exists` and `Equal`. The default value for operator is `Equal`. +### Resource Quotas +There are various use-cases when resource quotas are configured on the Kubernetes cluster. If quota is enabled in a namespace for compute resources like cpu and memory, users must specify requests or limits for those values; otherwise, the quota system may reject pod creation. The resource quotas for the CIC and CPX containers can be provided explicitly in the helm chart. + +To set requests and limits for the CIC container, use the variables `cic.resources.requests` and `cic.resources.limits` respectively. +Similarly, to set requests and limits for the CPX container, use the variable `resources.requests` and `resources.limits` respectively. + +Below is an example of the helm command that configures +``` +A) For CIC container: + CPU request for 500milli CPUs + CPU limit at 1000m + Memory request for 512M + Memory limit at 1000M +B) For CPX container: + CPU request for 250milli CPUs + CPU limit at 500m + Memory request for 256M + Memory limit at 512M +``` +``` +helm install cpx citrix/citrix-cpx-with-ingress-controller --set license.accept=yes --set cic.resources.requests.cpu=500m,cic.resources.requests.memory=512Mi,cic.resources.limits.cpu=1000m,cic.resources.limits.memory=1000Mi --set resources.limits.cpu=500m,resources.limits.memory=512Mi,resources.requests.cpu=250m,resources.requests.memory=256Mi +``` + ## Configuration The following table lists the configurable parameters of the Citrix ADC CPX with Citrix ingress controller as side car chart and their default values. @@ -455,7 +478,7 @@ The following table lists the configurable parameters of the Citrix ADC CPX with | daemonSet | Optional | False | Set this to true if Citrix ADC CPX needs to be deployed as DaemonSet. | | cic.imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry | | cic.imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository | -| cic.imageTag | Mandatory | `1.34.16` | The Citrix ingress controller image tag | +| cic.imageTag | Mandatory | `1.35.6` | The Citrix ingress controller image tag | | cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. | | cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX | | cic.resources | Optional | {} | CPU/Memory resource requests/limits for Citrix Ingress Controller container | @@ -519,7 +542,6 @@ The following table lists the configurable parameters of the Citrix ADC CPX with | ADMSettings.vCPULicense | Optional | N/A | Set to true if you want to use vCPU based licensing for Citrix ADC CPX. | | ADMSettings.licenseEdition| Optional | PLATINUM | License edition that can be Standard, Platinum and Enterprise . By default, Platinum is selected.| | ADMSettings.cpxCores | Optional | 1 | Desired number of vCPU to be set for Citrix ADC CPX. | -| ADMSettings.analyticsServerPort | Optional | 5557 | Port used for Analytics by ADM. Required to plot ServiceGraph. | | exporter.required | Optional | false | Use the argument if you want to run the [Exporter for Citrix ADC Stats](https://github.com/citrix/citrix-adc-metrics-exporter) along with Citrix ingress controller to pull metrics for the Citrix ADC CPX| | exporter.imageRegistry | Optional | `quay.io` | The Exporter for Citrix ADC Stats image registry | | exporter.imageRepository | Optional | `citrix/citrix-adc-metrics-exporter` | The Exporter for Citrix ADC Stats image repository | @@ -547,6 +569,8 @@ The following table lists the configurable parameters of the Citrix ADC CPX with | nsLbHashAlgo.required | Optional | false | Set this value to set the LB consistent hashing Algorithm | | nsLbHashAlgo.hashFingers | Optional |256 | Specifies the number of fingers to be used for hashing algorithm. Possible values are from 1 to 1024, Default value is 256 | | nsLbHashAlgo.hashAlgorithm | Optional | 'default' | Specifies the supported algorithm. Supported algorithms are "default", "jarh", "prac", Default value is 'default' | +| cpxCommands| Optional | N/A | This argument accepts user-provided bootup NetScaler config that is applied as soon as the CPX is instantiated. Please note that this is not a dynamic config, and any subsequent changes to the configmap don't reflect in the CPX config unless the pod is restarted. For more info, please refer the [documentation](https://docs.netscaler.com/en-us/citrix-adc-cpx/current-release/configure-cpx-kubernetes-using-configmaps.html). | +| cpxShellCommands| Optional | N/A | This argument accepts user-provided bootup config that is applied as soon as the CPX is instantiated. Please note that this is not a dynamic config, and any subsequent changes to the configmap don't reflect in the CPX config unless the pod is restarted. For more info, please refer the [documentation](https://docs.netscaler.com/en-us/citrix-adc-cpx/current-release/configure-cpx-kubernetes-using-configmaps.html). | > **Note:** > diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/_helpers.tpl b/charts/citrix/citrix-cpx-with-ingress-controller/templates/_helpers.tpl index 92e636ce2..06e65215c 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/_helpers.tpl +++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/_helpers.tpl @@ -78,6 +78,15 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} +{{- define "bootupconfigmap.fullname" -}} +{{- $name := default .Chart.Name "cpx-bootup-configmap" .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml index f265d4e3a..2bb161a2a 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml @@ -85,12 +85,6 @@ spec: value: {{ .Values.mgmtHttpPort | quote }} - name: "NS_HTTPS_PORT" value: {{ .Values.mgmtHttpsPort | quote }} - - name: "LOGSTREAM_COLLECTOR_IP" - value: {{ .Values.ADMSettings.ADMIP | quote }} - - name: "ANALYTICS_SERVER" - value: {{ .Values.ADMSettings.ADMIP | quote }} - - name: "ANALYTICS_SERVER_PORT" - value: {{ .Values.ADMSettings.analyticsServerPort | quote }} {{- end }} ##Need to set env var BANDWIDTH in order to provide Bandwidth license to Citrix ADC CPX from ADM or CPX License Aggregator {{- if and ( or ( .Values.ADMSettings.licenseServerIP ) ( .Values.cpxLicenseAggregator ) ) ( eq .Values.ADMSettings.bandWidthLicense true ) }} @@ -131,6 +125,8 @@ spec: name: cpx-volume - mountPath: /cpx/conf name: cpx-volume-conf + - mountPath: /cpx/bootup_conf + name: bootupconfig-volume {{- if .Values.cic.required }} # Add cic as a sidecar - name: cic @@ -305,6 +301,9 @@ spec: emptyDir: {} - name: cpx-volume-conf emptyDir: {} + - name: bootupconfig-volume + configMap: + name: {{ include "bootupconfigmap.fullname" . }} {{- if and .Values.nodeSelector.key .Values.nodeSelector.value }} nodeSelector: {{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }} diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml index ac7aab2a2..cd621fbfc 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml @@ -83,4 +83,19 @@ data: {{- if .Values.profileHttpFrontend }} FRONTEND_HTTP_PROFILE: | {{- toYaml .Values.profileHttpFrontend | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "bootupconfigmap.fullname" . }} + namespace: {{ .Release.Namespace }} +data: + cpx.conf: | + #NetScaler commands + {{- .Values.cpxCommands | nindent 6 -}} + #Shell commands + {{- .Values.cpxShellCommands | nindent 6 -}} + # end of file \ No newline at end of file diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml index bb9e1f951..b4c1c9d37 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml @@ -82,23 +82,26 @@ servicePorts: [] cic: imageRegistry: quay.io imageRepository: citrix/citrix-k8s-ingress-controller - imageTag: 1.34.16 + imageTag: 1.35.6 image: "{{ .Values.cic.imageRegistry }}/{{ .Values.cic.imageRepository }}:{{ .Values.cic.imageTag }}" pullPolicy: IfNotPresent required: true - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # Following values depends on no of ingresses configured by Ingress Controllers, so it is - # advised to test with maximum no of ingresses to set these values. - # limits: - # cpu: 1000m - # memory: 1000Mi - # requests: - # cpu: 250m - # memory: 256Mi + resources: + requests: + cpu: 32m + memory: 128Mi + # Following values depends on no of ingresses configured by Ingress Controllers, so it is + # advised to test with maximum no of ingresses to set these values. + # limits: + # cpu: 1000m + # memory: 1000Mi + limits: {} + # Following values depends on no of ingresses configured by Ingress Controllers, so it is + # advised to test with maximum no of ingresses to set these values. + # limits: + # cpu: 1000m + # memory: 1000Mi + entityPrefix: license: accept: no @@ -143,7 +146,6 @@ ADMSettings: bandWidth: 1000 #bandwidth value shoule be in Mbps vCPULicense: false cpxCores: - analyticsServerPort: 5557 licenseEdition: PLATINUM # Exporter config details @@ -227,18 +229,28 @@ serviceAccount: # name: podAnnotations: {} - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:' - # This is the resource for CPX container. +# This is the resource for CPX container. +resources: + requests: + cpu: 128m + memory: 500Mi + limits: {} # limits: # cpu: 500m # memory: 512Mi - # requests: - # cpu: 100m - # memory: 128Mi affinity: {} + +# cpxCommands: to provide global config to be applied in CPX. The commands will be executed in order. For e.g. +# add rewrite action rw_act_x_forwarded_proto insert_http_header X-Forwarded-Proto "\"https\"" +# add rewrite policy rw_pol_x_forwarded_proto CLIENT.SSL.IS_SSL rw_act_x_forwarded_proto +# bind rewrite global rw_pol_x_forwarded_proto 10 -type REQ_OVERRIDE +cpxCommands: | + + +# cpxShellCommands: to provide commands that need to be executed in shell of CPX. For e.g. +# touch /etc/a.txt +# echo "this is a" > /etc/a.txt +# echo "this is the file" >> /etc/a.txt +# ls >> /etc/a.txt +cpxShellCommands: | diff --git a/charts/citrix/citrix-ingress-controller/Chart.yaml b/charts/citrix/citrix-ingress-controller/Chart.yaml index 125927f72..331f09dfd 100644 --- a/charts/citrix/citrix-ingress-controller/Chart.yaml +++ b/charts/citrix/citrix-ingress-controller/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=v1.16.0-0' catalog.cattle.io/release-name: citrix-ingress-controller apiVersion: v2 -appVersion: 1.34.16 +appVersion: 1.35.6 description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX. home: https://www.cloud.com icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png @@ -17,4 +17,4 @@ maintainers: name: citrix-ingress-controller sources: - https://github.com/citrix/citrix-k8s-ingress-controller -version: 1.34.16 +version: 1.35.6 diff --git a/charts/citrix/citrix-ingress-controller/README.md b/charts/citrix/citrix-ingress-controller/README.md index e70970ae8..687a9f6e1 100644 --- a/charts/citrix/citrix-ingress-controller/README.md +++ b/charts/citrix/citrix-ingress-controller/README.md @@ -305,7 +305,22 @@ Here tolerations[0].key, tolerations[0].value and tolerations[0].effect are the Effect represents what should happen to the pod if the pod don't have any matching toleration. It can have values `NoSchedule`, `NoExecute` and `PreferNoSchedule`. Operator represents the operation to be used for key and value comparison between taint and tolerations. It can have values `Exists` and `Equal`. The default value for operator is `Equal`. +### Resource Quotas +There are various use-cases when resource quotas are configured on the Kubernetes cluster. If quota is enabled in a namespace for compute resources like cpu and memory, users must specify requests or limits for those values; otherwise, the quota system may reject pod creation. The resource quotas for the CIC containers can be provided explicitly in the helm chart. +To set requests and limits for the CIC container, use the variables `resources.requests` and `resources.limits` respectively. + +Below is an example of the helm command that configures +- For CIC container: +``` + CPU request for 500milli CPUs + CPU limit at 1000m + Memory request for 512M + Memory limit at 1000M +``` +``` +helm install my-release citrix/citrix-ingress-controller --set nsIP=,nsVIP=,license.accept=yes,adcCredentialSecret=,resources.requests.cpu=500m,resources.requests.memory=512Mi --set resources.limits.cpu=1000m,resources.limits.memory=1000Mi +``` ### Configuration @@ -316,7 +331,7 @@ The following table lists the mandatory and optional parameters that you can con | license.accept | Mandatory | no | Set `yes` to accept the CIC end user license agreement. | | imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry | | imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository | -| imageTag | Mandatory | `1.34.16` | The Citrix ingress controller image tag | +| imageTag | Mandatory | `1.35.6` | The Citrix ingress controller image tag | | pullPolicy | Mandatory | IfNotPresent | The CIC image pull policy. | | imagePullSecrets | Optional | N/A | Provide list of Kubernetes secrets to be used for pulling the images from a private Docker registry or repository. For more information on how to create this secret please see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). | | nameOverride | Optional | N/A | String to partially override deployment fullname template with a string (will prepend the release name) | @@ -340,7 +355,7 @@ The following table lists the mandatory and optional parameters that you can con | nsDnsNameserver | Optional | N/A | To add DNS Nameservers in ADC | | optimizeEndpointBinding | Optional | false | To enable/disable binding of backend endpoints to servicegroup in a single API-call. Recommended when endpoints(pods) per application are large in number. Applicable only for Citrix ADC Version >=13.0-45.7 | | kubernetesURL | Optional | N/A | The kube-apiserver url that CIC uses to register the events. If the value is not specified, CIC uses the [internal kube-apiserver IP address](https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod). | -| clusterName | Optional | N/A | The unique identifier of the kubernetes cluster on which the CIC is deployed. Used in multi-cluster deployments. | +| clusterName | Optional | N/A | The unique identifier of the kubernetes cluster on which the CIC is deployed. Used in gslb-controller deployments. | | ingressClass | Optional | N/A | If multiple ingress load balancers are used to load balance different ingress resources. You can use this parameter to specify CIC to configure Citrix ADC associated with specific ingress class. For more information on Ingress class, see [Ingress class support](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/configure/ingress-classes/). For Kubernetes version >= 1.19, this will create an IngressClass object with the name specified here | | setAsDefaultIngressClass | Optional | False | Set the IngressClass object as default ingress class. New Ingresses without an "ingressClassName" field specified will be assigned the class specified in ingressClass. Applicable only for kubernetes versions >= 1.19 | | serviceClass | Optional | N/A | By Default ingress controller configures all TypeLB Service on the ADC. You can use this parameter to finetune this behavior by specifing CIC to only configure TypeLB Service with specific service class. For more information on Service class, see [Service class support](https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/configure/service-classes/). | diff --git a/charts/citrix/citrix-ingress-controller/values.yaml b/charts/citrix/citrix-ingress-controller/values.yaml index fa2551fca..9abb3b0a2 100644 --- a/charts/citrix/citrix-ingress-controller/values.yaml +++ b/charts/citrix/citrix-ingress-controller/values.yaml @@ -5,7 +5,7 @@ # Citrix Ingress Controller config details imageRegistry: quay.io imageRepository: citrix/citrix-k8s-ingress-controller -imageTag: 1.34.16 +imageTag: 1.35.6 image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}" pullPolicy: IfNotPresent imagePullSecrets: [] @@ -162,19 +162,21 @@ serviceAccount: podAnnotations: {} -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. +resources: + requests: + cpu: 32m + memory: 128Mi + # Following values depends on no of ingresses configured by Ingress Controllers, so it is + # advised to test with maximum no of ingresses to set these values. + # limits: + # cpu: 1000m + # memory: 1000Mi + limits: {} # Following values depends on no of ingresses configured by Ingress Controllers, so it is # advised to test with maximum no of ingresses to set these values. # limits: # cpu: 1000m # memory: 1000Mi - # requests: - # cpu: 500m - # memory: 500Mi affinity: {} diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock index 25aebd222..76a527e05 100644 --- a/charts/crate/crate-operator/Chart.lock +++ b/charts/crate/crate-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: crate-operator-crds repository: file://../crate-operator-crds - version: 2.30.3 -digest: sha256:ae46760e801b4cef9755aa95f722dd25151fc3a8633cef7bcfbb5745d96b569c -generated: "2023-08-29T08:31:06.489571561Z" + version: 2.31.0 +digest: sha256:3d582e34aa3e7a808c36b88ddf5f21f7fd18d39b542038076fce5ffb3f62cd7b +generated: "2023-09-11T13:09:01.720960621Z" diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml index 8d7c6b92d..0388a8758 100644 --- a/charts/crate/crate-operator/Chart.yaml +++ b/charts/crate/crate-operator/Chart.yaml @@ -3,16 +3,16 @@ annotations: catalog.cattle.io/display-name: CrateDB Operator catalog.cattle.io/release-name: crate-operator apiVersion: v2 -appVersion: 2.30.3 +appVersion: 2.31.0 dependencies: - condition: crate-operator-crds.enabled name: crate-operator-crds repository: file://./charts/crate-operator-crds - version: 2.30.3 + version: 2.31.0 description: Crate Operator - Helm chart for installing and upgrading Crate Operator. icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg maintainers: - name: Crate.io name: crate-operator type: application -version: 2.30.3 +version: 2.31.0 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml index f09dcbe37..1fed8e1f3 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 2.30.3 +appVersion: 2.31.0 description: Crate Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Crate Operator. maintainers: - name: Crate.io name: crate-operator-crds type: application -version: 2.30.3 +version: 2.31.0 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml index d5437c1a2..a243090f1 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml @@ -291,12 +291,44 @@ spec: snapshot: description: The name of the snapshot to use. type: string + type: + type: string + enum: ["all", "tables", "metadata", "partitions", "sections"] tables: description: The tables to restore from the backup. - Format '.'. Defaults to 'all' + Format '.'. items: type: string type: array + sections: + description: Restore a single metadata group or only tables or views. + items: + type: string + enum: ["tables", "views", "users", "privileges", "analyzers", "udfs"] + type: array + partitions: + description: Restore certain table partitions by their column and value. + items: + properties: + table_ident: + type: string + columns: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + required: + - table_ident + - columns + type: object + type: array required: - snapshot - bucket diff --git a/charts/datadog/datadog-operator/CHANGELOG.md b/charts/datadog/datadog-operator/CHANGELOG.md index 228a74dcb..2c8ffc87e 100644 --- a/charts/datadog/datadog-operator/CHANGELOG.md +++ b/charts/datadog/datadog-operator/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog -## 1.0.4 +## 1.1.1 + +* Add permissions to curl `/metrics/slis` to operator cluster role. + +## 1.1.0 * Update Datadog Operator version to 1.1.0. diff --git a/charts/datadog/datadog-operator/Chart.yaml b/charts/datadog/datadog-operator/Chart.yaml index 56169288a..486b30e56 100644 --- a/charts/datadog/datadog-operator/Chart.yaml +++ b/charts/datadog/datadog-operator/Chart.yaml @@ -26,4 +26,4 @@ name: datadog-operator sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 1.1.0 +version: 1.1.1 diff --git a/charts/datadog/datadog-operator/README.md b/charts/datadog/datadog-operator/README.md index d39a7cfb3..c24dab900 100644 --- a/charts/datadog/datadog-operator/README.md +++ b/charts/datadog/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) +![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) ## Values diff --git a/charts/datadog/datadog-operator/templates/clusterrole.yaml b/charts/datadog/datadog-operator/templates/clusterrole.yaml index 485f71eda..152ef288f 100644 --- a/charts/datadog/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog/datadog-operator/templates/clusterrole.yaml @@ -8,6 +8,7 @@ metadata: rules: - nonResourceURLs: - /metrics + - /metrics/slis verbs: - get - apiGroups: diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index f56099d49..c44c38594 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,10 +1,13 @@ # Datadog changelog +## 3.36.0 + +* Enable Remote Config by default + ## 3.35.2 * Fix Agent Service Account Name used in `RoleBinding` for Secret Backend permissions when in GKE Autopliot - ## 3.35.1 * Add permissions to curl `/metrics/slis` to agent cluster role. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 1b5cbc260..dd397308f 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.35.2 +version: 3.36.0 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index fa9be7620..3585ebc6d 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.35.2](https://img.shields.io/badge/Version-3.35.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.36.0](https://img.shields.io/badge/Version-3.36.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -490,7 +490,7 @@ helm install \ | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | | clusterAgent.admissionController.port | int | `8000` | Set port of cluster-agent admission controller service | -| clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | +| clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `true` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | | clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the mutatingwebhookconfigurations created by the cluster-agent | | clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. | | clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules | @@ -688,7 +688,7 @@ helm install \ | datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | -| datadog.remoteConfiguration.enabled | bool | `false` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | +| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | | datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. | @@ -760,7 +760,7 @@ helm install \ | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | | registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) | -| remoteConfiguration.enabled | bool | `false` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. This will override `datadog.remoteConfiguration.enabled` and `clusterAgent.admissionController.remoteInstrumentation.enabled`. Preferred way to enable Remote Configuration. | +| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overriden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | ## Configuration options for Windows deployments diff --git a/charts/datadog/datadog/templates/_helpers.tpl b/charts/datadog/datadog/templates/_helpers.tpl index 96d105044..14e4508bb 100644 --- a/charts/datadog/datadog/templates/_helpers.tpl +++ b/charts/datadog/datadog/templates/_helpers.tpl @@ -814,7 +814,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if or .Values.remoteConfiguration.enabled .Values.datadog.remoteConfiguration.enabled -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} true {{- else -}} false @@ -825,7 +825,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if or .Values.remoteConfiguration.enabled .Values.clusterAgent.admissionController.remoteInstrumentation.enabled -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.clusterAgent.admissionController.remoteInstrumentation.enabled) -}} true {{- else -}} false diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index ddb5ad1e7..fca489412 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -389,7 +389,7 @@ datadog: remoteConfiguration: # datadog.remoteConfiguration.enabled -- Set to true to enable remote configuration. # Consider using remoteConfiguration.enabled instead - enabled: false + enabled: true ## Enable logs agent and provide custom configs logs: @@ -974,7 +974,7 @@ clusterAgent: # clusterAgent.admissionController.remoteInstrumentation.enabled -- Enable polling and applying library injection using Remote Config. ## This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. ## Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. - enabled: false + enabled: true # clusterAgent.admissionController.port -- Set port of cluster-agent admission controller service port: 8000 @@ -1949,6 +1949,6 @@ providers: remoteConfiguration: # remoteConfiguration.enabled -- Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. - # This will override `datadog.remoteConfiguration.enabled` and `clusterAgent.admissionController.remoteInstrumentation.enabled`. + # Can be overriden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. # Preferred way to enable Remote Configuration. - enabled: false + enabled: true diff --git a/charts/fairwinds/polaris/CHANGELOG.md b/charts/fairwinds/polaris/CHANGELOG.md index fe37c8ed4..96c659ed5 100644 --- a/charts/fairwinds/polaris/CHANGELOG.md +++ b/charts/fairwinds/polaris/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this Helm chart will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this chart adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## 5.15.0 + +* Support `string` type of `config` value + ## 5.13.0 * Update Polaris to 8.5.0 diff --git a/charts/fairwinds/polaris/Chart.yaml b/charts/fairwinds/polaris/Chart.yaml index 71a403186..847456f5f 100644 --- a/charts/fairwinds/polaris/Chart.yaml +++ b/charts/fairwinds/polaris/Chart.yaml @@ -12,4 +12,4 @@ maintainers: - email: robertb@fairwinds.com name: rbren name: polaris -version: 5.14.0 +version: 5.15.0 diff --git a/charts/fairwinds/polaris/templates/configmap.yaml b/charts/fairwinds/polaris/templates/configmap.yaml index ba72dec1a..e4fd9ec68 100644 --- a/charts/fairwinds/polaris/templates/configmap.yaml +++ b/charts/fairwinds/polaris/templates/configmap.yaml @@ -11,6 +11,7 @@ metadata: {{- include "polaris.labels" $ | nindent 4 }} data: config.yaml: | + {{- if kindIs "map" . }} {{- range $key, $value := . }} {{ $key }}: {{- toYaml $value | nindent 6 }} @@ -18,5 +19,9 @@ data: {{- toYaml $.Values.additionalExemptions | nindent 6 }} {{- end }} {{- end }} + {{- end }} + {{- if kindIs "string" . }} + {{- . | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index 23ee768d9..e246a354c 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,16 +1,32 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.63.14] - Aug 7, 2023 +## [107.68.7] - Aug 28, 2023 +* Enabled `unifiedSecretInstallation` as true by default +* Removed unused `artifactory.javaOpts` from values.yaml + +## [107.67.0] - Aug 28, 2023 +* Add 'extraJavaOpts' and 'port' values to federation service + +## [107.66.0] - Aug 28, 2023 +* Added federation service container in artifactory +* Add rtfs service to ingress in artifactory + +## [107.64.0] - Aug 28,2023 +* Added support to configure event.webhooks within generated system.yaml +* Fixed an issue to generate ssl certificate should support artifactory-ha fullname +* Added 'multiPartLimit' and 'multipartElementSize' parameters to awsS3V3 binary providers. +* Increased default Artifactory Tomcat acceptCount config to 400 +* Fixed Illegal Strict-Transport-Security header in nginx config + +## [107.63.0] - Aug 28, 2023 * Added support for Openshift by adding the securityContext in container level. * **IMPORTANT** * Disable securityContext in container and pod level to deploy postgres on openshift. * Fixed support for fsGroup in non openshift environment and runAsGroup in openshift environment. * Fixed - Helm Template Error when using artifactory.loggers [GH-1791](https://github.com/jfrog/charts/issues/1791) * Removed the nginx disable condition for openshift -* Added support to configure event.webhooks within generated system.yaml -* Fixed an issue to generate ssl certificate should support artifactory-ha fullname -* Added 'multiPartLimit' and 'multipartElementSize' parameters to awsS3V3 binary providers. +* Fixed jfconnect disabling as micro-service on splitcontainers [GH-1806](https://github.com/jfrog/charts/issues/1806) ## [107.62.0] - Jun 5, 2023 * Added support for 'port' and 'useHttp' parameters for s3-storage-v3 binary provider [GH-1767](https://github.com/jfrog/charts/issues/1767) diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index 056f6aeec..32a4f30a7 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.63.14 +appVersion: 7.68.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.63.14 +version: 107.68.7 diff --git a/charts/jfrog/artifactory-ha/ci/default-values.yaml b/charts/jfrog/artifactory-ha/ci/default-values.yaml index e8ea87fd9..020f52335 100644 --- a/charts/jfrog/artifactory-ha/ci/default-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/default-values.yaml @@ -14,6 +14,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -22,9 +25,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release postgresql: postgresqlPassword: password diff --git a/charts/jfrog/artifactory-ha/ci/global-values.yaml b/charts/jfrog/artifactory-ha/ci/global-values.yaml index b3c4bdd00..b1ef370ec 100644 --- a/charts/jfrog/artifactory-ha/ci/global-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/global-values.yaml @@ -10,6 +10,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -18,9 +21,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" customInitContainersBegin: | - name: "custom-init-begin-local" image: "{{ .Values.initContainerImage }}" @@ -231,7 +231,7 @@ nginx: proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header Strict-Transport-Security always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location /artifactory/ { if ( $request_uri ~ ^/artifactory/(.*)$ ) { diff --git a/charts/jfrog/artifactory-ha/ci/migration-disabled-values.yaml b/charts/jfrog/artifactory-ha/ci/migration-disabled-values.yaml index bc188e6b8..44895a373 100644 --- a/charts/jfrog/artifactory-ha/ci/migration-disabled-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/migration-disabled-values.yaml @@ -18,6 +18,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -26,6 +29,3 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/charts/jfrog/artifactory-ha/ci/nginx-autoreload-values.yaml b/charts/jfrog/artifactory-ha/ci/nginx-autoreload-values.yaml index d47259498..a6f4e8001 100644 --- a/charts/jfrog/artifactory-ha/ci/nginx-autoreload-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/nginx-autoreload-values.yaml @@ -14,6 +14,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -22,9 +25,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release postgresql: postgresqlPassword: password diff --git a/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml b/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml index a4e797188..2b88d70a8 100644 --- a/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml @@ -30,6 +30,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -38,9 +41,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" # Add lifecycle hooks for artifactory container lifecycle: diff --git a/charts/jfrog/artifactory-ha/ci/test-values.yaml b/charts/jfrog/artifactory-ha/ci/test-values.yaml index d950c4321..7af7c2e0f 100644 --- a/charts/jfrog/artifactory-ha/ci/test-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/test-values.yaml @@ -25,6 +25,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -33,9 +36,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" statefulset: annotations: artifactory: test @@ -59,6 +59,9 @@ ingress: nginx: enabled: false +jfconnect: + enabled: false + ## filebeat sidecar filebeat: enabled: true diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml index 391cba2dc..490fcbd7c 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -740,6 +740,66 @@ spec: {{- if .Values.integration.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.integration.livenessProbe.config . | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.federation.enabled }} + - name: {{ .Values.federation.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + exec /opt/jfrog/artifactory/app/third-party/java/bin/java {{ .Values.federation.extraJavaOpts }} -jar /opt/jfrog/artifactory/app/rtfs/lib/jf-rtfs + {{- with .Values.federation.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SHARED_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_RTFS_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.artifactory.unifiedSecretInstallation }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + {{- else }} + name: "{{ template "artifactory-ha.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} +{{- with .Values.federation.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + resources: +{{ toYaml .Values.federation.resources | indent 10 }} + {{- if .Values.federation.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.federation.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.federation.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.federation.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} @@ -842,12 +902,12 @@ spec: value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" + - name: JF_FEDERATION_ENABLED + value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} @@ -916,6 +976,8 @@ spec: name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} name: tcp-jmx diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml index e9908e276..998817eb4 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -830,6 +830,48 @@ spec: {{- if .Values.integration.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.integration.livenessProbe.config . | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.federation.enabled }} + - name: {{ .Values.federation.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + exec /opt/jfrog/artifactory/app/third-party/java/bin/java {{ .Values.federation.extraJavaOpts }} -jar /opt/jfrog/artifactory/app/rtfs/lib/jf-rtfs + {{- with .Values.federation.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SHARED_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # TODO - Password,Url,Username - should be derived from env variable +{{- with .Values.federation.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + resources: +{{ toYaml .Values.federation.resources | indent 10 }} + {{- if .Values.federation.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.federation.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.federation.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.federation.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} @@ -944,12 +986,12 @@ spec: value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" + - name: JF_FEDERATION_ENABLED + value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} @@ -1018,6 +1060,8 @@ spec: name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} name: tcp-jmx diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml index 5e294a8f3..4f956bd40 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml @@ -30,6 +30,10 @@ spec: targetPort: {{ .Values.artifactory.internalPort }} protocol: TCP name: http-router + - port: {{ .Values.federation.internalPort }} + targetPort: {{ .Values.federation.internalPort }} + protocol: TCP + name: http-rtfs {{- if .Values.artifactory.ssh.enabled }} - port: {{ .Values.artifactory.ssh.externalPort }} targetPort: {{ .Values.artifactory.ssh.internalPort }} diff --git a/charts/jfrog/artifactory-ha/templates/ingress.yaml b/charts/jfrog/artifactory-ha/templates/ingress.yaml index cc98dac1a..05b24830a 100644 --- a/charts/jfrog/artifactory-ha/templates/ingress.yaml +++ b/charts/jfrog/artifactory-ha/templates/ingress.yaml @@ -63,6 +63,15 @@ spec: name: {{ $serviceName }} port: number: {{ $artifactoryServicePort }} + {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} + - path: {{ $.Values.ingress.rtfsPath }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $serviceName }} + port: + number: {{ $.Values.federation.internalPort }} + {{- end }} {{- end }} {{- else }} {{- range $host := .Values.ingress.hosts }} diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml index 742f90ebe..2883fbd51 100644 --- a/charts/jfrog/artifactory-ha/values.yaml +++ b/charts/jfrog/artifactory-ha/values.yaml @@ -97,6 +97,7 @@ ingress: hosts: [] routerPath: / artifactoryPath: /artifactory/ + rtfsPath: /rtfs/ className: "" annotations: {} # kubernetes.io/ingress.class: nginx @@ -238,7 +239,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.71.0 + tag: 7.77.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -323,7 +324,7 @@ artifactory: ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. circleOfTrustCertificatesSecret: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha secrets - unifiedSecretInstallation: false + unifiedSecretInstallation: true image: registry: releases-docker.jfrog.io repository: jfrog/artifactory-pro @@ -350,7 +351,7 @@ artifactory: connector: maxThreads: 200 sendReasonPhrase: false - extraConfig: 'acceptCount="100"' + extraConfig: 'acceptCount="400"' # certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory customCertificates: enabled: false @@ -773,12 +774,31 @@ artifactory: replicator: enabled: true {{- end }} - {{- if .Values.jfconnect.enabled }} + {{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} jfconnect: enabled: true {{- else }} jfconnect: enabled: false + jfconnect_service: + enabled: false + {{- end }} + + {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + federation: + enabled: true + extraJavaOpts: {{ .Values.federation.extraJavaOpts }} + port: {{ .Values.federation.internalPort }} + rtfs: + database: + driver: org.postgresql.Driver + type: postgresql + username: {{ .Values.federation.database.username }} + password: {{ .Values.federation.database.password }} + url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}" + {{- else }} + federation: + enabled: false {{- end }} {{- if .Values.event.webhooks }} event: @@ -991,11 +1011,6 @@ artifactory: pool: members ## If the type is NodePort you can set a fixed port # nodePort: 32082 - ## The following Java options are passed to the java process running Artifactory. - ## This will be passed to all cluster members. Primary and member nodes. - javaOpts: {} - # other: "" - statefulset: annotations: {} ## The following setting are to configure a dedicated Ingress object for Replicator service @@ -1466,6 +1481,66 @@ integration: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: 5 +federation: + name: federation + enabled: false + internalPort: 8085 + extraJavaOpts: "" + # This section should be removed once rtfs service is GA + database: + port: 5432 + host: postgresql + name: rtfs + username: rtfs + password: "" + ## Extra environment variables that can be used to tune federation to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: MY_ENV_VAR + # value: "" + resources: {} + # requests: + # memory: "100Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "1" + + # Add lifecycle hooks for federation container + lifecycle: {} + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] + # preStop: + # exec: + # command: ["/bin/sh","-c","echo Hello from the preStop handler"] + + ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true + livenessProbe: + enabled: true + config: | + exec: + command: + - sh + - -c + - curl -XPOST --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.federation.internalPort }}/rtfs/sync/ping + initialDelaySeconds: {{ if semverCompare "= 1.14.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.63.14 +appVersion: 7.68.7 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.63.14 + version: 107.68.7 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.63.14 +version: 107.68.7 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index ac4060360..d994339fc 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,17 +1,32 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.63.14] - Aug 7, 2023 -* Added support for Openshift by adding the securityContext in container level. -* **IMPORTANT** -* Disable securityContext in container and pod level to deploy postgres on openshift. -* Fixed support for fsGroup in non openshift environment and runAsGroup in openshift environment. -* Fixed - Helm Template Error when using artifactory.loggers [GH-1791](https://github.com/jfrog/charts/issues/1791) -* Removed the nginx disable condition for openshift +## [107.68.7] - Aug 28, 2023 +* Enabled `unifiedSecretInstallation` by default + +## [107.67.0] - Aug 28, 2023 +* Add 'extraJavaOpts' and 'port' values to federation service + +## [107.66.0] - Aug 28, 2023 +* Added federation service container in artifactory +* Add rtfs service to ingress in artifactory + +## [107.64.0] - Aug 28, 2023 * Added support to configure event.webhooks within generated system.yaml * Fixed an issue to generate ssl certificate should support artifactory fullname * Added binarystore.xml template to persistence storage type `nfs`. The default Filestore location configured according to artifactory.persistence.nfs.dataDir. * Added 'multiPartLimit' and 'multipartElementSize' parameters to awsS3V3 binary providers. +* Increased default Artifactory Tomcat acceptCount config to 400 +* Fixed Illegal Strict-Transport-Security header in nginx config + +## [107.63.0] - Aug 28, 2023 +* Added support for Openshift by adding the securityContext in container level. +* **IMPORTANT** +* Disable securityContext in container and pod level to deploy postgres on openshift. +* Fixed support for fsGroup in non openshift environemnt and runAsGroup in openshift environment. +* Fixed - Helm Template Error when using artifactory.loggers [GH-1791](https://github.com/jfrog/charts/issues/1791) +* Removed the nginx disable condition for openshift +* Fixed jfconnect disabling as micro-service on splitcontainers [GH-1806](https://github.com/jfrog/charts/issues/1806) ## [107.62.0] - Jun 5, 2023 * Upgraded to autoscaling/v2 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index 85fc1ae99..12cf3451c 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.63.14 +appVersion: 7.68.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.63.14 +version: 107.68.7 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/global-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/global-values.yaml index 594222512..af972d774 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/global-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/global-values.yaml @@ -223,7 +223,7 @@ nginx: proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header Strict-Transport-Security always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location /artifactory/ { if ( $request_uri ~ ^/artifactory/(.*)$ ) { diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/test-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/test-values.yaml index 954686cb2..894358ff6 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/test-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/test-values.yaml @@ -53,6 +53,9 @@ ingress: nginx: enabled: false +jfconnect: + enabled: false + autoscaling: enabled: false minReplicas: 1 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml index 6a700cab2..f83904e27 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml @@ -29,6 +29,10 @@ spec: {{- end }} protocol: TCP name: http-router + - port: {{ .Values.federation.internalPort }} + targetPort: {{ .Values.federation.internalPort }} + protocol: TCP + name: http-rtfs - port: {{ .Values.artifactory.externalArtifactoryPort }} targetPort: {{ .Values.artifactory.internalArtifactoryPort }} protocol: TCP diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml index e238c15a8..3281dae42 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml @@ -804,6 +804,48 @@ spec: {{- if .Values.integration.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.integration.livenessProbe.config . | indent 10 }} + {{- end }} + {{- end }} + {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + - name: {{ .Values.federation.name }} + image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + exec /opt/jfrog/artifactory/app/third-party/java/bin/java {{ .Values.federation.extraJavaOpts }} -jar /opt/jfrog/artifactory/app/rtfs/lib/jf-rtfs + {{- with .Values.federation.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SHARED_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # TODO - Password,Url,Username - should be derived from env variable +{{- with .Values.federation.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs + volumeMounts: + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + resources: +{{ toYaml .Values.federation.resources | indent 10 }} + {{- if .Values.federation.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.federation.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.federation.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.federation.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} @@ -922,10 +964,10 @@ spec: value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" + - name: JF_FEDERATION_ENABLED + value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - name : JF_INTEGRATION_ENABLED @@ -994,6 +1036,8 @@ spec: name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs {{- if .Values.artifactory.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} name: tcp-jmx diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml index a19c05047..eecddfd99 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml @@ -63,6 +63,15 @@ spec: name: {{ $serviceName }} port: number: {{ $artifactoryServicePort }} + {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} + - path: {{ $.Values.ingress.rtfsPath }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $serviceName }} + port: + number: {{ $.Values.federation.internalPort }} + {{- end }} {{- end }} {{- else }} {{- range $host := .Values.ingress.hosts }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml index 476fa99ad..03fcb8f6e 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml @@ -108,6 +108,7 @@ ingress: hosts: [] routerPath: / artifactoryPath: /artifactory/ + rtfsPath: /rtfs/ className: "" annotations: {} # kubernetes.io/ingress.class: nginx @@ -186,7 +187,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.71.0 + tag: 7.77.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -269,7 +270,7 @@ artifactory: ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. circleOfTrustCertificatesSecret: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory secrets - unifiedSecretInstallation: false + unifiedSecretInstallation: true # For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above. replicaCount: 1 # minAvailable: 1 @@ -319,7 +320,7 @@ artifactory: connector: maxThreads: 200 sendReasonPhrase: false - extraConfig: 'acceptCount="100"' + extraConfig: 'acceptCount="400"' # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. # To enable set `.Values.artifactory.openMetrics.enabled` to `true` # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics @@ -733,6 +734,22 @@ artifactory: jfconnect_service: enabled: false {{- end }} + {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + federation: + enabled: true + extraJavaOpts: {{ .Values.federation.extraJavaOpts }} + port: {{ .Values.federation.internalPort }} + rtfs: + database: + driver: org.postgresql.Driver + type: postgresql + username: {{ .Values.federation.database.username }} + password: {{ .Values.federation.database.password }} + url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }} + {{- else }} + federation: + enabled: false + {{- end }} {{- if .Values.event.webhooks }} event: webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }} @@ -1326,6 +1343,66 @@ integration: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} +federation: + name: federation + enabled: false + internalPort: 8085 + extraJavaOpts: "" + # This section should be removed once rtfs service is GA + database: + port: 5432 + host: postgresql + name: rtfs + username: rtfs + password: "" + ## Extra environment variables that can be used to tune federation to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: MY_ENV_VAR + # value: "" + resources: {} + # requests: + # memory: "100Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "1" + + # Add lifecycle hooks for federation container + lifecycle: {} + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] + # preStop: + # exec: + # command: ["/bin/sh","-c","echo Hello from the preStop handler"] + + ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true + livenessProbe: + enabled: true + config: | + exec: + command: + - sh + - -c + - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.federation.internalPort }}/rtfs/sync/ping + initialDelaySeconds: {{ if semverCompare "= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 6.0.6 +appVersion: 6.0.7 dependencies: - name: grafana repository: file://./charts/grafana - version: 6.32.9 + version: 6.59.0 - name: prometheus repository: file://./charts/prometheus version: 23.3.0 @@ -19,4 +19,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 6.0.601 +version: 6.0.701 diff --git a/charts/kasten/k10/README.md b/charts/kasten/k10/README.md index d4b4fb282..a0ff8ed0a 100644 --- a/charts/kasten/k10/README.md +++ b/charts/kasten/k10/README.md @@ -137,7 +137,7 @@ Parameter | Description | Default `auth.oidcAuth.groupClaim` | Name of a custom OpenID Connect claim for specifying user groups | `None` `auth.oidcAuth.groupPrefix` | All groups will be prefixed with this value to prevent conflicts | `None` `auth.oidcAuth.sessionDuration` | Maximum OIDC session duration | `1h` -`auth.oidcAuth.refreshTokenSupport` | Enable OIDC Refresh Token support | `true` +`auth.oidcAuth.refreshTokenSupport` | Enable OIDC Refresh Token support | `false` `auth.openshift.enabled` | Enables access to the K10 dashboard by authenticating with the OpenShift OAuth server | `false` `auth.openshift.serviceAccount` | Name of the service account that represents an OAuth client | `None` `auth.openshift.clientSecret` | The token corresponding to the service account | `None` @@ -221,6 +221,7 @@ Parameter | Description | Default `route.tls.insecureEdgeTerminationPolicy` | Specifies behavior for insecure scheme traffic | `Redirect` `route.tls.termination` | Specifies the TLS termination of the route | `edge` `apigateway.serviceResolver` | Specifies the resolver used for service discovery in the API gateway (`dns` or `endpoint`) | `dns` +`limiter.concurrentSnapConversions` | Limit of concurrent snapshots to convert during export | `3` `limiter.genericVolumeSnapshots` | Limit of concurrent generic volume snapshot create operations | `10` `limiter.genericVolumeCopies` | Limit of concurrent generic volume snapshot copy operations | `10` `limiter.genericVolumeRestores` | Limit of concurrent generic volume snapshot restore operations | `10` @@ -287,4 +288,4 @@ is located, then the project's ID of the cluster must be also provided during th ```bash sa_key=$(base64 -w0 sa-key.json) helm install k10 kasten/k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key --set secrets.googleProjectId= -``` \ No newline at end of file +``` diff --git a/charts/kasten/k10/charts/grafana/Chart.yaml b/charts/kasten/k10/charts/grafana/Chart.yaml index e28452703..e8b9310d2 100644 --- a/charts/kasten/k10/charts/grafana/Chart.yaml +++ b/charts/kasten/k10/charts/grafana/Chart.yaml @@ -1,8 +1,18 @@ +annotations: + artifacthub.io/license: AGPL-3.0-only + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/grafana/helm-charts + - name: Upstream Project + url: https://github.com/grafana/grafana apiVersion: v2 -appVersion: 9.0.4 +appVersion: 10.1.0 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +keywords: +- monitoring +- metric kubeVersion: ^1.8.0-0 maintainers: - email: zanhsieh@gmail.com @@ -18,5 +28,6 @@ maintainers: name: grafana sources: - https://github.com/grafana/grafana +- https://github.com/grafana/helm-charts type: application -version: 6.32.9 +version: 6.59.0 diff --git a/charts/kasten/k10/charts/grafana/README.md b/charts/kasten/k10/charts/grafana/README.md index a0cb36dd5..bb630b007 100644 --- a/charts/kasten/k10/charts/grafana/README.md +++ b/charts/kasten/k10/charts/grafana/README.md @@ -53,6 +53,7 @@ This version requires Helm >= 3.1.0. | `replicas` | Number of nodes | `1` | | `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | | `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `podDisruptionBudget.apiVersion` | Pod disruption apiVersion | `nil` | | `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | | `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | | `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| @@ -67,6 +68,7 @@ This version requires Helm >= 3.1.0. | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `80` | | `service.portName` | Name of the port on the service | `service` | +| `service.appProtocol` | Adds the appProtocol field to the service | `` | | `service.targetPort` | Internal service is port | `3000` | | `service.nodePort` | Kubernetes service nodePort | `nil` | | `service.annotations` | Service annotations (can be templated) | `{}` | @@ -86,6 +88,7 @@ This version requires Helm >= 3.1.0. | `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | | `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | | `ingress.tls` | Ingress TLS configuration | `[]` | +| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` | | `resources` | CPU/Memory resource requests/limits | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | @@ -95,14 +98,15 @@ This version requires Helm >= 3.1.0. | `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | | `extraLabels` | Custom labels for all manifests | `{}` | | `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `global.persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.enabled` | Use persistent volume to store data | `false` | | `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | -| `global.persistence.size` | Size of persistent volume claim | `20Gi` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | | `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` | -| `global.persistence.storageClass` | Type of persistent volume claim | `nil` | -| `global.persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | | `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | | `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.extraPvcLabels` | Extra labels to apply to a PVC. | `{}` | | `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` | | `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | | `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | @@ -118,7 +122,7 @@ This version requires Helm >= 3.1.0. | `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | | `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | | `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret. (passed through [tpl](https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function)) | `{}` | | `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | @@ -127,11 +131,13 @@ This version requires Helm >= 3.1.0. | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | | `plugins` | Plugins to be loaded along with Grafana | `[]` | | `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `alerting` | Configure grafana alerting (passed through tpl) | `{}` | | `notifiers` | Configure grafana notifiers | `{}` | | `dashboardProviders` | Configure grafana dashboard providers | `{}` | | `dashboards` | Dashboards to import | `{}` | | `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | | `grafana.ini` | Grafana's primary configuration | `{}` | +| `global.imagePullSecrets` | Global image pull secrets (can be templated). Allows either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). | `[]` | | `ldap.enabled` | Enable LDAP authentication | `false` | | `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | | `ldap.config` | Grafana's LDAP configuration | `""` | @@ -142,12 +148,22 @@ This version requires Helm >= 3.1.0. | `podPortName` | Name of the grafana port on the pod | `grafana` | | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.19.2` | +| `sidecar.image.tag` | Sidecar image tag | `1.24.6` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | | `sidecar.securityContext` | Sidecar securityContext | `{}` | | `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` | +| `sidecar.alerts.enabled` | Enables the cluster wide search for alerts and adds/updates/deletes them in grafana |`false` | +| `sidecar.alerts.label` | Label that config maps with alerts should have to be added | `grafana_alert` | +| `sidecar.alerts.labelValue` | Label value that config maps with alerts should have to be added | `""` | +| `sidecar.alerts.searchNamespace` | Namespaces list. If specified, the sidecar will search for alerts config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.alerts.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | +| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | +| `sidecar.alerts.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | +| `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | | `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | | `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | @@ -164,21 +180,30 @@ This version requires Helm >= 3.1.0. | `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | | `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | | `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | -| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | | `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` | +| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` | +| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_USERNAME, REQ_PASSWORD, REQ_URL and REQ_METHOD environment variables | `false` | | `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | | `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | | `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` | -| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.datasources.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | | `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | | `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | +| `sidecar.datasources.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any datasources defined at startup time. | `false` | | `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | | `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | -| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.notifiers.labelValue` | Label value that config maps with notifiers should have to be added | `""` | +| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.notifiers.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | | `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.notifiers.reloadURL` | Full url of notifier configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` | +| `sidecar.notifiers.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | +| `sidecar.notifiers.initNotifiers` | Set to true to deploy the notifier sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any notifiers defined at startup time. | `false` | | `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | | `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | | `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | @@ -188,16 +213,18 @@ This version requires Helm >= 3.1.0. | `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | | `serviceAccount.annotations` | ServiceAccount annotations | | | `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.labels` | ServiceAccount labels | `{}` | | `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | | `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | | `rbac.create` | Create and use RBAC resources | `true` | | `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | | `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | -| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | -| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` | | `rbac.extraRoleRules` | Additional rules to add to the Role | [] | | `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | -| `command` | Define command to be executed by grafana container at startup | `nil` | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `args` | Define additional args if command is used | `nil` | | `testFramework.enabled` | Whether to create test-related resources | `true` | | `testFramework.image` | `test-framework` image repository. | `bats/bats` | | `testFramework.tag` | `test-framework` image tag. | `v1.4.1` | @@ -219,7 +246,8 @@ This version requires Helm >= 3.1.0. | `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | | `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | | `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | | `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | | `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | | `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | @@ -227,20 +255,22 @@ This version requires Helm >= 3.1.0. | `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | | `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | | `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | | `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | | `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | | `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | | `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | | `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | | `imageRenderer.service.portName` | image-renderer service port name | `http` | -| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | -| `imageRenderer.grafanaProtocol` | Protocol to use for image renderer callback url | `http` | +| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` | +| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` | +| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` | | `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | | `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | | `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | -| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | -| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | -| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pods | `{}` | | `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | | `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` | | `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` | @@ -252,11 +282,10 @@ This version requires Helm >= 3.1.0. | `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` | | `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` | - - ### Example ingress with path With grafana 6.3 and above + ```yaml grafana.ini: server: @@ -273,7 +302,7 @@ ingress: ### Example of extraVolumeMounts Volume can be type persistentVolumeClaim or hostPath but not both at same time. -If none existingClaim or hostPath argument is givent then type is emptyDir. +If neither existingClaim or hostPath argument is given then type is emptyDir. ```yaml - extraVolumeMounts: @@ -316,6 +345,14 @@ dashboards: gnetId: 2 revision: 2 datasource: Prometheus + loki-dashboard-quick-search: + gnetId: 12019 + revision: 2 + datasource: + - name: DS_PROMETHEUS + value: Prometheus + - name: DS_LOKI + value: Loki local-dashboard: url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json ``` @@ -365,9 +402,41 @@ filters out the ones with a label as defined in `sidecar.datasources.label`. The those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be imported. +Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://..svc.cluster.local/api/admin/provisioning/datasources/reload`. + Secrets are recommended over configmaps for this usecase because datasources usually contain private data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. +Example values to add a postgres datasource as a kubernetes secret: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: grafana-datasources + labels: + grafana_datasource: 'true' # default value for: sidecar.datasources.label +stringData: + pg-db.yaml: |- + apiVersion: 1 + datasources: + - name: My pg db datasource + type: postgres + url: my-postgresql-db:5432 + user: db-readonly-user + secureJsonData: + password: 'SUperSEcretPa$$word' + jsonData: + database: my_datase + sslmode: 'disable' # disable/require/verify-ca/verify-full + maxOpenConns: 0 # Grafana v5.4+ + maxIdleConns: 2 # Grafana v5.4+ + connMaxLifetime: 14400 # Grafana v5.4+ + postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10 + timescaledb: false + # allow users to edit datasources from the UI. + editable: false +``` + Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): ```yaml @@ -459,6 +528,51 @@ delete_notifiers: # default org_id: 1 ``` +## Provision alert rules, contact points, notification policies and notification templates + +There are two methods to provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +alerting: + team1-alert-rules.yaml: + file: alerting/team1/rules.yaml + team2-alert-rules.yaml: + file: alerting/team2/rules.yaml + team3-alert-rules.yaml: + file: alerting/team3/rules.yaml + notification-policies.yaml: + file: alerting/shared/notification-policies.yaml + notification-templates.yaml: + file: alerting/shared/notification-templates.yaml + contactpoints.yaml: + apiVersion: 1 + contactPoints: + - orgId: 1 + name: Slack channel + receivers: + - uid: default-receiver + type: slack + settings: + # Webhook URL to be filled in + url: "" + # We need to escape double curly braces for the tpl function. + text: '{{ `{{ template "default.message" . }}` }}' + title: '{{ `{{ template "default.title" . }}` }}' +``` + +There are two possibilities: + +* Inlining the file contents as described in the example `values.yaml` and the official [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/). +* Importing a file using a relative path starting from the chart root directory. + +### Important notes on file provisioning + +* The chart supports importing YAML and JSON files. +* The filename must be unique, otherwise one volume mount will overwrite the other. +* In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped. +* The number of total files under `alerting:` is not limited. Each file will end up as a volume mount in the corresponding provisioning folder of the deployed Grafana instance. +* The file size for each import is limited by what the function `.Files.Get` can handle, which suffices for most cases. + ## How to serve Grafana with a path prefix (/grafana) In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. @@ -482,7 +596,7 @@ grafana.ini: ## How to securely reference secrets in grafana.ini -This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. +This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. In grafana.ini: @@ -566,6 +680,9 @@ grafana.ini: unified_alerting: enabled: true ha_peers: {{ Name }}-headless:9094 + ha_listen_address: ${POD_IP}:9094 + ha_advertise_address: ${POD_IP}:9094 + alerting: enabled: false ``` diff --git a/charts/kasten/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml b/charts/kasten/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml index f2d55a83c..5cc44a056 100644 --- a/charts/kasten/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml +++ b/charts/kasten/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml @@ -1,6 +1,6 @@ extraConfigmapMounts: - - name: '{{ template "grafana.fullname" . }}' - configMap: '{{ template "grafana.fullname" . }}' + - name: '{{ include "grafana.fullname" . }}' + configMap: '{{ include "grafana.fullname" . }}' mountPath: /var/lib/grafana/dashboards/test-dashboard.json # This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap subPath: grafana.ini diff --git a/charts/kasten/k10/charts/grafana/dashboards/custom-dashboard.json b/charts/kasten/k10/charts/grafana/dashboards/custom-dashboard.json index 0967ef424..e69de29bb 100644 --- a/charts/kasten/k10/charts/grafana/dashboards/custom-dashboard.json +++ b/charts/kasten/k10/charts/grafana/dashboards/custom-dashboard.json @@ -1 +0,0 @@ -{} diff --git a/charts/kasten/k10/charts/grafana/templates/NOTES.txt b/charts/kasten/k10/charts/grafana/templates/NOTES.txt index aedb8b616..d86419fe2 100644 --- a/charts/kasten/k10/charts/grafana/templates/NOTES.txt +++ b/charts/kasten/k10/charts/grafana/templates/NOTES.txt @@ -1,10 +1,11 @@ 1. Get your '{{ .Values.adminUser }}' user password by running: - kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + kubectl get secret --namespace {{ include "grafana.namespace" . }} {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} -o jsonpath="{.data.{{ .Values.admin.passwordKey | default "admin-password" }}}" | base64 --decode ; echo + 2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local + {{ include "grafana.fullname" . }}.{{ include "grafana.namespace" . }}.svc.cluster.local {{ if .Values.ingress.enabled }} If you bind grafana to 80, please update values in values.yaml and reinstall: ``` @@ -24,29 +25,29 @@ Or grafana would always crash. From outside the cluster, the server URL(s) are: -{{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} http://{{ . }} -{{- end }} -{{ else }} + {{- end }} +{{- else }} Get the Grafana URL to visit by running these commands in the same shell: -{{ if contains "NodePort" .Values.service.type -}} - export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + {{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{ else if contains "LoadBalancer" .Values.service.type -}} + {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc --namespace {{ include "grafana.namespace" . }} -w {{ include "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "grafana.namespace" . }} {{ include "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') http://$SERVICE_IP:{{ .Values.service.port -}} -{{ else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 -{{- end }} + {{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "grafana.namespace" . }} -l "app.kubernetes.io/name={{ include "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ include "grafana.namespace" . }} port-forward $POD_NAME 3000 + {{- end }} {{- end }} 3. Login with the password from step 1 and the username: {{ .Values.adminUser }} -{{- if not .Values.global.persistence.enabled }} +{{- if not .Values.persistence.enabled }} ################################################################################# ###### WARNING: Persistence is disabled!!! You will lose your data when ##### ###### the Grafana pod is terminated. ##### diff --git a/charts/kasten/k10/charts/grafana/templates/_helpers.tpl b/charts/kasten/k10/charts/grafana/templates/_helpers.tpl index 4f68e7c4c..dbd64d7cf 100644 --- a/charts/kasten/k10/charts/grafana/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/grafana/templates/_helpers.tpl @@ -3,8 +3,8 @@ Expand the name of the chart. */}} {{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. @@ -12,54 +12,54 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create the name of the service account */}} {{- define "grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} {{- define "grafana.serviceAccountNameTest" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} -{{- else -}} - {{ default "default" .Values.serviceAccount.nameTest }} -{{- end -}} -{{- end -}} +{{- if .Values.serviceAccount.create }} +{{- default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else }} +{{- default "default" .Values.serviceAccount.nameTest }} +{{- end }} +{{- end }} {{/* Allow the release namespace to be overridden for multi-namespace deployments in combined charts */}} {{- define "grafana.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} +{{- if .Values.namespaceOverride }} +{{- .Values.namespaceOverride }} +{{- else }} +{{- .Release.Namespace }} +{{- end }} +{{- end }} {{/* Common labels @@ -68,15 +68,15 @@ Common labels helm.sh/chart: {{ include "grafana.chart" . }} {{ include "grafana.selectorLabels" . }} {{- if or .Chart.AppVersion .Values.image.tag }} -app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.extraLabels }} -{{ toYaml .Values.extraLabels }} +{{- with .Values.extraLabels }} +{{ toYaml . }} {{- end }} app.kubernetes.io/name: {{ include "grafana.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} +{{- end }} {{/* Selector labels @@ -99,7 +99,7 @@ K10 NOTE: {{- define "grafana.selectorLabels" -}} app: {{ include "grafana.name" . }} release: {{ .Release.Name }} -{{- end -}} +{{- end }} {{/* Common labels @@ -108,10 +108,10 @@ Common labels helm.sh/chart: {{ include "grafana.chart" . }} {{ include "grafana.imageRenderer.selectorLabels" . }} {{- if or .Chart.AppVersion .Values.image.tag }} -app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} +{{- end }} {{/* Selector labels ImageRenderer @@ -119,87 +119,105 @@ Selector labels ImageRenderer {{- define "grafana.imageRenderer.selectorLabels" -}} app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} +{{- end }} {{/* Looks if there's an existing secret and reuse its password. If not it generates new password and use it. */}} {{- define "grafana.password" -}} -{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} - {{- if $secret -}} - {{- index $secret "data" "admin-password" -}} - {{- else -}} - {{- (randAlphaNum 40) | b64enc | quote -}} - {{- end -}} -{{- end -}} +{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) }} +{{- if $secret }} +{{- index $secret "data" "admin-password" }} +{{- else }} +{{- (randAlphaNum 40) | b64enc | quote }} +{{- end }} +{{- end }} {{/* Return the appropriate apiVersion for rbac. */}} {{- define "grafana.rbac.apiVersion" -}} - {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} - {{- print "rbac.authorization.k8s.io/v1" -}} - {{- else -}} - {{- print "rbac.authorization.k8s.io/v1beta1" -}} - {{- end -}} -{{- end -}} +{{- if $.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" }} +{{- else }} +{{- print "rbac.authorization.k8s.io/v1beta1" }} +{{- end }} +{{- end }} {{/* Return the appropriate apiVersion for ingress. */}} {{- define "grafana.ingress.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}} - {{- print "networking.k8s.io/v1" -}} - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} - {{- print "networking.k8s.io/v1beta1" -}} - {{- else -}} - {{- print "extensions/v1beta1" -}} - {{- end -}} -{{- end -}} +{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }} +{{- print "networking.k8s.io/v1" }} +{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +{{- print "networking.k8s.io/v1beta1" }} +{{- else }} +{{- print "extensions/v1beta1" }} +{{- end }} +{{- end }} {{/* -Return the appropriate apiVersion for podSecurityPolicy. +Return the appropriate apiVersion for Horizontal Pod Autoscaler. */}} -{{- define "grafana.podSecurityPolicy.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1") (semverCompare ">= 1.16-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1beta1" -}} - {{- else -}} - {{- print "extensions/v1beta1" -}} - {{- end -}} -{{- end -}} +{{- define "grafana.hpa.apiVersion" -}} +{{- if $.Capabilities.APIVersions.Has "autoscaling/v2/HorizontalPodAutoscaler" }} +{{- print "autoscaling/v2" }} +{{- else if $.Capabilities.APIVersions.Has "autoscaling/v2beta2/HorizontalPodAutoscaler" }} +{{- print "autoscaling/v2beta2" }} +{{- else }} +{{- print "autoscaling/v2beta1" }} +{{- end }} +{{- end }} {{/* Return the appropriate apiVersion for podDisruptionBudget. */}} {{- define "grafana.podDisruptionBudget.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} -{{- end -}} +{{- if $.Values.podDisruptionBudget.apiVersion }} +{{- print $.Values.podDisruptionBudget.apiVersion }} +{{- else if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} +{{- print "policy/v1" }} +{{- else }} +{{- print "policy/v1beta1" }} +{{- end }} +{{- end }} {{/* Return if ingress is stable. */}} {{- define "grafana.ingress.isStable" -}} - {{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" -}} -{{- end -}} +{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" }} +{{- end }} {{/* Return if ingress supports ingressClassName. */}} {{- define "grafana.ingress.supportsIngressClassName" -}} - {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} -{{- end -}} +{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} +{{- end }} {{/* Return if ingress supports pathType. */}} {{- define "grafana.ingress.supportsPathType" -}} - {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} -{{- end -}} +{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }} +{{- end }} + +{{/* +Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific imagePullSecrets}) +*/}} +{{- define "grafana.imagePullSecrets" -}} +{{- $root := .root }} +{{- range (concat .root.Values.global.imagePullSecrets .imagePullSecrets) }} +{{- if eq (typeOf .) "map[string]interface {}" }} +- {{ toYaml (dict "name" (tpl .name $root)) | trim }} +{{- else }} +- name: {{ tpl . $root }} +{{- end }} +{{- end }} +{{- end }} {{- define "get.grafanaImage" }} {{- (get .Values.global.images (include "grafana.ImageName" .)) | default (include "grafana.Image" .) }} diff --git a/charts/kasten/k10/charts/grafana/templates/_pod.tpl b/charts/kasten/k10/charts/grafana/templates/_pod.tpl index 1fb641afe..2e7471fd9 100644 --- a/charts/kasten/k10/charts/grafana/templates/_pod.tpl +++ b/charts/kasten/k10/charts/grafana/templates/_pod.tpl @@ -1,80 +1,95 @@ - {{- define "grafana.pod" -}} -{{- if .Values.schedulerName }} -schedulerName: "{{ .Values.schedulerName }}" +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} +{{- $root := . -}} +{{- with .Values.schedulerName }} +schedulerName: "{{ . }}" {{- end }} -serviceAccountName: {{ template "grafana.serviceAccountName" . }} +serviceAccountName: {{ include "grafana.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} -{{- if .Values.securityContext }} +{{- with .Values.securityContext }} securityContext: -{{ toYaml .Values.securityContext | indent 2 }} + {{- toYaml . | nindent 2 }} {{- end }} -{{- if .Values.hostAliases }} +{{- with .Values.hostAliases }} hostAliases: -{{ toYaml .Values.hostAliases | indent 2 }} + {{- toYaml . | nindent 2 }} {{- end }} -{{- if .Values.priorityClassName }} -priorityClassName: {{ .Values.priorityClassName }} +{{- with .Values.priorityClassName }} +priorityClassName: {{ . }} {{- end }} -{{- if ( or .Values.global.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources)) }} +{{- if ( or .Values.global.persistence.enabled .Values.dashboards .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources) (and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers)) }} initContainers: {{- end }} {{- if ( and .Values.global.persistence.enabled .Values.initChownData.enabled ) }} - name: init-chown-data image: "{{ include "get.initImage" . }}" imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + {{- with .Values.initChownData.securityContext }} securityContext: - runAsNonRoot: false - runAsUser: 0 - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + {{- toYaml . | nindent 6 }} + {{- end }} + command: + - chown + - -R + - {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} + - /var/lib/grafana + {{- with .Values.initChownData.resources }} resources: -{{ toYaml .Values.initChownData.resources | indent 6 }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: storage mountPath: "/var/lib/grafana" -{{- if .Values.persistence.subPath }} - subPath: {{ tpl .Values.persistence.subPath . }} -{{- end }} + {{- with .Values.persistence.subPath }} + subPath: {{ tpl . $root }} + {{- end }} {{- end }} {{- if .Values.dashboards }} - name: download-dashboards - {{- if .Values.downloadDashboardsImage.sha }} - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" - {{- else }} image: "{{ include "get.initImage" . }}" - {{- end }} imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} command: ["/bin/sh"] args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ] + {{- with .Values.downloadDashboards.resources }} resources: -{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + {{- toYaml . | nindent 6 }} + {{- end }} env: -{{- range $key, $value := .Values.downloadDashboards.env }} + {{- range $key, $value := .Values.downloadDashboards.env }} - name: "{{ $key }}" value: "{{ $value }}" -{{- end }} -{{- if .Values.downloadDashboards.envFromSecret }} + {{- end }} + {{- range $key, $value := .Values.downloadDashboards.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} + {{- with .Values.downloadDashboards.securityContext }} + securityContext: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.downloadDashboards.envFromSecret }} envFrom: - secretRef: - name: {{ tpl .Values.downloadDashboards.envFromSecret . }} -{{- end }} + name: {{ tpl . $root }} + {{- end }} volumeMounts: - name: config mountPath: "/etc/grafana/download_dashboards.sh" subPath: download_dashboards.sh - name: storage mountPath: "/var/lib/grafana" -{{- if .Values.persistence.subPath }} - subPath: {{ tpl .Values.persistence.subPath . }} -{{- end }} - {{- range .Values.extraSecretMounts }} + {{- with .Values.persistence.subPath }} + subPath: {{ tpl . $root }} + {{- end }} + {{- range .Values.extraSecretMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} - {{- end }} + {{- end }} {{- end }} {{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - - name: {{ template "grafana.name" . }}-init-sc-datasources + - name: {{ include "grafana.name" . }}-init-sc-datasources {{- if .Values.sidecar.image.sha }} image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} @@ -82,42 +97,56 @@ initContainers: {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: + {{- range $key, $value := .Values.sidecar.datasources.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} - name: METHOD value: "LIST" - name: LABEL value: "{{ .Values.sidecar.datasources.label }}" - {{- if .Values.sidecar.datasources.labelValue }} + {{- with .Values.sidecar.datasources.labelValue }} - name: LABEL_VALUE - value: {{ quote .Values.sidecar.datasources.labelValue }} + value: {{ quote . }} + {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} {{- end }} - name: FOLDER value: "/etc/grafana/provisioning/datasources" - name: RESOURCE value: {{ quote .Values.sidecar.datasources.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} + {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" + value: "{{ . }}" {{- end }} {{- if .Values.sidecar.datasources.searchNamespace }} - name: NAMESPACE - value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}" + value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}" {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} + {{- with .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" + value: "{{ . }}" {{- end }} + {{- with .Values.sidecar.resources }} resources: -{{ toYaml .Values.sidecar.resources | indent 6 }} -{{- if .Values.sidecar.securityContext }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} securityContext: -{{- toYaml .Values.sidecar.securityContext | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" {{- end }} -{{- if .Values.sidecar.notifiers.enabled }} - - name: {{ template "grafana.name" . }}-sc-notifiers +{{- if and .Values.sidecar.notifiers.enabled .Values.sidecar.notifiers.initNotifiers }} + - name: {{ include "grafana.name" . }}-init-sc-notifiers {{- if .Values.sidecar.image.sha }} image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} @@ -125,63 +154,80 @@ initContainers: {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: + {{- range $key, $value := .Values.sidecar.notifiers.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} - name: METHOD value: LIST - name: LABEL value: "{{ .Values.sidecar.notifiers.label }}" + {{- with .Values.sidecar.notifiers.labelValue }} + - name: LABEL_VALUE + value: {{ quote . }} + {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} + {{- end }} - name: FOLDER value: "/etc/grafana/provisioning/notifiers" - name: RESOURCE value: {{ quote .Values.sidecar.notifiers.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} + {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" + value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.notifiers.searchNamespace }} + {{- with .Values.sidecar.notifiers.searchNamespace }} - name: NAMESPACE - value: "{{ .Values.sidecar.notifiers.searchNamespace | join "," }}" + value: "{{ tpl (. | join ",") $root }}" {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} + {{- with .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" + value: "{{ . }}" {{- end }} -{{- if .Values.sidecar.livenessProbe }} + {{- with .Values.sidecar.livenessProbe }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 6 }} -{{- end }} -{{- if .Values.sidecar.readinessProbe }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} resources: -{{ toYaml .Values.sidecar.resources | indent 6 }} -{{- if .Values.sidecar.securityContext }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} securityContext: -{{- toYaml .Values.sidecar.securityContext | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" {{- end}} -{{- if .Values.extraInitContainers }} -{{ tpl (toYaml .Values.extraInitContainers) . | indent 2 }} +{{- with .Values.extraInitContainers }} + {{- tpl (toYaml .) $root | nindent 2 }} {{- end }} {{- if (or .Values.global.imagePullSecret .Values.image.pullSecrets) }} imagePullSecrets: -{{- if .Values.global.imagePullSecret }} + {{- if .Values.global.imagePullSecret }} - name: {{ .Values.global.imagePullSecret }} -{{- end }} -{{- $root := . }} -{{- range .Values.image.pullSecrets }} + {{- end }} + {{- range .Values.image.pullSecrets }} - name: {{ tpl . $root }} -{{- end}} + {{- end}} {{- end }} {{- if not .Values.enableKubeBackwardCompatibility }} enableServiceLinks: {{ .Values.enableServiceLinks }} {{- end }} containers: -{{- if .Values.sidecar.dashboards.enabled }} - - name: {{ template "grafana.name" . }}-sc-dashboard +{{- if .Values.sidecar.alerts.enabled }} + - name: {{ include "grafana.name" . }}-sc-alerts {{- if .Values.sidecar.image.sha }} image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} @@ -189,73 +235,215 @@ containers: {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: + {{- range $key, $value := .Values.sidecar.alerts.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.alerts.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} + - name: METHOD + value: {{ .Values.sidecar.alerts.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.alerts.label }}" + {{- with .Values.sidecar.alerts.labelValue }} + - name: LABEL_VALUE + value: {{ quote . }} + {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.alerts.logLevel }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/alerting" + - name: RESOURCE + value: {{ quote .Values.sidecar.alerts.resource }} + {{- with .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ . }}" + {{- end }} + {{- with .Values.sidecar.alerts.searchNamespace }} + - name: NAMESPACE + value: {{ . | join "," | quote }} + {{- end }} + {{- with .Values.sidecar.alerts.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: {{ quote . }} + {{- end }} + {{- with .Values.sidecar.alerts.script }} + - name: SCRIPT + value: {{ quote . }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.alerts.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.alerts.reloadURL }} + - name: REQ_METHOD + value: POST + {{- end }} + {{- if .Values.sidecar.alerts.watchServerTimeout }} + {{- if ne .Values.sidecar.alerts.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.alerts.watchServerTimeout with .Values.sidecar.alerts.watchMethod %s" .Values.sidecar.alerts.watchMethod) }} + {{- end }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.alerts.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.alerts.watchClientTimeout }} + {{- if ne .Values.sidecar.alerts.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.alerts.watchClientTimeout with .Values.sidecar.alerts.watchMethod %s" .Values.sidecar.alerts.watchMethod) }} + {{- end }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.alerts.watchClientTimeout }}" + {{- end }} + {{- with .Values.sidecar.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} + securityContext: + {{- toYaml . | nindent 6 }} + {{- end }} + volumeMounts: + - name: sc-alerts-volume + mountPath: "/etc/grafana/provisioning/alerting" + {{- with .Values.sidecar.alerts.extraMounts }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} +{{- end}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ include "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + {{- range $key, $value := .Values.sidecar.dashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} - name: METHOD value: {{ .Values.sidecar.dashboards.watchMethod }} - name: LABEL value: "{{ .Values.sidecar.dashboards.label }}" - {{- if .Values.sidecar.dashboards.labelValue }} + {{- with .Values.sidecar.dashboards.labelValue }} - name: LABEL_VALUE - value: {{ quote .Values.sidecar.dashboards.labelValue }} + value: {{ quote . }} {{- end }} - {{- if .Values.sidecar.logLevel }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} - name: LOG_LEVEL - value: {{ quote .Values.sidecar.logLevel }} + value: {{ default .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} {{- end }} - name: FOLDER value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - name: RESOURCE value: {{ quote .Values.sidecar.dashboards.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} + {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" + value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.dashboards.searchNamespace }} + {{- with .Values.sidecar.dashboards.searchNamespace }} - name: NAMESPACE - value: "{{ .Values.sidecar.dashboards.searchNamespace | join "," }}" + value: "{{ tpl (. | join ",") $root }}" {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} + {{- with .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" + value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.dashboards.folderAnnotation }} + {{- with .Values.sidecar.dashboards.folderAnnotation }} - name: FOLDER_ANNOTATION - value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.dashboards.script }} + {{- with .Values.sidecar.dashboards.script }} - name: SCRIPT - value: "{{ .Values.sidecar.dashboards.script }}" + value: "{{ . }}" + {{- end }} + {{- if not .Values.sidecar.dashboards.skipReload }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + - name: REQ_URL + value: {{ .Values.sidecar.dashboards.reloadURL }} + - name: REQ_METHOD + value: POST {{- end }} {{- if .Values.sidecar.dashboards.watchServerTimeout }} + {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} + {{- end }} - name: WATCH_SERVER_TIMEOUT value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}" {{- end }} {{- if .Values.sidecar.dashboards.watchClientTimeout }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}" + {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchClientTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} {{- end }} -{{- if .Values.sidecar.livenessProbe }} + - name: WATCH_CLIENT_TIMEOUT + value: {{ .Values.sidecar.dashboards.watchClientTimeout | quote }} + {{- end }} + {{- with .Values.sidecar.livenessProbe }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 6 }} -{{- end }} -{{- if .Values.sidecar.readinessProbe }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} resources: -{{ toYaml .Values.sidecar.resources | indent 6 }} -{{- if .Values.sidecar.securityContext }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} securityContext: -{{- toYaml .Values.sidecar.securityContext | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: sc-dashboard-volume mountPath: {{ .Values.sidecar.dashboards.folder | quote }} - {{- if .Values.sidecar.dashboards.extraMounts }} - {{- toYaml .Values.sidecar.dashboards.extraMounts | trim | nindent 6}} + {{- with .Values.sidecar.dashboards.extraMounts }} + {{- toYaml . | trim | nindent 6 }} {{- end }} {{- end}} {{- if .Values.sidecar.datasources.enabled }} - - name: {{ template "grafana.name" . }}-sc-datasources + - name: {{ include "grafana.name" . }}-sc-datasources {{- if .Values.sidecar.image.sha }} image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} @@ -263,30 +451,46 @@ containers: {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: + {{- range $key, $value := .Values.sidecar.datasources.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} - name: METHOD value: {{ .Values.sidecar.datasources.watchMethod }} - name: LABEL value: "{{ .Values.sidecar.datasources.label }}" - {{- if .Values.sidecar.datasources.labelValue }} + {{- with .Values.sidecar.datasources.labelValue }} - name: LABEL_VALUE - value: {{ quote .Values.sidecar.datasources.labelValue }} + value: {{ quote . }} + {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} {{- end }} - name: FOLDER value: "/etc/grafana/provisioning/datasources" - name: RESOURCE value: {{ quote .Values.sidecar.datasources.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} + {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" + value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.datasources.searchNamespace }} + {{- with .Values.sidecar.datasources.searchNamespace }} - name: NAMESPACE - value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}" + value: "{{ tpl (. | join ",") $root }}" {{- end }} {{- if .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY value: "{{ .Values.sidecar.skipTlsVerify }}" {{- end }} + {{- if .Values.sidecar.datasources.script }} + - name: SCRIPT + value: "{{ .Values.sidecar.datasources.script }}" + {{- end }} {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME valueFrom: @@ -307,26 +511,42 @@ containers: - name: REQ_METHOD value: POST {{- end }} -{{- if .Values.sidecar.livenessProbe }} + {{- if .Values.sidecar.datasources.watchServerTimeout }} + {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.datasources.watchServerTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} + {{- end }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.datasources.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.datasources.watchClientTimeout }} + {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.datasources.watchClientTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} + {{- end }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.datasources.watchClientTimeout }}" + {{- end }} + {{- with .Values.sidecar.livenessProbe }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 6 }} -{{- end }} -{{- if .Values.sidecar.readinessProbe }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} resources: -{{ toYaml .Values.sidecar.resources | indent 6 }} -{{- if .Values.sidecar.securityContext }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} securityContext: -{{- toYaml .Values.sidecar.securityContext | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" {{- end}} -{{- if .Values.sidecar.plugins.enabled }} - - name: {{ template "grafana.name" . }}-sc-plugins +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ include "grafana.name" . }}-sc-notifiers {{- if .Values.sidecar.image.sha }} image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" {{- else }} @@ -334,6 +554,117 @@ containers: {{- end }} imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: + {{- range $key, $value := .Values.sidecar.notifiers.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} + - name: METHOD + value: {{ .Values.sidecar.notifiers.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + {{- with .Values.sidecar.notifiers.labelValue }} + - name: LABEL_VALUE + value: {{ quote . }} + {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: {{ quote .Values.sidecar.notifiers.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- with .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ tpl (. | join ",") $root }}" + {{- end }} + {{- with .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ . }}" + {{- end }} + {{- if .Values.sidecar.notifiers.script }} + - name: SCRIPT + value: "{{ .Values.sidecar.notifiers.script }}" + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.notifiers.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.notifiers.reloadURL }} + - name: REQ_METHOD + value: POST + {{- end }} + {{- if .Values.sidecar.notifiers.watchServerTimeout }} + {{- if ne .Values.sidecar.notifiers.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.notifiers.watchServerTimeout with .Values.sidecar.notifiers.watchMethod %s" .Values.sidecar.notifiers.watchMethod) }} + {{- end }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.notifiers.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.notifiers.watchClientTimeout }} + {{- if ne .Values.sidecar.notifiers.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.notifiers.watchClientTimeout with .Values.sidecar.notifiers.watchMethod %s" .Values.sidecar.notifiers.watchMethod) }} + {{- end }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.notifiers.watchClientTimeout }}" + {{- end }} + {{- with .Values.sidecar.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} + securityContext: + {{- toYaml . | nindent 6 }} + {{- end }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.sidecar.plugins.enabled }} + - name: {{ include "grafana.name" . }}-sc-plugins + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + {{- range $key, $value := .Values.sidecar.plugins.env }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + {{- if .Values.sidecar.plugins.ignoreAlreadyProcessed }} + - name: IGNORE_ALREADY_PROCESSED + value: "true" + {{- end }} - name: METHOD value: {{ .Values.sidecar.plugins.watchMethod }} - name: LABEL @@ -342,21 +673,29 @@ containers: - name: LABEL_VALUE value: {{ quote .Values.sidecar.plugins.labelValue }} {{- end }} + {{- if or .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} + - name: LOG_LEVEL + value: {{ default .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} + {{- end }} - name: FOLDER value: "/etc/grafana/provisioning/plugins" - name: RESOURCE value: {{ quote .Values.sidecar.plugins.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} + {{- with .Values.sidecar.enableUniqueFilenames }} - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" + value: "{{ . }}" {{- end }} - {{- if .Values.sidecar.plugins.searchNamespace }} + {{- with .Values.sidecar.plugins.searchNamespace }} - name: NAMESPACE - value: "{{ .Values.sidecar.plugins.searchNamespace | join "," }}" + value: "{{ tpl (. | join ",") $root }}" {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} + {{- with .Values.sidecar.plugins.script }} + - name: SCRIPT + value: "{{ . }}" + {{- end }} + {{- with .Values.sidecar.skipTlsVerify }} - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" + value: "{{ . }}" {{- end }} {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_USERNAME @@ -378,41 +717,59 @@ containers: - name: REQ_METHOD value: POST {{- end }} -{{- if .Values.sidecar.livenessProbe }} + {{- if .Values.sidecar.plugins.watchServerTimeout }} + {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.plugins.watchServerTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }} + {{- end }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.plugins.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.plugins.watchClientTimeout }} + {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }} + {{- fail (printf "Cannot use .Values.sidecar.plugins.watchClientTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }} + {{- end }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.plugins.watchClientTimeout }}" + {{- end }} + {{- with .Values.sidecar.livenessProbe }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 6 }} -{{- end }} -{{- if .Values.sidecar.readinessProbe }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.readinessProbe }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.resources }} resources: -{{ toYaml .Values.sidecar.resources | indent 6 }} -{{- if .Values.sidecar.securityContext }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sidecar.securityContext }} securityContext: -{{- toYaml .Values.sidecar.securityContext | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: sc-plugins-volume mountPath: "/etc/grafana/provisioning/plugins" {{- end}} - name: {{ .Chart.Name }} - {{- if .Values.image.sha }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}" - {{- else }} image: "{{ include "get.grafanaImage" . }}" - {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.command }} + {{- if .Values.command }} command: {{- range .Values.command }} - - {{ . }} + - {{ . | quote }} {{- end }} - {{- end}} -{{- if .Values.containerSecurityContext }} + {{- end }} + {{- if .Values.args }} + args: + {{- range .Values.args }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- with .Values.containerSecurityContext }} securityContext: -{{- toYaml .Values.containerSecurityContext | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} volumeMounts: - name: config mountPath: "/etc/grafana/grafana.ini" @@ -422,98 +779,115 @@ containers: mountPath: "/etc/grafana/ldap.toml" subPath: ldap.toml {{- end }} - {{- $root := . }} {{- range .Values.extraConfigmapMounts }} - name: {{ tpl .name $root }} mountPath: {{ tpl .mountPath $root }} - subPath: {{ (tpl .subPath $root) | default "" }} + subPath: {{ tpl (.subPath | default "") $root }} readOnly: {{ .readOnly }} {{- end }} - name: storage mountPath: "/var/lib/grafana" -{{- if .Values.persistence.subPath }} - subPath: {{ tpl .Values.persistence.subPath . }} -{{- end }} -{{- if .Values.dashboards }} -{{- range $provider, $dashboards := .Values.dashboards }} -{{- range $key, $value := $dashboards }} -{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + {{- with .Values.persistence.subPath }} + subPath: {{ tpl . $root }} + {{- end }} + {{- with .Values.dashboards }} + {{- range $provider, $dashboards := . }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "json") (hasKey $value "file")) }} - name: dashboards-{{ $provider }} mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" subPath: "{{ $key }}.json" -{{- end }} -{{- end }} -{{- end }} -{{- end -}} -{{- if .Values.dashboardsConfigMaps }} -{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.dashboardsConfigMaps }} + {{- range (keys . | sortAlpha) }} - name: dashboards-{{ . }} mountPath: "/var/lib/grafana/dashboards/{{ . }}" -{{- end }} -{{- end }} -{{/* Mounting default datasources in pod as yaml */}} + {{- end }} + {{- end }} + {{/* Mounting default datasources in pod as yaml */}} - name: config mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" subPath: "datasources.yaml" -{{- if .Values.notifiers }} -{{- range (keys .Values.notifiers | sortAlpha) }} + {{- with .Values.notifiers }} + {{- range (keys . | sortAlpha) }} - name: config mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" subPath: {{ . | quote }} -{{- end }} -{{- end }} -{{- if .Values.dashboardProviders }} -{{- range (keys .Values.dashboardProviders | sortAlpha) }} + {{- end }} + {{- end }} + {{- with .Values.alerting }} + {{- range (keys . | sortAlpha) }} + - name: config + mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" + subPath: {{ . | quote }} + {{- end }} + {{- end }} + {{- with .Values.dashboardProviders }} + {{- range (keys . | sortAlpha) }} - name: config mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}" subPath: {{ . | quote }} -{{- end }} -{{- end }} -{{- if .Values.sidecar.dashboards.enabled }} + {{- end }} + {{- end }} + {{- with .Values.sidecar.alerts.enabled }} + - name: sc-alerts-volume + mountPath: "/etc/grafana/provisioning/alerting" + {{- end}} + {{- if .Values.sidecar.dashboards.enabled }} - name: sc-dashboard-volume mountPath: {{ .Values.sidecar.dashboards.folder | quote }} -{{ if .Values.sidecar.dashboards.SCProvider }} + {{- if .Values.sidecar.dashboards.SCProvider }} - name: sc-dashboard-provider mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" subPath: provider.yaml -{{- end}} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} + {{- end}} + {{- end}} + {{- if .Values.sidecar.datasources.enabled }} - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} -{{- if .Values.sidecar.plugins.enabled }} + {{- end}} + {{- if .Values.sidecar.plugins.enabled }} - name: sc-plugins-volume mountPath: "/etc/grafana/provisioning/plugins" -{{- end}} -{{- if .Values.sidecar.notifiers.enabled }} + {{- end}} + {{- if .Values.sidecar.notifiers.enabled }} - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" -{{- end}} - {{- range .Values.extraSecretMounts }} + {{- end}} + {{- range .Values.extraSecretMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} subPath: {{ .subPath | default "" }} - {{- end }} - {{- range .Values.extraVolumeMounts }} + {{- end }} + {{- range .Values.extraVolumeMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} subPath: {{ .subPath | default "" }} readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.extraEmptyDirMounts }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} - {{- end }} + {{- end }} ports: - - name: {{ .Values.service.portName }} - containerPort: {{ .Values.service.port }} - protocol: TCP - name: {{ .Values.podPortName }} - containerPort: 3000 + containerPort: {{ .Values.service.targetPort }} protocol: TCP + - name: {{ .Values.gossipPortName }}-tcp + containerPort: 9094 + protocol: TCP + - name: {{ .Values.gossipPortName }}-udp + containerPort: 9094 + protocol: UDP env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_USER valueFrom: @@ -532,7 +906,7 @@ containers: - name: GF_INSTALL_PLUGINS valueFrom: configMapKeyRef: - name: {{ template "grafana.fullname" . }} + name: {{ include "grafana.fullname" . }} key: plugins {{- end }} {{- if .Values.smtp.existingSecret }} @@ -549,9 +923,9 @@ containers: {{- end }} {{- if .Values.imageRenderer.enabled }} - name: GF_RENDERING_SERVER_URL - value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + value: http://{{ include "grafana.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render - name: GF_RENDERING_CALLBACK_URL - value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ include "grafana.fullname" . }}.{{ include "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} {{- end }} - name: GF_PATHS_DATA value: {{ (get .Values "grafana.ini").paths.data }} @@ -561,88 +935,97 @@ containers: value: {{ (get .Values "grafana.ini").paths.plugins }} - name: GF_PATHS_PROVISIONING value: {{ (get .Values "grafana.ini").paths.provisioning }} - {{- range $key, $value := .Values.envValueFrom }} + {{- range $key, $value := .Values.envValueFrom }} - name: {{ $key | quote }} valueFrom: -{{ tpl (toYaml $value) $ | indent 10 }} - {{- end }} -{{- range $key, $value := .Values.env }} + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} + {{- range $key, $value := .Values.env }} - name: "{{ tpl $key $ }}" value: "{{ tpl (print $value) $ }}" -{{- end }} + {{- end }} {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }} envFrom: - {{- if .Values.envFromSecret }} + {{- if .Values.envFromSecret }} - secretRef: name: {{ tpl .Values.envFromSecret . }} - {{- end }} - {{- if .Values.envRenderSecret }} + {{- end }} + {{- if .Values.envRenderSecret }} - secretRef: - name: {{ template "grafana.fullname" . }}-env - {{- end }} - {{- range .Values.envFromSecrets }} + name: {{ include "grafana.fullname" . }}-env + {{- end }} + {{- range .Values.envFromSecrets }} - secretRef: name: {{ tpl .name $ }} optional: {{ .optional | default false }} - {{- end }} - {{- range .Values.envFromConfigMaps }} + {{- end }} + {{- range .Values.envFromConfigMaps }} - configMapRef: name: {{ tpl .name $ }} optional: {{ .optional | default false }} + {{- end }} {{- end }} - {{- end }} + {{- with .Values.livenessProbe }} livenessProbe: -{{ toYaml .Values.livenessProbe | indent 6 }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.readinessProbe }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 6 }} -{{- if .Values.lifecycleHooks }} - lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }} -{{- end }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.lifecycleHooks }} + lifecycle: + {{- tpl (toYaml .) $root | nindent 6 }} + {{- end }} + {{- with .Values.resources }} resources: -{{ toYaml .Values.resources | indent 6 }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.extraContainers }} -{{ tpl . $ | indent 2 }} + {{- tpl . $ | nindent 2 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 2 }} + {{- toYaml . | nindent 2 }} {{- end }} -{{- $root := . }} {{- with .Values.affinity }} affinity: -{{ tpl (toYaml .) $root | indent 2 }} + {{- tpl (toYaml .) $root | nindent 2 }} +{{- end }} +{{- with .Values.topologySpreadConstraints }} +topologySpreadConstraints: + {{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.tolerations }} tolerations: -{{ toYaml . | indent 2 }} + {{- toYaml . | nindent 2 }} {{- end }} volumes: - name: config configMap: - name: {{ template "grafana.fullname" . }} -{{- $root := . }} -{{- range .Values.extraConfigmapMounts }} + name: {{ include "grafana.fullname" . }} + {{- range .Values.extraConfigmapMounts }} - name: {{ tpl .name $root }} configMap: name: {{ tpl .configMap $root }} - {{- if .items }} - items: {{ toYaml .items | nindent 6 }} + {{- with .items }} + items: + {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} + {{- end }} {{- if .Values.dashboards }} - {{- range (keys .Values.dashboards | sortAlpha) }} + {{- range (keys .Values.dashboards | sortAlpha) }} - name: dashboards-{{ . }} configMap: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} - {{- end }} + name: {{ include "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} {{- end }} {{- if .Values.dashboardsConfigMaps }} - {{ $root := . }} - {{- range $provider, $name := .Values.dashboardsConfigMaps }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} - name: dashboards-{{ $provider }} configMap: name: {{ tpl $name $root }} - {{- end }} + {{- end }} {{- end }} {{- if .Values.ldap.enabled }} - name: ldap @@ -650,89 +1033,101 @@ volumes: {{- if .Values.ldap.existingSecret }} secretName: {{ .Values.ldap.existingSecret }} {{- else }} - secretName: {{ template "grafana.fullname" . }} + secretName: {{ include "grafana.fullname" . }} {{- end }} items: - key: ldap-toml path: ldap.toml {{- end }} -{{- if and .Values.global.persistence.enabled (eq .Values.persistence.type "pvc") }} + {{- if and .Values.global.persistence.enabled (eq .Values.persistence.type "pvc") }} - name: storage persistentVolumeClaim: claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }} -{{- else if and .Values.global.persistence.enabled (eq .Values.persistence.type "statefulset") }} -# nothing -{{- else }} + {{- else if and .Values.global.persistence.enabled (has .Values.persistence.type $sts) }} + {{/* nothing */}} + {{- else }} - name: storage -{{- if .Values.persistence.inMemory.enabled }} + {{- if .Values.persistence.inMemory.enabled }} emptyDir: medium: Memory -{{- if .Values.persistence.inMemory.sizeLimit }} - sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} -{{- end -}} -{{- else }} + {{- with .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ . }} + {{- end }} + {{- else }} emptyDir: {} -{{- end -}} -{{- end -}} -{{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume -{{- if .Values.sidecar.dashboards.sizeLimit }} + {{- end }} + {{- end }} + {{- if .Values.sidecar.alerts.enabled }} + - name: sc-alerts-volume emptyDir: - sizeLimit: {{ .Values.sidecar.dashboards.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- if .Values.sidecar.dashboards.SCProvider }} + {{- with .Values.sidecar.alerts.sizeLimit }} + sizeLimit: {{ . }} + {{- else }} + {} + {{- end }} + {{- end }} + {{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: + {{- with .Values.sidecar.dashboards.sizeLimit }} + sizeLimit: {{ . }} + {{- else }} + {} + {{- end }} + {{- if .Values.sidecar.dashboards.SCProvider }} - name: sc-dashboard-provider configMap: - name: {{ template "grafana.fullname" . }}-config-dashboards -{{- end }} -{{- end }} -{{- if .Values.sidecar.datasources.enabled }} + name: {{ include "grafana.fullname" . }}-config-dashboards + {{- end }} + {{- end }} + {{- if .Values.sidecar.datasources.enabled }} - name: sc-datasources-volume -{{- if .Values.sidecar.datasources.sizeLimit }} emptyDir: - sizeLimit: {{ .Values.sidecar.datasources.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- if .Values.sidecar.plugins.enabled }} + {{- with .Values.sidecar.datasources.sizeLimit }} + sizeLimit: {{ . }} + {{- else }} + {} + {{- end }} + {{- end }} + {{- if .Values.sidecar.plugins.enabled }} - name: sc-plugins-volume -{{- if .Values.sidecar.plugins.sizeLimit }} emptyDir: - sizeLimit: {{ .Values.sidecar.plugins.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- if .Values.sidecar.notifiers.enabled }} + {{- with .Values.sidecar.plugins.sizeLimit }} + sizeLimit: {{ . }} + {{- else }} + {} + {{- end }} + {{- end }} + {{- if .Values.sidecar.notifiers.enabled }} - name: sc-notifiers-volume -{{- if .Values.sidecar.notifiers.sizeLimit }} emptyDir: - sizeLimit: {{ .Values.sidecar.notifiers.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- range .Values.extraSecretMounts }} -{{- if .secretName }} + {{- with .Values.sidecar.notifiers.sizeLimit }} + sizeLimit: {{ . }} + {{- else }} + {} + {{- end }} + {{- end }} + {{- range .Values.extraSecretMounts }} + {{- if .secretName }} - name: {{ .name }} secret: secretName: {{ .secretName }} defaultMode: {{ .defaultMode }} - {{- if .items }} - items: {{ toYaml .items | nindent 6 }} + {{- with .items }} + items: + {{- toYaml . | nindent 8 }} {{- end }} -{{- else if .projected }} + {{- else if .projected }} - name: {{ .name }} - projected: {{- toYaml .projected | nindent 6 }} -{{- else if .csi }} + projected: + {{- toYaml .projected | nindent 6 }} + {{- else if .csi }} - name: {{ .name }} - csi: {{- toYaml .csi | nindent 6 }} -{{- end }} -{{- end }} -{{- range .Values.extraVolumeMounts }} + csi: + {{- toYaml .csi | nindent 6 }} + {{- end }} + {{- end }} + {{- range .Values.extraVolumeMounts }} - name: {{ .name }} {{- if .existingClaim }} persistentVolumeClaim: @@ -740,15 +1135,18 @@ volumes: {{- else if .hostPath }} hostPath: path: {{ .hostPath }} + {{- else if .csi }} + csi: + {{- toYaml .data | nindent 6 }} {{- else }} emptyDir: {} {{- end }} -{{- end }} -{{- range .Values.extraEmptyDirMounts }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} - name: {{ .name }} emptyDir: {} -{{- end -}} -{{- if .Values.extraContainerVolumes }} -{{ toYaml .Values.extraContainerVolumes | indent 2 }} -{{- end }} + {{- end }} + {{- with .Values.extraContainerVolumes }} + {{- tpl (toYaml .) $root | nindent 2 }} + {{- end }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/clusterrole.yaml b/charts/kasten/k10/charts/grafana/templates/clusterrole.yaml index fda70e5b4..0666244f1 100644 --- a/charts/kasten/k10/charts/grafana/templates/clusterrole.yaml +++ b/charts/kasten/k10/charts/grafana/templates/clusterrole.yaml @@ -1,25 +1,25 @@ {{- if .Values.enabled }} -{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingRole) }} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled (or .Values.rbac.extraClusterRoleRules (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled .Values.rbac.extraClusterRoleRules .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }} rules: -{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }} -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] -{{- end}} -{{- with .Values.rbac.extraClusterRoleRules }} -{{ toYaml . | indent 0 }} -{{- end}} + {{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }} + - apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] + {{- end}} + {{- with .Values.rbac.extraClusterRoleRules }} + {{- toYaml . | nindent 2 }} + {{- end}} {{- else }} rules: [] {{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml b/charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml index 5e50cd7fe..5168323a9 100644 --- a/charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml +++ b/charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml @@ -1,26 +1,26 @@ {{- if .Values.enabled }} -{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) }} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "grafana.fullname" . }}-clusterrolebinding + name: {{ include "grafana.fullname" . }}-clusterrolebinding labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} subjects: - kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.serviceAccountName" . }} + namespace: {{ include "grafana.namespace" . }} roleRef: kind: ClusterRole -{{- if (not .Values.rbac.useExistingRole) }} - name: {{ template "grafana.fullname" . }}-clusterrole -{{- else }} + {{- if .Values.rbac.useExistingRole }} name: {{ .Values.rbac.useExistingRole }} -{{- end }} + {{- else }} + name: {{ include "grafana.fullname" . }}-clusterrole + {{- end }} apiGroup: rbac.authorization.k8s.io -{{- end -}} -{{- end -}} +{{- end }} +{{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kasten/k10/charts/grafana/templates/configmap-dashboard-provider.yaml index c3dcc0810..64f0e7967 100644 --- a/charts/kasten/k10/charts/grafana/templates/configmap-dashboard-provider.yaml +++ b/charts/kasten/k10/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -1,31 +1,31 @@ {{- if .Values.enabled }} -{{- if .Values.sidecar.dashboards.enabled }} +{{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.SCProvider }} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-config-dashboards - namespace: {{ template "grafana.namespace" . }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "grafana.fullname" . }}-config-dashboards + namespace: {{ include "grafana.namespace" . }} data: provider.yaml: |- apiVersion: 1 providers: - - name: '{{ .Values.sidecar.dashboards.provider.name }}' - orgId: {{ .Values.sidecar.dashboards.provider.orgid }} - {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - folder: '{{ .Values.sidecar.dashboards.provider.folder }}' - {{- end}} - type: {{ .Values.sidecar.dashboards.provider.type }} - disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} - allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} - updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} - options: - foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} -{{- end}} -{{- end}} + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end }} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/configmap.yaml b/charts/kasten/k10/charts/grafana/templates/configmap.yaml index 3322a6f01..990391b24 100644 --- a/charts/kasten/k10/charts/grafana/templates/configmap.yaml +++ b/charts/kasten/k10/charts/grafana/templates/configmap.yaml @@ -1,15 +1,17 @@ {{- if .Values.createConfigmap }} +{{- $files := .Files }} +{{- $root := . -}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} data: # Adding default prometheus datasource for grafana datasources.yaml: | @@ -27,11 +29,11 @@ data: {{- end }} jsonData: timeInterval: '1m' -{{- if .Values.plugins }} - plugins: {{ join "," .Values.plugins }} -{{- end }} + {{- with .Values.plugins }} + plugins: {{ join "," . }} + {{- end }} grafana.ini: | -{{- range $elem, $elemVal := index .Values "grafana.ini" }} + {{- range $elem, $elemVal := index .Values "grafana.ini" }} {{- if not (kindIs "map" $elemVal) }} {{- if kindIs "invalid" $elemVal }} {{ $elem }} = @@ -41,8 +43,8 @@ data: {{ $elem }} = {{ $elemVal }} {{- end }} {{- end }} -{{- end }} -{{- range $key, $value := index .Values "grafana.ini" }} + {{- end }} + {{- range $key, $value := index .Values "grafana.ini" }} {{- if kindIs "map" $value }} [{{ $key }}] {{- range $elem, $elemVal := $value }} @@ -55,31 +57,31 @@ data: {{- end }} {{- end }} {{- end }} -{{- end }} - [server] - root_url=/{{ include "k10.ingressPath" . | trimSuffix "/"}}/grafana - serve_from_sub_path=true -{{- if .Values.datasources }} -{{ $root := . }} + {{- end }} {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ tpl (toYaml $value | indent 4) $root }} - {{- end -}} -{{- end -}} + {{- $key | nindent 2 }}: | + {{- tpl (toYaml $value | nindent 4) $root }} + {{- end }} -{{- if .Values.notifiers }} {{- range $key, $value := .Values.notifiers }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} + {{- $key | nindent 2 }}: | + {{- toYaml $value | nindent 4 }} + {{- end }} + + {{- range $key, $value := .Values.alerting }} + {{- if (hasKey $value "file") }} + {{- $key | nindent 2 }}: + {{- toYaml ( $files.Get $value.file ) | nindent 4}} + {{- else }} + {{- $key | nindent 2 }}: | + {{- tpl (toYaml $value | nindent 4) $root }} + {{- end }} + {{- end }} -{{- if .Values.dashboardProviders }} {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} + {{- $key | nindent 2 }}: | + {{- toYaml $value | nindent 4 }} + {{- end }} {{- if .Values.dashboards }} download_dashboards.sh: | @@ -100,22 +102,52 @@ data: --connect-timeout 60 \ --max-time 60 \ {{- if not $value.b64content }} + {{- if not $value.acceptHeader }} -H "Accept: application/json" \ + {{- else }} + -H "Accept: {{ $value.acceptHeader }}" \ + {{- end }} {{- if $value.token }} -H "Authorization: token {{ $value.token }}" \ {{- end }} + {{- if $value.bearerToken }} + -H "Authorization: Bearer {{ $value.bearerToken }}" \ + {{- end }} + {{- if $value.basic }} + -H "Authorization: Basic {{ $value.basic }}" \ + {{- end }} + {{- if $value.gitlabToken }} + -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ + {{- end }} -H "Content-Type: application/json;charset=UTF-8" \ - {{ end }} - {{- $dpPath := "" -}} - {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers -}} - {{- if eq $kd.name $provider -}} - {{- $dpPath = $kd.options.path -}} - {{- end -}} - {{- end -}} - {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ - > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" {{- end }} - {{- end -}} + {{- $dpPath := "" -}} + {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }} + {{- if eq $kd.name $provider }} + {{- $dpPath = $kd.options.path }} + {{- end }} + {{- end }} + {{- if $value.url }} + "{{ $value.url }}" \ + {{- else }} + "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \ + {{- end }} + {{- if $value.datasource }} + {{- if kindIs "string" $value.datasource }} + | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \ + {{- end }} + {{- if kindIs "slice" $value.datasource }} + {{- range $value.datasource }} + | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ + {{- end }} + {{- end }} + {{- end }} + {{- if $value.b64content }} + | base64 -d \ + {{- end }} + > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" + {{ end }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml index 232cd5a5e..4368e66e9 100644 --- a/charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml +++ b/charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml @@ -5,8 +5,8 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} - namespace: {{ template "grafana.namespace" $ }} + name: {{ include "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ include "grafana.namespace" $ }} labels: {{- include "grafana.labels" $ | nindent 4 }} dashboard-provider: {{ $provider }} @@ -16,14 +16,14 @@ data: {{- range $key, $value := $dashboards }} {{- if (or (hasKey $value "json") (hasKey $value "file")) }} {{- $dashboardFound = true }} -{{ print $key | indent 2 }}.json: -{{- if hasKey $value "json" }} + {{- print $key | nindent 2 }}.json: + {{- if hasKey $value "json" }} |- -{{ $value.json | indent 6 }} -{{- end }} -{{- if hasKey $value "file" }} -{{ toYaml ( $files.Get $value.file ) | indent 4}} -{{- end }} + {{- $value.json | nindent 6 }} + {{- end }} + {{- if hasKey $value "file" }} + {{- toYaml ( $files.Get $value.file ) | nindent 4}} + {{- end }} {{- end }} {{- end }} {{- if not $dashboardFound }} diff --git a/charts/kasten/k10/charts/grafana/templates/deployment.yaml b/charts/kasten/k10/charts/grafana/templates/deployment.yaml index 29ca7a6a8..0da492db7 100644 --- a/charts/kasten/k10/charts/grafana/templates/deployment.yaml +++ b/charts/kasten/k10/charts/grafana/templates/deployment.yaml @@ -1,19 +1,19 @@ {{- if .Values.enabled }} -{{ if (and (not .Values.useStatefulSet) (or (not .Values.global.persistence.enabled) (eq .Values.persistence.type "pvc"))) }} +{{- if (and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc"))) }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.labels }} -{{ toYaml .Values.labels | indent 4 }} -{{- end }} -{{- with .Values.annotations }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }} replicas: {{ .Values.replicas }} @@ -22,30 +22,31 @@ spec: selector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 6 }} -{{- with .Values.deploymentStrategy }} + {{- with .Values.deploymentStrategy }} strategy: -{{ toYaml . | trim | indent 4 }} -{{- end }} + {{- toYaml . | trim | nindent 4 }} + {{- end }} template: metadata: labels: {{- include "grafana.selectorLabels" . | nindent 8 }} -{{- with .Values.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} -{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.envRenderSecret }} + {{- end }} + {{- if .Values.envRenderSecret }} checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} -{{- end }} -{{- with .Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} + {{- end }} + kubectl.kubernetes.io/default-container: {{ .Chart.Name }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- include "grafana.pod" . | nindent 6 }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/headless-service.yaml b/charts/kasten/k10/charts/grafana/templates/headless-service.yaml index fe32d545b..61fbb43d6 100644 --- a/charts/kasten/k10/charts/grafana/templates/headless-service.yaml +++ b/charts/kasten/k10/charts/grafana/templates/headless-service.yaml @@ -1,24 +1,24 @@ {{- if .Values.enabled }} -{{- if or .Values.headlessService (and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset"))}} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} +{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }} apiVersion: v1 kind: Service metadata: - name: {{ template "grafana.fullname" . }}-headless - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-headless + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None selector: {{- include "grafana.selectorLabels" . | nindent 4 }} type: ClusterIP ports: - - protocol: TCP - port: 3000 - targetPort: 3000 + - name: {{ .Values.gossipPortName }}-tcp + port: 9094 {{- end }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/hpa.yaml b/charts/kasten/k10/charts/grafana/templates/hpa.yaml index b168fb61d..82e5612a1 100644 --- a/charts/kasten/k10/charts/grafana/templates/hpa.yaml +++ b/charts/kasten/k10/charts/grafana/templates/hpa.yaml @@ -1,22 +1,54 @@ {{- if .Values.enabled }} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "grafana.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: - name: {{ template "grafana.fullname" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: - app.kubernetes.io/name: {{ template "grafana.name" . }} - helm.sh/chart: {{ template "grafana.chart" . }} + app.kubernetes.io/name: {{ include "grafana.name" . }} + helm.sh/chart: {{ include "grafana.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} spec: scaleTargetRef: apiVersion: apps/v1 + {{- if has .Values.persistence.type $sts }} + kind: StatefulSet + {{- else }} kind: Deployment - name: {{ template "grafana.fullname" . }} + {{- end }} + name: {{ include "grafana.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: -{{ toYaml .Values.autoscaling.metrics | indent 4 }} + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.behavior }} + behavior: {{ toYaml .Values.autoscaling.behavior | nindent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml index f29c982b9..551b2882c 100644 --- a/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml +++ b/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml @@ -1,66 +1,68 @@ {{- if .Values.enabled }} {{ if .Values.imageRenderer.enabled }} +{{- $root := . -}} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "grafana.fullname" . }}-image-renderer - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-image-renderer + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.imageRenderer.labels" . | nindent 4 }} -{{- if .Values.imageRenderer.labels }} -{{ toYaml .Values.imageRenderer.labels | indent 4 }} -{{- end }} -{{- with .Values.imageRenderer.annotations }} + {{- with .Values.imageRenderer.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.imageRenderer.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: + {{- if and (not .Values.imageRenderer.autoscaling.enabled) (.Values.imageRenderer.replicas) }} replicas: {{ .Values.imageRenderer.replicas }} + {{- end }} revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} selector: matchLabels: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} -{{- with .Values.imageRenderer.deploymentStrategy }} + + {{- with .Values.imageRenderer.deploymentStrategy }} strategy: -{{ toYaml . | trim | indent 4 }} -{{- end }} + {{- toYaml . | trim | nindent 4 }} + {{- end }} template: metadata: labels: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} -{{- with .Values.imageRenderer.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} + {{- with .Values.imageRenderer.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- with .Values.imageRenderer.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} + {{- with .Values.imageRenderer.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: - - {{- if .Values.imageRenderer.schedulerName }} - schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- with .Values.imageRenderer.schedulerName }} + schedulerName: "{{ . }}" {{- end }} - {{- if .Values.imageRenderer.serviceAccountName }} - serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- with .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ . }}" {{- end }} - {{- if .Values.imageRenderer.securityContext }} + {{- with .Values.imageRenderer.securityContext }} securityContext: - {{- toYaml .Values.imageRenderer.securityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.imageRenderer.hostAliases }} + {{- with .Values.imageRenderer.hostAliases }} hostAliases: - {{- toYaml .Values.imageRenderer.hostAliases | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.imageRenderer.priorityClassName }} - priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- with .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ . }} {{- end }} - {{- if .Values.imageRenderer.image.pullSecrets }} + {{- with .Values.imageRenderer.image.pullSecrets }} imagePullSecrets: - {{- $root := . }} - {{- range .Values.imageRenderer.image.pullSecrets }} + {{- range . }} - name: {{ tpl . $root }} - {{- end}} + {{- end}} {{- end }} containers: - name: {{ .Chart.Name }}-image-renderer @@ -70,15 +72,15 @@ spec: image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" {{- end }} imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} - {{- if .Values.imageRenderer.command }} + {{- if .Values.imageRenderer.command }} command: - {{- range .Values.imageRenderer.command }} + {{- range .Values.imageRenderer.command }} - {{ . }} - {{- end }} - {{- end}} + {{- end }} + {{- end}} ports: - name: {{ .Values.imageRenderer.service.portName }} - containerPort: {{ .Values.imageRenderer.service.port }} + containerPort: {{ .Values.imageRenderer.service.targetPort }} protocol: TCP livenessProbe: httpGet: @@ -86,35 +88,42 @@ spec: port: {{ .Values.imageRenderer.service.portName }} env: - name: HTTP_PORT - value: {{ .Values.imageRenderer.service.port | quote }} + value: {{ .Values.imageRenderer.service.targetPort | quote }} + {{- if .Values.imageRenderer.serviceMonitor.enabled }} + - name: ENABLE_METRICS + value: "true" + {{- end }} + {{- range $key, $value := .Values.imageRenderer.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 16 }} + {{- end }} {{- range $key, $value := .Values.imageRenderer.env }} - name: {{ $key | quote }} value: {{ $value | quote }} {{- end }} + {{- with .Values.imageRenderer.containerSecurityContext }} securityContext: - capabilities: - drop: ['all'] - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: - mountPath: /tmp name: image-renderer-tmpfs - {{- with .Values.imageRenderer.resources }} + {{- with .Values.imageRenderer.resources }} resources: -{{ toYaml . | indent 12 }} - {{- end }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.imageRenderer.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- $root := . }} {{- with .Values.imageRenderer.affinity }} affinity: -{{ tpl (toYaml .) $root | indent 8 }} + {{- tpl (toYaml .) $root | nindent 8 }} {{- end }} {{- with .Values.imageRenderer.tolerations }} tolerations: -{{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: image-renderer-tmpfs diff --git a/charts/kasten/k10/charts/grafana/templates/image-renderer-hpa.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-hpa.yaml new file mode 100644 index 000000000..924ab9a14 --- /dev/null +++ b/charts/kasten/k10/charts/grafana/templates/image-renderer-hpa.yaml @@ -0,0 +1,49 @@ +{{- if .Values.enabled }} +{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.autoscaling.enabled }} +apiVersion: {{ include "grafana.hpa.apiVersion" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "grafana.fullname" . }}-image-renderer + namespace: {{ include "grafana.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer + helm.sh/chart: {{ include "grafana.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "grafana.fullname" . }}-image-renderer + minReplicas: {{ .Values.imageRenderer.autoscaling.minReplicas }} + maxReplicas: {{ .Values.imageRenderer.autoscaling.maxReplicas }} + metrics: + {{- if .Values.imageRenderer.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ .Values.imageRenderer.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.imageRenderer.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.imageRenderer.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ .Values.imageRenderer.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.imageRenderer.autoscaling.targetCPU }} + {{- end }} + {{- end }} + {{- if .Values.imageRenderer.autoscaling.behavior }} + behavior: {{ toYaml .Values.imageRenderer.autoscaling.behavior | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-network-policy.yaml index 3730e7eba..3a4988bf5 100644 --- a/charts/kasten/k10/charts/grafana/templates/image-renderer-network-policy.yaml +++ b/charts/kasten/k10/charts/grafana/templates/image-renderer-network-policy.yaml @@ -1,54 +1,57 @@ {{- if .Values.enabled }} -{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.networkPolicy.limitIngress }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ template "grafana.fullname" . }}-image-renderer-ingress - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ include "grafana.namespace" . }} annotations: comment: Limit image-renderer ingress traffic from grafana spec: podSelector: matchLabels: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - {{- if .Values.imageRenderer.podLabels }} - {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- with .Values.imageRenderer.podLabels }} + {{- toYaml . | nindent 6 }} {{- end }} policyTypes: - Ingress ingress: - ports: - - port: {{ .Values.imageRenderer.service.port }} + - port: {{ .Values.imageRenderer.service.targetPort }} protocol: TCP from: - namespaceSelector: matchLabels: - name: {{ template "grafana.namespace" . }} + kubernetes.io/metadata.name: {{ include "grafana.namespace" . }} podSelector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 14 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 14 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 14 }} {{- end }} -{{ end }} + {{- with .Values.imageRenderer.networkPolicy.extraIngressSelectors -}} + {{ toYaml . | nindent 8 }} + {{- end }} +{{- end }} -{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.networkPolicy.limitEgress }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ template "grafana.fullname" . }}-image-renderer-egress - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-image-renderer-egress + namespace: {{ include "grafana.namespace" . }} annotations: comment: Limit image-renderer egress traffic to grafana spec: podSelector: matchLabels: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - {{- if .Values.imageRenderer.podLabels }} - {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- with .Values.imageRenderer.podLabels }} + {{- toYaml . | nindent 6 }} {{- end }} policyTypes: @@ -62,17 +65,17 @@ spec: protocol: TCP # talk only to grafana - ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.service.targetPort }} protocol: TCP to: - namespaceSelector: matchLabels: - name: {{ template "grafana.namespace" . }} + name: {{ include "grafana.namespace" . }} podSelector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 14 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 14 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 14 }} {{- end }} -{{ end }} -{{- end}} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/image-renderer-service.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-service.yaml index 530931327..dda7b676b 100644 --- a/charts/kasten/k10/charts/grafana/templates/image-renderer-service.yaml +++ b/charts/kasten/k10/charts/grafana/templates/image-renderer-service.yaml @@ -1,32 +1,33 @@ {{- if .Values.enabled }} -{{ if .Values.imageRenderer.enabled }} -{{ if .Values.imageRenderer.service.enabled }} +{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.service.enabled }} apiVersion: v1 kind: Service metadata: - name: {{ template "grafana.fullname" . }}-image-renderer - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-image-renderer + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.imageRenderer.labels" . | nindent 4 }} -{{- if .Values.imageRenderer.service.labels }} -{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} -{{- end }} -{{- with .Values.imageRenderer.service.annotations }} + {{- with .Values.imageRenderer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.imageRenderer.service.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: ClusterIP - {{- if .Values.imageRenderer.service.clusterIP }} - clusterIP: {{ .Values.imageRenderer.service.clusterIP }} - {{end}} + {{- with .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} ports: - name: {{ .Values.imageRenderer.service.portName }} port: {{ .Values.imageRenderer.service.port }} protocol: TCP targetPort: {{ .Values.imageRenderer.service.targetPort }} + {{- with .Values.imageRenderer.appProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} -{{ end }} -{{ end }} -{{- end}} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/image-renderer-servicemonitor.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-servicemonitor.yaml new file mode 100644 index 000000000..27e7f8461 --- /dev/null +++ b/charts/kasten/k10/charts/grafana/templates/image-renderer-servicemonitor.yaml @@ -0,0 +1,50 @@ +{{- if .Values.enabled }} +{{- if .Values.imageRenderer.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "grafana.fullname" . }}-image-renderer + {{- if .Values.imageRenderer.serviceMonitor.namespace }} + namespace: {{ tpl .Values.imageRenderer.serviceMonitor.namespace . }} + {{- else }} + namespace: {{ include "grafana.namespace" . }} + {{- end }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} + {{- with .Values.imageRenderer.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.imageRenderer.service.portName }} + {{- with .Values.imageRenderer.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.imageRenderer.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + honorLabels: true + path: {{ .Values.imageRenderer.serviceMonitor.path }} + scheme: {{ .Values.imageRenderer.serviceMonitor.scheme }} + {{- with .Values.imageRenderer.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.imageRenderer.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + jobLabel: "{{ .Release.Name }}-image-renderer" + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ include "grafana.namespace" . }} + {{- with .Values.imageRenderer.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/ingress.yaml b/charts/kasten/k10/charts/grafana/templates/ingress.yaml index 80dbc798b..7c5069997 100644 --- a/charts/kasten/k10/charts/grafana/templates/ingress.yaml +++ b/charts/kasten/k10/charts/grafana/templates/ingress.yaml @@ -12,15 +12,15 @@ apiVersion: {{ include "grafana.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ template "grafana.namespace" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} - {{- if .Values.ingress.annotations }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} annotations: - {{- range $key, $value := .Values.ingress.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ tpl $value $ | quote }} {{- end }} {{- end }} @@ -28,19 +28,19 @@ spec: {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }} ingressClassName: {{ .Values.ingress.ingressClassName }} {{- end -}} -{{- if .Values.ingress.tls }} + {{- with .Values.ingress.tls }} tls: -{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} -{{- end }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} rules: {{- if .Values.ingress.hosts }} {{- range .Values.ingress.hosts }} - - host: {{ tpl . $}} + - host: {{ tpl . $ }} http: paths: -{{- if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} - path: {{ $ingressPath }} {{- if $ingressSupportsPathType }} pathType: {{ $ingressPathType }} @@ -69,8 +69,8 @@ spec: serviceName: {{ $fullName }} servicePort: {{ $servicePort }} {{- end }} - {{- if $ingressPath }} - path: {{ $ingressPath }} + {{- with $ingressPath }} + path: {{ . }} {{- end }} {{- if $ingressSupportsPathType }} pathType: {{ $ingressPathType }} diff --git a/charts/kasten/k10/charts/grafana/templates/poddisruptionbudget.yaml b/charts/kasten/k10/charts/grafana/templates/poddisruptionbudget.yaml index 7495452a2..f6888c63a 100644 --- a/charts/kasten/k10/charts/grafana/templates/poddisruptionbudget.yaml +++ b/charts/kasten/k10/charts/grafana/templates/poddisruptionbudget.yaml @@ -3,20 +3,20 @@ apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.labels }} -{{ toYaml .Values.labels | indent 4 }} -{{- end }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: -{{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} -{{- end }} -{{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} -{{- end }} + {{- with .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ . }} + {{- end }} + {{- with .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ . }} + {{- end }} selector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 6 }} diff --git a/charts/kasten/k10/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kasten/k10/charts/grafana/templates/podsecuritypolicy.yaml index 881df6f6a..993547e89 100644 --- a/charts/kasten/k10/charts/grafana/templates/podsecuritypolicy.yaml +++ b/charts/kasten/k10/charts/grafana/templates/podsecuritypolicy.yaml @@ -1,8 +1,9 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: {{ include "grafana.podSecurityPolicy.apiVersion" . }} +{{- if .Values.enabled }} +{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ template "grafana.fullname" . }} + name: {{ include "grafana.fullname" . }} labels: {{- include "grafana.labels" . | nindent 4 }} annotations: @@ -47,3 +48,4 @@ spec: max: 65535 readOnlyRootFilesystem: false {{- end }} +{{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/pvc.yaml b/charts/kasten/k10/charts/grafana/templates/pvc.yaml index 4389846c7..7681e8a2a 100644 --- a/charts/kasten/k10/charts/grafana/templates/pvc.yaml +++ b/charts/kasten/k10/charts/grafana/templates/pvc.yaml @@ -3,17 +3,20 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.extraPvcLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.persistence.annotations }} annotations: -{{ toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.persistence.finalizers }} finalizers: -{{ toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: accessModes: @@ -23,11 +26,11 @@ spec: storage: {{ default .Values.global.persistence.size .Values.global.persistence.grafana.size | quote }} {{- if .Values.global.persistence.storageClass }} storageClassName: {{ .Values.global.persistence.storageClass }} - {{- end -}} + {{- end }} {{- with .Values.persistence.selectorLabels }} selector: matchLabels: -{{ toYaml . | indent 6 }} + {{- toYaml . | nindent 6 }} {{- end }} {{- end }} {{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/role.yaml b/charts/kasten/k10/charts/grafana/templates/role.yaml index 3ef46c82b..5752c4b98 100644 --- a/charts/kasten/k10/charts/grafana/templates/role.yaml +++ b/charts/kasten/k10/charts/grafana/templates/role.yaml @@ -1,32 +1,32 @@ {{- if .Values.enabled }} {{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} -apiVersion: {{ template "grafana.rbac.apiVersion" . }} +apiVersion: {{ include "grafana.rbac.apiVersion" . }} kind: Role metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} -{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }} rules: -{{- if .Values.rbac.pspEnabled }} -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}] -{{- end }} -{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }} -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] -{{- end }} -{{- with .Values.rbac.extraRoleRules }} -{{ toYaml . | indent 0 }} -{{- end}} + {{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "grafana.fullname" . }}] + {{- end }} + {{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }} + - apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] + {{- end }} + {{- with .Values.rbac.extraRoleRules }} + {{- toYaml . | nindent 2 }} + {{- end}} {{- else }} rules: [] {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/rolebinding.yaml b/charts/kasten/k10/charts/grafana/templates/rolebinding.yaml index bd0bd5dea..0b2a1b12c 100644 --- a/charts/kasten/k10/charts/grafana/templates/rolebinding.yaml +++ b/charts/kasten/k10/charts/grafana/templates/rolebinding.yaml @@ -1,27 +1,27 @@ {{- if .Values.enabled }} -{{- if .Values.rbac.create -}} -apiVersion: {{ template "grafana.rbac.apiVersion" . }} +{{- if .Values.rbac.create }} +apiVersion: {{ include "grafana.rbac.apiVersion" . }} kind: RoleBinding metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role -{{- if (not .Values.rbac.useExistingRole) }} - name: {{ template "grafana.fullname" . }} -{{- else }} + {{- if .Values.rbac.useExistingRole }} name: {{ .Values.rbac.useExistingRole }} -{{- end }} + {{- else }} + name: {{ include "grafana.fullname" . }} + {{- end }} subjects: - kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ template "grafana.namespace" . }} -{{- end -}} + name: {{ include "grafana.serviceAccountName" . }} + namespace: {{ include "grafana.namespace" . }} +{{- end }} {{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/secret-env.yaml b/charts/kasten/k10/charts/grafana/templates/secret-env.yaml index be272234c..5a6c06dff 100644 --- a/charts/kasten/k10/charts/grafana/templates/secret-env.yaml +++ b/charts/kasten/k10/charts/grafana/templates/secret-env.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "grafana.fullname" . }}-env - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-env + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} type: Opaque data: {{- range $key, $val := .Values.envRenderSecret }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end -}} + {{ $key }}: {{ tpl ($val | toString) $ | b64enc | quote }} +{{- end }} +{{- end }} {{- end }} -{{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/secret.yaml b/charts/kasten/k10/charts/grafana/templates/secret.yaml index cd5939cc5..fbbc7ff79 100644 --- a/charts/kasten/k10/charts/grafana/templates/secret.yaml +++ b/charts/kasten/k10/charts/grafana/templates/secret.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} type: Opaque data: {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} @@ -18,7 +18,7 @@ data: {{- if .Values.adminPassword }} admin-password: {{ .Values.adminPassword | b64enc | quote }} {{- else }} - admin-password: {{ template "grafana.password" . }} + admin-password: {{ include "grafana.password" . }} {{- end }} {{- end }} {{- if not .Values.ldap.existingSecret }} diff --git a/charts/kasten/k10/charts/grafana/templates/service.yaml b/charts/kasten/k10/charts/grafana/templates/service.yaml index 165e2050b..0bc3f784c 100644 --- a/charts/kasten/k10/charts/grafana/templates/service.yaml +++ b/charts/kasten/k10/charts/grafana/templates/service.yaml @@ -1,15 +1,16 @@ {{- if .Values.enabled }} -{{ if .Values.service.enabled }} +{{- if .Values.service.enabled }} +{{- $root := . }} apiVersion: v1 kind: Service metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: getambassador.io/config: | --- @@ -22,40 +23,42 @@ metadata: timeout_ms: 15000 hostname: "*" ambassador_id: [ {{ include "k10.ambassadorId" . }} ] - spec: -{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} type: ClusterIP - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- with .Values.service.clusterIP }} + clusterIP: {{ . }} {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} + {{- else if eq .Values.service.type "LoadBalancer" }} type: {{ .Values.service.type }} -{{- end }} -{{- if .Values.service.externalIPs }} + {{- with .Values.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + type: {{ .Values.service.type }} + {{- end }} + {{- with .Values.service.externalIPs }} externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} ports: - name: {{ .Values.service.portName }} port: {{ .Values.service.port }} protocol: TCP targetPort: {{ .Values.service.targetPort }} -{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{.Values.service.nodePort}} -{{ end }} - {{- if .Values.extraExposePorts }} - {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} - {{- end }} + {{- with .Values.service.appProtocol }} + appProtocol: {{ . }} + {{- end }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- with .Values.extraExposePorts }} + {{- tpl (toYaml . | nindent 4) $root }} + {{- end }} selector: {{- include "grafana.selectorLabels" . | nindent 4 }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/serviceaccount.yaml b/charts/kasten/k10/charts/grafana/templates/serviceaccount.yaml index 86904e634..0a5e94791 100644 --- a/charts/kasten/k10/charts/grafana/templates/serviceaccount.yaml +++ b/charts/kasten/k10/charts/grafana/templates/serviceaccount.yaml @@ -1,16 +1,19 @@ {{- if .Values.enabled }} {{- if .Values.serviceAccount.create }} +{{- $root := . -}} apiVersion: v1 kind: ServiceAccount metadata: labels: {{- include "grafana.labels" . | nindent 4 }} -{{- $root := . }} -{{- with .Values.serviceAccount.annotations }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} annotations: -{{ tpl (toYaml . | indent 4) $root }} + {{- tpl (toYaml . | nindent 4) $root }} + {{- end }} + name: {{ include "grafana.serviceAccountName" . }} + namespace: {{ include "grafana.namespace" . }} {{- end }} - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ template "grafana.namespace" . }} {{- end }} -{{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/servicemonitor.yaml b/charts/kasten/k10/charts/grafana/templates/servicemonitor.yaml index 4e8b9a42e..24a0cdb6c 100644 --- a/charts/kasten/k10/charts/grafana/templates/servicemonitor.yaml +++ b/charts/kasten/k10/charts/grafana/templates/servicemonitor.yaml @@ -4,16 +4,16 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "grafana.fullname" . }} + name: {{ include "grafana.fullname" . }} {{- if .Values.serviceMonitor.namespace }} - namespace: {{ .Values.serviceMonitor.namespace }} + namespace: {{ tpl .Values.serviceMonitor.namespace . }} {{- else }} - namespace: {{ template "grafana.namespace" . }} + namespace: {{ include "grafana.namespace" . }} {{- end }} labels: {{- include "grafana.labels" . | nindent 4 }} - {{- if .Values.serviceMonitor.labels }} - {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: @@ -27,20 +27,28 @@ spec: honorLabels: true path: {{ .Values.serviceMonitor.path }} scheme: {{ .Values.serviceMonitor.scheme }} - {{- if .Values.serviceMonitor.tlsConfig }} + {{- with .Values.serviceMonitor.tlsConfig }} tlsConfig: - {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- toYaml . | nindent 6 }} {{- end }} - {{- if .Values.serviceMonitor.relabelings }} + {{- with .Values.serviceMonitor.relabelings }} relabelings: - {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} {{- end }} jobLabel: "{{ .Release.Name }}" selector: matchLabels: - {{- include "grafana.selectorLabels" . | nindent 8 }} + {{- include "grafana.selectorLabels" . | nindent 6 }} namespaceSelector: matchNames: - - {{ template "grafana.namespace" . }} + - {{ include "grafana.namespace" . }} + {{- with .Values.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end}} diff --git a/charts/kasten/k10/charts/grafana/templates/statefulset.yaml b/charts/kasten/k10/charts/grafana/templates/statefulset.yaml index 1aaeb0215..c07f1a255 100644 --- a/charts/kasten/k10/charts/grafana/templates/statefulset.yaml +++ b/charts/kasten/k10/charts/grafana/templates/statefulset.yaml @@ -1,39 +1,41 @@ {{- if .Values.enabled }} -{{- if (or (.Values.useStatefulSet) (and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")))}} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} +{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)))}} apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }} + namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} + {{- with .Values.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 6 }} - serviceName: {{ template "grafana.fullname" . }}-headless + serviceName: {{ include "grafana.fullname" . }}-headless template: metadata: labels: {{- include "grafana.selectorLabels" . | nindent 8 }} -{{- with .Values.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} - {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} -{{- with .Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} + {{- end }} + kubectl.kubernetes.io/default-container: {{ .Chart.Name }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- include "grafana.pod" . | nindent 6 }} {{- if .Values.global.persistence.enabled}} @@ -49,7 +51,7 @@ spec: {{- with .Values.persistence.selectorLabels }} selector: matchLabels: -{{ toYaml . | indent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/tests/test-configmap.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-configmap.yaml index ff53aaf1b..01c96c924 100644 --- a/charts/kasten/k10/charts/grafana/templates/tests/test-configmap.yaml +++ b/charts/kasten/k10/charts/grafana/templates/tests/test-configmap.yaml @@ -2,16 +2,19 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-test + namespace: {{ include "grafana.namespace" . }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" labels: {{- include "grafana.labels" . | nindent 4 }} data: run.sh: |- @test "Test Health" { - url="http://{{ template "grafana.fullname" . }}/api/health" + url="http://{{ include "grafana.fullname" . }}/api/health" - code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') [ "$code" == "200" ] } {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml index 58b464983..1821772a4 100644 --- a/charts/kasten/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml +++ b/charts/kasten/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -1,8 +1,11 @@ -{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ template "grafana.fullname" . }}-test + name: {{ include "grafana.fullname" . }}-test + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" labels: {{- include "grafana.labels" . | nindent 4 }} spec: @@ -20,10 +23,10 @@ spec: runAsUser: rule: RunAsAny volumes: - - configMap - - downwardAPI - - emptyDir - - projected - - csi - - secret + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/tests/test-role.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-role.yaml index 6b10677ae..cb4c78204 100644 --- a/charts/kasten/k10/charts/grafana/templates/tests/test-role.yaml +++ b/charts/kasten/k10/charts/grafana/templates/tests/test-role.yaml @@ -1,14 +1,17 @@ -{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-test + namespace: {{ include "grafana.namespace" . }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" labels: {{- include "grafana.labels" . | nindent 4 }} rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}-test] + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ include "grafana.fullname" . }}-test] {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-rolebinding.yaml index 58fa5e78b..f40d791f6 100644 --- a/charts/kasten/k10/charts/grafana/templates/tests/test-rolebinding.yaml +++ b/charts/kasten/k10/charts/grafana/templates/tests/test-rolebinding.yaml @@ -1,17 +1,20 @@ -{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.fullname" . }}-test + namespace: {{ include "grafana.namespace" . }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" labels: {{- include "grafana.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "grafana.fullname" . }}-test + name: {{ include "grafana.fullname" . }}-test subjects: -- kind: ServiceAccount - name: {{ template "grafana.serviceAccountNameTest" . }} - namespace: {{ template "grafana.namespace" . }} + - kind: ServiceAccount + name: {{ include "grafana.serviceAccountNameTest" . }} + namespace: {{ include "grafana.namespace" . }} {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-serviceaccount.yaml index 5c3350733..38fba3596 100644 --- a/charts/kasten/k10/charts/grafana/templates/tests/test-serviceaccount.yaml +++ b/charts/kasten/k10/charts/grafana/templates/tests/test-serviceaccount.yaml @@ -4,6 +4,9 @@ kind: ServiceAccount metadata: labels: {{- include "grafana.labels" . | nindent 4 }} - name: {{ template "grafana.serviceAccountNameTest" . }} - namespace: {{ template "grafana.namespace" . }} + name: {{ include "grafana.serviceAccountNameTest" . }} + namespace: {{ include "grafana.namespace" . }} + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" {{- end }} diff --git a/charts/kasten/k10/charts/grafana/templates/tests/test.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test.yaml index ef43d80db..9fb884261 100644 --- a/charts/kasten/k10/charts/grafana/templates/tests/test.yaml +++ b/charts/kasten/k10/charts/grafana/templates/tests/test.yaml @@ -1,38 +1,36 @@ {{- if .Values.testFramework.enabled }} +{{- $root := . }} apiVersion: v1 kind: Pod metadata: - name: {{ template "grafana.fullname" . }}-test + name: {{ include "grafana.fullname" . }}-test labels: {{- include "grafana.labels" . | nindent 4 }} annotations: "helm.sh/hook": test-success "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - namespace: {{ template "grafana.namespace" . }} + namespace: {{ include "grafana.namespace" . }} spec: - serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} - {{- if .Values.testFramework.securityContext }} - securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + serviceAccountName: {{ include "grafana.serviceAccountNameTest" . }} + {{- with .Values.testFramework.securityContext }} + securityContext: + {{- toYaml . | nindent 4 }} {{- end }} - {{- $root := . }} - {{- if .Values.image.pullSecrets }} + {{- if or .Values.image.pullSecrets .Values.global.imagePullSecrets }} imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ tpl . $root }} - {{- end}} + {{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.image.pullSecrets) | nindent 4 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- $root := . }} {{- with .Values.affinity }} affinity: -{{ tpl (toYaml .) $root | indent 4 }} + {{- tpl (toYaml .) $root | nindent 4 }} {{- end }} {{- with .Values.tolerations }} tolerations: -{{ toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} containers: - name: {{ .Release.Name }}-test @@ -44,8 +42,8 @@ spec: name: tests readOnly: true volumes: - - name: tests - configMap: - name: {{ template "grafana.fullname" . }}-test + - name: tests + configMap: + name: {{ include "grafana.fullname" . }}-test restartPolicy: Never {{- end }} diff --git a/charts/kasten/k10/charts/grafana/values.yaml b/charts/kasten/k10/charts/grafana/values.yaml index e1942f18e..0f51f10a9 100644 --- a/charts/kasten/k10/charts/grafana/values.yaml +++ b/charts/kasten/k10/charts/grafana/values.yaml @@ -13,8 +13,8 @@ rbac: create: true ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) # useExistingRole: name-of-some-(cluster)role - pspEnabled: true - pspUseAppArmor: true + pspEnabled: false + pspUseAppArmor: false namespaced: false extraRoleRules: [] # - apiGroups: [] @@ -28,6 +28,8 @@ serviceAccount: create: true name: nameTest: + ## ServiceAccount labels. + labels: {} ## Service account annotations. Can be templated. # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here @@ -42,21 +44,16 @@ headlessService: false # autoscaling: enabled: false -# minReplicas: 1 -# maxReplicas: 10 -# metrics: -# - type: Resource -# resource: -# name: cpu -# targetAverageUtilization: 60 -# - type: Resource -# resource: -# name: memory -# targetAverageUtilization: 60 + minReplicas: 1 + maxReplicas: 5 + targetCPU: "60" + targetMemory: "" + behavior: {} ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} +# apiVersion: "" # minAvailable: 1 # maxUnavailable: 1 @@ -84,7 +81,7 @@ livenessProbe: # schedulerName: "default-scheduler" image: - repository: grafana/grafana + repository: docker.io/grafana/grafana # Overrides the Grafana image tag whose default is the chart appVersion tag: "" sha: "" @@ -95,23 +92,29 @@ image: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Can be templated. ## - # pullSecrets: + pullSecrets: [] # - myRegistrKeySecretName testFramework: enabled: false - image: "bats/bats" + image: docker.io/bats/bats tag: "v1.4.1" imagePullPolicy: IfNotPresent securityContext: {} securityContext: + runAsNonRoot: true runAsUser: 472 runAsGroup: 472 fsGroup: 472 containerSecurityContext: - {} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault # Enable creating the grafana configmap createConfigmap: true @@ -138,8 +141,8 @@ extraLabels: {} # priorityClassName: downloadDashboardsImage: - repository: curlimages/curl - tag: 7.73.0 + repository: docker.io/curlimages/curl + tag: 7.85.0 sha: "" pullPolicy: IfNotPresent @@ -147,6 +150,18 @@ downloadDashboards: env: {} envFromSecret: "" resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key ## Pod Annotations # podAnnotations: {} @@ -155,7 +170,7 @@ downloadDashboards: # podLabels: {} podPortName: grafana - +gossipPortName: gossip ## Deployment annotations # annotations: {} @@ -169,9 +184,12 @@ service: port: 80 targetPort: 3000 # targetPort: 4181 To be used with a proxy extraContainer + ## Service annotations. Can be templated. annotations: {} labels: {} portName: service + # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" + appProtocol: "" serviceMonitor: ## If true, a ServiceMonitor CRD is created for a prometheus operator @@ -186,6 +204,8 @@ serviceMonitor: tlsConfig: {} scrapeTimeout: 30s relabelings: [] + metricRelabelings: [] + targetLabels: [] extraExposePorts: [] # - name: keycloak @@ -260,6 +280,11 @@ tolerations: [] ## affinity: {} +## Topology Spread Constraints +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## +topologySpreadConstraints: [] + ## Additional init containers (evaluated as template) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## @@ -309,6 +334,8 @@ persistence: # subPath: "" ## Name of an existing PVC. Can be templated. # existingClaim: + ## Extra labels to apply to a PVC. + extraPvcLabels: {} ## If persistence is not enabled, this allows to mount the ## local storage in-memory to improve performance @@ -323,7 +350,7 @@ persistence: initChownData: ## If false, data ownership will not be reset at startup - ## This allows the prometheus-server to be run with an arbitrary user + ## This allows the grafana-server to be run with an arbitrary user ## enabled: true @@ -331,9 +358,9 @@ initChownData: ## image: pullPolicy: IfNotPresent -# repository: busybox -# tag: "1.31.1" -# sha: "" +# repository: docker.io/library/busybox +# tag: "1.31.1" +# sha: "" ## initChownData resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -345,7 +372,14 @@ initChownData: # requests: # cpu: 100m # memory: 128Mi - + securityContext: + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + capabilities: + add: + - CHOWN # Administrator credentials when not using an existing secret (see below) adminUser: admin @@ -365,10 +399,13 @@ admin: # - "sh" # - "/run.sh" -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: +## Optionally define args if command is used +## Needed if using `hashicorp/envconsul` to manage secrets +## By default no arguments are set +# args: +# - "-secret" +# - "secret/grafana" +# - "./grafana" ## Extra environment variables that will be pass onto deployment pods ## @@ -413,7 +450,9 @@ envValueFrom: {} envFromSecret: "" ## Sensible environment variables that will be rendered as new secret object -## This can be useful for auth tokens, etc +## This can be useful for auth tokens, etc. +## If the secret values contains "{{", they'll need to be properly escaped so that they are not interpreted by Helm +## ref: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function envRenderSecret: {} ## The names of secrets in the same kubernetes namespace which contain values to be added to the environment @@ -479,6 +518,14 @@ extraVolumeMounts: [] # mountPath: /mnt/volume1 # readOnly: true # hostPath: /usr/shared/ + # - name: grafana-secrets + # mountPath: /mnt/volume2 + # csi: true + # data: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "grafana-env-spc" ## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request lifecycleHooks: {} @@ -491,6 +538,9 @@ lifecycleHooks: {} plugins: [] # - digrich-bubblechart-panel # - grafana-clock-panel + ## You can also use other plugin download URL, as long as they are valid zip files, + ## and specify the name of the plugin after the semicolon. Like this: + # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource ## Configure grafana datasources ## ref: http://docs.grafana.org/administration/provisioning/#datasources @@ -512,6 +562,73 @@ datasources: {} # jsonData: # authType: default # defaultRegion: us-east-1 +# deleteDatasources: [] +# - name: Prometheus + +## Configure grafana alerting (can be templated) +## ref: http://docs.grafana.org/administration/provisioning/#alerting +## +alerting: {} + # rules.yaml: + # apiVersion: 1 + # groups: + # - orgId: 1 + # name: '{{ .Chart.Name }}_my_rule_group' + # folder: my_first_folder + # interval: 60s + # rules: + # - uid: my_id_1 + # title: my_first_rule + # condition: A + # data: + # - refId: A + # datasourceUid: '-100' + # model: + # conditions: + # - evaluator: + # params: + # - 3 + # type: gt + # operator: + # type: and + # query: + # params: + # - A + # reducer: + # type: last + # type: query + # datasource: + # type: __expr__ + # uid: '-100' + # expression: 1==0 + # intervalMs: 1000 + # maxDataPoints: 43200 + # refId: A + # type: math + # dashboardUid: my_dashboard + # panelId: 123 + # noDataState: Alerting + # for: 60s + # annotations: + # some_key: some_value + # labels: + # team: sre_team_1 + # contactpoints.yaml: + # apiVersion: 1 + # contactPoints: + # - orgId: 1 + # name: cp_1 + # receivers: + # - uid: first_uid + # type: pagerduty + # settings: + # integrationKey: XXX + # severity: critical + # class: ping failure + # component: Grafana + # group: app-stack + # summary: | + # {{ `{{ include "default.message" . }}` }} ## Configure notifiers ## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels @@ -540,14 +657,14 @@ dashboardProviders: dashboardproviders.yaml: apiVersion: 1 providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: true - editable: false - options: - path: /var/lib/grafana/dashboards + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: true + editable: false + options: + path: /var/lib/grafana/dashboards ## Configure grafana dashboard to import ## NOTE: To use dashboards you must also enable/configure dashboardProviders @@ -556,2805 +673,4565 @@ dashboardProviders: ## dashboards per provider, use provider name as key. ## dashboards: - default: - default: - json: | - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 12, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": "Prometheus", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 53, - "panels": [], - "targets": [ - { - "datasource": "Prometheus", - "refId": "A" - } - ], - "title": "K10 System Resource Usage", - "type": "row" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 55, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(rate(process_cpu_seconds_total[5m]))", - "legendFormat": "Total CPU seconds", - "range": true, - "refId": "A" - } - ], - "title": "K10 CPU total seconds ", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 57, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(process_resident_memory_bytes)", - "hide": false, - "legendFormat": "Total memory consumption", - "range": true, - "refId": "C" - } - ], - "title": "K10 total memory consumption", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 9 - }, - "id": 81, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "rate(process_cpu_seconds_total{job=\"httpServiceDiscovery\"}[5m])", - "legendFormat": "{{service}}", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(rate(process_cpu_seconds_total{job=\"k10-pods\"}[5m]))", - "hide": false, - "legendFormat": "executor", - "range": true, - "refId": "B" - }, - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(rate(process_cpu_seconds_total{job=\"pushAggregator\"}[5m]))", - "hide": false, - "legendFormat": "ephemeral pods", - "range": true, - "refId": "C" - }, - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(rate(process_cpu_seconds_total{job=\"prometheus\"}[5m]))", - "hide": false, - "legendFormat": "prometheus", - "range": true, - "refId": "D" - } - ], - "title": "CPU total seconds per service", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 9 - }, - "id": 82, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "process_resident_memory_bytes{job=\"pushAggregator\"}", - "hide": false, - "legendFormat": "ephemeral pods", - "range": true, - "refId": "C" - }, - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "process_resident_memory_bytes{job=\"httpServiceDiscovery\"}", - "hide": false, - "legendFormat": "{{service}}", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(process_resident_memory_bytes{job=\"k10-pods\"})", - "hide": false, - "legendFormat": "executor", - "range": true, - "refId": "B" - }, - { - "datasource": "Prometheus", - "editorMode": "builder", - "expr": "sum(process_resident_memory_bytes{job=\"prometheus\"})", - "hide": false, - "legendFormat": "prometheus", - "range": true, - "refId": "D" - } - ], - "title": "Memory consumption by service", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": "Prometheus", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 17 - }, - "id": 18, - "panels": [], - "targets": [ - { - "datasource": "Prometheus", - "refId": "A" - } - ], - "title": "Applications", - "type": "row" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "yellow", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 5, - "x": 0, - "y": 18 - }, - "id": 24, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_backup_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Backups Completed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 5, - "y": 18 - }, - "id": 33, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_backup_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Backups Failed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "#EAB839", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 8, - "y": 18 - }, - "id": 34, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_backup_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Backups Skipped", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 5, - "x": 13, - "y": 18 - }, - "id": 35, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_restore_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Restores Completed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 18, - "y": 18 - }, - "id": 36, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_restore_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Restores Failed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "#EAB839", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 21, - "y": 18 - }, - "id": 23, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_restore_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Restores Skipped", - "type": "stat" - }, - { - "collapsed": false, - "datasource": "Prometheus", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 25 - }, - "id": 16, - "panels": [], - "targets": [ - { - "datasource": "Prometheus", - "refId": "A" - } - ], - "title": "Cluster", - "type": "row" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "yellow", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 5, - "x": 0, - "y": 26 - }, - "id": 10, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_backup_cluster_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Cluster Backups Completed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 5, - "y": 26 - }, - "id": 19, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_backup_cluster_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Cluster Backups Failed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "#EAB839", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 8, - "y": 26 - }, - "id": 28, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_backup_cluster_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Cluster Backups Skipped", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 5, - "x": 13, - "y": 26 - }, - "id": 21, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_restore_cluster_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Cluster Restores Completed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 18, - "y": 26 - }, - "id": 22, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_restore_cluster_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Cluster Restores Failed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "#EAB839", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 3, - "x": 21, - "y": 26 - }, - "id": 25, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_restore_cluster_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Cluster Restores Skipped", - "type": "stat" - }, - { - "collapsed": false, - "datasource": "Prometheus", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 33 - }, - "id": 31, - "panels": [], - "targets": [ - { - "datasource": "Prometheus", - "refId": "A" - } - ], - "title": "Backup Exports", - "type": "row" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 5, - "x": 0, - "y": 34 - }, - "id": 38, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_export_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Exports Completed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 5, - "y": 34 - }, - "id": 29, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_export_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Exports Failed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "#EAB839", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 8, - "y": 34 - }, - "id": 20, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_export_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Exports Skipped", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 5, - "x": 13, - "y": 34 - }, - "id": 27, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_import_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Imports Completed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 18, - "y": 34 - }, - "id": 39, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_import_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Imports Failed", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "#EAB839", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 21, - "y": 34 - }, - "id": 37, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_import_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Imports Skipped", - "type": "stat" - }, - { - "collapsed": false, - "datasource": "Prometheus", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 40 - }, - "id": 14, - "panels": [], - "targets": [ - { - "datasource": "Prometheus", - "refId": "A" - } - ], - "title": "System", - "type": "row" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - }, - "unit": "runs" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 0, - "y": 41 - }, - "id": 12, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_run_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", - "format": "time_series", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Policy Runs", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "index": 0, - "text": "-" - } - }, - "type": "value" - } - ], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - }, - "unit": "runs" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 3, - "y": 41 - }, - "id": 40, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "sum(round(increase(action_run_skipped_overall{cluster=\"$cluster\"}[$__range])))", - "format": "time_series", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Policy Runs Skipped", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 6, - "y": 41 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "catalog_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Catalog Volume Used", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "max": 100, - "min": 0, - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 70 - }, - { - "color": "orange", - "value": 80 - }, - { - "color": "red", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 9, - "y": 41 - }, - "id": 2, - "options": { - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "100-catalog_persistent_volume_free_space_percent{cluster=\"$cluster\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Catalog Volume Used Space", - "type": "gauge" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 12, - "y": 41 - }, - "id": 8, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "jobs_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Jobs Volume Used", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "max": 100, - "min": 0, - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 70 - }, - { - "color": "orange", - "value": 80 - }, - { - "color": "red", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 15, - "y": 41 - }, - "id": 4, - "options": { - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "100-jobs_persistent_volume_free_space_percent{cluster=\"$cluster\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Jobs Volume Used Space", - "type": "gauge" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 18, - "y": 41 - }, - "id": 7, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "logging_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Logging Volume Used", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "max": 100, - "min": 0, - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 70 - }, - { - "color": "orange", - "value": 80 - }, - { - "color": "red", - "value": 90 - } - ] - }, - "unit": "percent" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 21, - "y": 41 - }, - "id": 3, - "options": { - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "100-logging_persistent_volume_free_space_percent{cluster=\"$cluster\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Logging Volume Used Space", - "type": "gauge" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "text", - "value": null - }, - { - "color": "green", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 0, - "y": 47 - }, - "id": 41, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "compliance_count{state=\"Compliant\"}", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Compliant Applications", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 3, - "y": 47 - }, - "id": 42, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "compliance_count{state=\"NotCompliant\"}", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Non-Compliant Applications", - "type": "stat" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 6, - "y": 47 - }, - "id": 43, - "interval": "1m", - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "last" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": false, - "expr": "compliance_count{state=\"Unmanaged\"}", - "hide": false, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Unmanaged Applications", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 12, - "y": 47 - }, - "id": 44, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "snapshot_storage_size_bytes{cluster=\"$cluster\", type=\"physical\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Snapshot Size (Physical)", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 15, - "y": 47 - }, - "id": 45, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "snapshot_storage_size_bytes{cluster=\"$cluster\", type=\"logical\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Snapshot Size (Logical)", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 18, - "y": 47 - }, - "id": 46, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "export_storage_size_bytes{cluster=\"$cluster\", type=\"physical\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Export Size (Physical)", - "type": "stat" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "noValue": "-", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#ccccdc", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 21, - "y": 47 - }, - "id": 47, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.5", - "targets": [ - { - "datasource": "Prometheus", - "exemplar": true, - "expr": "export_storage_size_bytes{cluster=\"$cluster\", type=\"logical\"}", - "interval": "", - "legendFormat": "", - "queryType": "randomWalk", - "refId": "A" - } - ], - "title": "Export Size (Logical)", - "type": "stat" - }, - { + default: + default: + json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 12, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 53, + "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "K10 System Resource Usage", + "type": "row" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 55, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total[5m]))", + "legendFormat": "Total CPU seconds", + "range": true, + "refId": "A" + } + ], + "title": "K10 CPU total seconds ", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 57, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(process_resident_memory_bytes)", + "hide": false, + "legendFormat": "Total memory consumption", + "range": true, + "refId": "C" + } + ], + "title": "K10 total memory consumption", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 81, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "rate(process_cpu_seconds_total{job=\"httpServiceDiscovery\"}[5m])", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total{job=\"k10-pods\"}[5m]))", + "hide": false, + "legendFormat": "executor", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total{job=\"pushAggregator\"}[5m]))", + "hide": false, + "legendFormat": "ephemeral pods", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total{job=\"prometheus\"}[5m]))", + "hide": false, + "legendFormat": "prometheus", + "range": true, + "refId": "D" + } + ], + "title": "CPU total seconds per service", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 82, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "process_resident_memory_bytes{job=\"pushAggregator\"}", + "hide": false, + "legendFormat": "ephemeral pods", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "process_resident_memory_bytes{job=\"httpServiceDiscovery\"}", + "hide": false, + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(process_resident_memory_bytes{job=\"k10-pods\"})", + "hide": false, + "legendFormat": "executor", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(process_resident_memory_bytes{job=\"prometheus\"})", + "hide": false, + "legendFormat": "prometheus", + "range": true, + "refId": "D" + } + ], + "title": "Memory consumption by service", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 18, + "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "Applications", + "type": "row" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 0, + "y": 18 + }, + "id": 24, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_backup_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Backups Completed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 5, + "y": 18 + }, + "id": 33, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_backup_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Backups Failed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 8, + "y": 18 + }, + "id": 34, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_backup_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Backups Skipped", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 13, + "y": 18 + }, + "id": 35, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_restore_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Restores Completed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 18, + "y": 18 + }, + "id": 36, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_restore_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Restores Failed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 21, + "y": 18 + }, + "id": 23, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_restore_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Restores Skipped", + "type": "stat" + }, + { + "collapsed": false, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 25 + }, + "id": 16, + "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "Cluster", + "type": "row" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 0, + "y": 26 + }, + "id": 10, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_backup_cluster_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster Backups Completed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 5, + "y": 26 + }, + "id": 19, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_backup_cluster_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster Backups Failed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 8, + "y": 26 + }, + "id": 28, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_backup_cluster_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster Backups Skipped", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 13, + "y": 26 + }, + "id": 21, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_restore_cluster_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster Restores Completed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 18, + "y": 26 + }, + "id": 22, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_restore_cluster_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster Restores Failed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 21, + "y": 26 + }, + "id": 25, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_restore_cluster_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster Restores Skipped", + "type": "stat" + }, + { + "collapsed": false, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 31, + "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "Backup Exports", + "type": "row" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 34 + }, + "id": 38, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_export_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Exports Completed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 5, + "y": 34 + }, + "id": 29, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_export_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Exports Failed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 8, + "y": 34 + }, + "id": 20, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_export_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Exports Skipped", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 13, + "y": 34 + }, + "id": 27, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_import_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Imports Completed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 18, + "y": 34 + }, + "id": 39, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_import_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Imports Failed", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 21, + "y": 34 + }, + "id": 37, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_import_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Imports Skipped", + "type": "stat" + }, + { + "collapsed": false, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 14, + "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "System", + "type": "row" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + }, + "unit": "runs" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 0, + "y": 41 + }, + "id": 12, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_run_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", + "format": "time_series", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Policy Runs", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "-" + } + }, + "type": "value" + } + ], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + }, + "unit": "runs" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 3, + "y": 41 + }, + "id": 40, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "sum(round(increase(action_run_skipped_overall{cluster=\"$cluster\"}[$__range])))", + "format": "time_series", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Policy Runs Skipped", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 6, + "y": 41 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "catalog_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Catalog Volume Used", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 70 + }, + { + "color": "orange", + "value": 80 + }, + { + "color": "red", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 9, + "y": 41 + }, + "id": 2, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "100-catalog_persistent_volume_free_space_percent{cluster=\"$cluster\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Catalog Volume Used Space", + "type": "gauge" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 12, + "y": 41 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "jobs_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Jobs Volume Used", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 70 + }, + { + "color": "orange", + "value": 80 + }, + { + "color": "red", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 15, + "y": 41 + }, + "id": 4, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "100-jobs_persistent_volume_free_space_percent{cluster=\"$cluster\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Jobs Volume Used Space", + "type": "gauge" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 18, + "y": 41 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "logging_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Logging Volume Used", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 70 + }, + { + "color": "orange", + "value": 80 + }, + { + "color": "red", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 21, + "y": 41 + }, + "id": 3, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "100-logging_persistent_volume_free_space_percent{cluster=\"$cluster\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Logging Volume Used Space", + "type": "gauge" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "green", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 0, + "y": 47 + }, + "id": 41, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "compliance_count{state=\"Compliant\"}", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Compliant Applications", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 3, + "y": 47 + }, + "id": 42, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "compliance_count{state=\"NotCompliant\"}", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Non-Compliant Applications", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 6, + "y": 47 + }, + "id": 43, + "interval": "1m", + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": false, + "expr": "compliance_count{state=\"Unmanaged\"}", + "hide": false, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Unmanaged Applications", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 12, + "y": 47 + }, + "id": 44, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "snapshot_storage_size_bytes{cluster=\"$cluster\", type=\"physical\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Snapshot Size (Physical)", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 15, + "y": 47 + }, + "id": 45, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "snapshot_storage_size_bytes{cluster=\"$cluster\", type=\"logical\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Snapshot Size (Logical)", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 18, + "y": 47 + }, + "id": 46, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "export_storage_size_bytes{cluster=\"$cluster\", type=\"physical\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Export Size (Physical)", + "type": "stat" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#ccccdc", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 21, + "y": 47 + }, + "id": 47, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": "Prometheus", + "exemplar": true, + "expr": "export_storage_size_bytes{cluster=\"$cluster\", type=\"logical\"}", + "interval": "", + "legendFormat": "", + "queryType": "randomWalk", + "refId": "A" + } + ], + "title": "Export Size (Logical)", + "type": "stat" + }, + { + "collapsed": true, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 53 + }, + "id": 49, + "panels": [ + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Worker Count" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 54 + }, + "id": 57, + "interval": "5s", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(exec_executor_worker_count)", + "legendFormat": "Worker Count", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(exec_active_job_count) OR on() vector(0)", + "hide": false, + "legendFormat": "Worker Load", + "range": true, + "refId": "B" + } + ], + "title": "Executor Worker Load", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 54 + }, + "id": 68, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_backup_duration_seconds_sum_overall[5m])) / sum(rate(action_backup_ended_overall[5m]))", + "hide": false, + "legendFormat": "Backup", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_backup_cluster_duration_seconds_overall_sum[5m])) / sum(rate(action_backup_cluster_ended_overall[5m]))", + "hide": false, + "legendFormat": "Backup Cluster", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_export_duration_seconds_sum_overall[5m])) / sum(rate(action_export_ended_overall[5m]))", + "hide": false, + "legendFormat": "Export", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_import_duration_seconds_sum_overall[5m])) / sum(rate(action_import_ended_overall[5m]))", + "hide": false, + "legendFormat": "Import", + "range": true, + "refId": "D" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_report_duration_seconds_sum_overall[5m])) / sum(rate(action_report_ended_overall[5m]))", + "hide": false, + "legendFormat": "Report", + "range": true, + "refId": "E" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_retire_duration_seconds_sum_overall[5m])) / sum(rate(action_retire_ended_overall[5m]))", + "hide": false, + "legendFormat": "Retire", + "range": true, + "refId": "F" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_restore_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_ended_overall[5m]))", + "hide": false, + "legendFormat": "Restore", + "range": true, + "refId": "G" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_restore_cluster_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_cluster_ended_overall[5m]))", + "hide": false, + "legendFormat": "Restore Cluster", + "range": true, + "refId": "H" + } + ], + "title": "Average Action Duration", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 61 + }, + "id": 74, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_backup_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Backups", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 61 + }, + "id": 69, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_backup_cluster_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Cluster Backups", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 61 + }, + "id": 75, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_export_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Exports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 61 + }, + "id": 76, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_import_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Imports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 68 + }, + "id": 77, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_report_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Reports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 68 + }, + "id": 79, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_retire_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Retires", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 68 + }, + "id": 80, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_restore_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Restores", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 68 + }, + "id": 78, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_restore_cluster_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Cluster Restores", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 75 + }, + "id": 63, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(limiter_request_seconds_sum{stage=\"hold\"}[5m])) by (operation) / sum(rate(limiter_request_seconds_count{stage=\"hold\"}[5m])) by (operation) ", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Rate Limiter - avg operation duration", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Limit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "inflight" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "pending" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 4.8, + "x": 0, + "y": 82 + }, + "id": 51, + "maxPerRow": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "repeat": "operation", + "repeatDirection": "h", + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_inflight_count{operation=\"$operation\"}", + "legendFormat": "Inflight", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_pending_count{operation=\"$operation\"}", + "hide": false, + "legendFormat": "Pending", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_inflight_limit_value{operation=\"$operation\"}", + "hide": false, + "legendFormat": "Limit", + "range": true, + "refId": "C" + } + ], + "title": "Rate Limiter - $operation", + "type": "timeseries" + } + ], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "Execution Control", + "type": "row" + }, + { "collapsed": true, - "datasource": "Prometheus", "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 53 + "y": 54 }, - "id": 49, + "id": 84, "panels": [ { "datasource": "Prometheus", "fieldConfig": { "defaults": { "color": { - "fixedColor": "red", "mode": "palette-classic" }, "custom": { @@ -3378,123 +5255,7 @@ dashboards: "type": "linear" }, "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Worker Count" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 54 - }, - "id": 57, - "interval": "5s", - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(exec_executor_worker_count)", - "legendFormat": "Worker Count", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(exec_active_job_count) OR on() vector(0)", - "hide": false, - "legendFormat": "Worker Load", - "range": true, - "refId": "B" - } - ], - "title": "Executor Worker Load", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, + "spanNulls": true, "stacking": { "group": "A", "mode": "none" @@ -3517,233 +5278,17 @@ dashboards: } ] }, - "unit": "s" + "unit": "percentunit" }, "overrides": [] }, "gridPos": { - "h": 7, + "h": 8, "w": 12, - "x": 12, - "y": 54 - }, - "id": 68, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_backup_duration_seconds_sum_overall[5m])) / sum(rate(action_backup_ended_overall[5m]))", - "hide": false, - "legendFormat": "Backup", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_backup_cluster_duration_seconds_overall_sum[5m])) / sum(rate(action_backup_cluster_ended_overall[5m]))", - "hide": false, - "legendFormat": "Backup Cluster", - "range": true, - "refId": "B" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_export_duration_seconds_sum_overall[5m])) / sum(rate(action_export_ended_overall[5m]))", - "hide": false, - "legendFormat": "Export", - "range": true, - "refId": "C" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_import_duration_seconds_sum_overall[5m])) / sum(rate(action_import_ended_overall[5m]))", - "hide": false, - "legendFormat": "Import", - "range": true, - "refId": "D" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_report_duration_seconds_sum_overall[5m])) / sum(rate(action_report_ended_overall[5m]))", - "hide": false, - "legendFormat": "Report", - "range": true, - "refId": "E" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_retire_duration_seconds_sum_overall[5m])) / sum(rate(action_retire_ended_overall[5m]))", - "hide": false, - "legendFormat": "Retire", - "range": true, - "refId": "F" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_restore_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_ended_overall[5m]))", - "hide": false, - "legendFormat": "Restore", - "range": true, - "refId": "G" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_restore_cluster_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_cluster_ended_overall[5m]))", - "hide": false, - "legendFormat": "Restore Cluster", - "range": true, - "refId": "H" - } - ], - "title": "Average Action Duration", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, "x": 0, - "y": 61 + "y": 55 }, - "id": 74, + "id": 86, "options": { "legend": { "calcs": [], @@ -3760,1093 +5305,13 @@ dashboards: { "datasource": "Prometheus", "editorMode": "code", - "expr": "sum(round(increase(action_backup_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", + "expr": "sum(increase(action_export_transferred_bytes[5m:30s]))/sum((increase(action_export_processed_bytes[5m:30s])>0))", + "legendFormat": "Transferred/Processed across all actions", "range": true, "refId": "A" } ], - "title": "Finished Backups", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 61 - }, - "id": 69, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_backup_cluster_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Cluster Backups", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 61 - }, - "id": 75, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_export_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Exports", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 61 - }, - "id": 76, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_import_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Imports", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 68 - }, - "id": 77, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_report_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Reports", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 68 - }, - "id": 79, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_retire_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Retires", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 68 - }, - "id": 80, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_restore_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Restores", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 68 - }, - "id": 78, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_restore_cluster_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Cluster Restores", - "transformations": [], + "title": "Transferred/Processed Ratio", "type": "timeseries" }, { @@ -4877,7 +5342,7 @@ dashboards: "type": "linear" }, "showPoints": "auto", - "spanNulls": false, + "spanNulls": true, "stacking": { "group": "A", "mode": "none" @@ -4900,17 +5365,17 @@ dashboards: } ] }, - "unit": "s" + "unit": "percentunit" }, "overrides": [] }, "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 75 + "h": 8, + "w": 12, + "x": 12, + "y": 55 }, - "id": 63, + "id": 88, "options": { "legend": { "calcs": [], @@ -4927,13 +5392,13 @@ dashboards: { "datasource": "Prometheus", "editorMode": "code", - "expr": "sum(rate(limiter_request_seconds_sum{stage=\"hold\"}[5m])) by (operation) / sum(rate(limiter_request_seconds_count{stage=\"hold\"}[5m])) by (operation) ", - "legendFormat": "__auto", + "expr": "(increase(action_export_transferred_bytes[5m:30s])/(increase(action_export_processed_bytes[5m:30s])>0))", + "legendFormat": "{{policy}}:{{app}}", "range": true, "refId": "A" } ], - "title": "Rate Limiter - avg operation duration", + "title": "Transferred/Processed Ratio per policy:app", "type": "timeseries" }, { @@ -4941,7 +5406,6 @@ dashboards: "fieldConfig": { "defaults": { "color": { - "fixedColor": "red", "mode": "palette-classic" }, "custom": { @@ -4965,7 +5429,7 @@ dashboards: "type": "linear" }, "showPoints": "auto", - "spanNulls": false, + "spanNulls": true, "stacking": { "group": "A", "mode": "none" @@ -4974,7 +5438,7 @@ dashboards: "mode": "off" } }, - "mappings": [], + "mappings": [ ], "thresholds": { "mode": "absolute", "steps": [ @@ -4987,67 +5451,21 @@ dashboards: "value": 80 } ] - } + }, + "unit": "bytes" }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Limit" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "inflight" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "pending" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - } - ] + "overrides": [ ] }, "gridPos": { - "h": 7, - "w": 4.8, + "h": 8, + "w": 12, "x": 0, - "y": 82 + "y": 63 }, - "id": 51, - "maxPerRow": 6, + "id": 89, "options": { "legend": { - "calcs": [], + "calcs": [ ], "displayMode": "list", "placement": "bottom", "showLegend": true @@ -5057,476 +5475,166 @@ dashboards: "sort": "none" } }, - "repeat": "operation", - "repeatDirection": "h", "targets": [ { "datasource": "Prometheus", "editorMode": "code", - "expr": "limiter_inflight_count{operation=\"$operation\"}", - "legendFormat": "Inflight", + "expr": "increase(action_export_transferred_bytes[5m:30s]) > 0", + "legendFormat": "{{policy}}:{{app}}", "range": true, "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_pending_count{operation=\"$operation\"}", - "hide": false, - "legendFormat": "Pending", - "range": true, - "refId": "B" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_inflight_limit_value{operation=\"$operation\"}", - "hide": false, - "legendFormat": "Limit", - "range": true, - "refId": "C" } ], - "title": "Rate Limiter - $operation", + "title": "Transferred bytes per policy:app", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [ ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 63 + }, + "id": 90, + "options": { + "legend": { + "calcs": [ ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "increase(action_export_processed_bytes[5m:30s]) > 0", + "legendFormat": "{{policy}}:{{app}}", + "range": true, + "refId": "A" + } + ], + "title": "Processed bytes per policy:app", "type": "timeseries" } ], - "targets": [ - { - "datasource": "Prometheus", - "refId": "A" - } - ], - "title": "Execution Control", + "title": "Data reduction", "type": "row" - }, - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 54 + } + ], + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "hide": 2, + "label": "Cluster", + "name": "cluster", + "query": "", + "skipUrlSync": false, + "type": "constant" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" }, - "id": 84, - "panels": [ - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "percentunit" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 55 - }, - "id": 86, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(increase(action_export_transferred_bytes[5m:30s]))/sum((increase(action_export_processed_bytes[5m:30s])>0))", - "legendFormat": "Transferred/Processed across all actions", - "range": true, - "refId": "A" - } - ], - "title": "Transferred/Processed Ratio", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "percentunit" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 55 - }, - "id": 88, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "(increase(action_export_transferred_bytes[5m:30s])/(increase(action_export_processed_bytes[5m:30s])>0))", - "legendFormat": "{{policy}}:{{app}}", - "range": true, - "refId": "A" - } - ], - "title": "Transferred/Processed Ratio per policy:app", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [ ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [ ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 63 - }, - "id": 89, - "options": { - "legend": { - "calcs": [ ], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "increase(action_export_transferred_bytes[5m:30s]) > 0", - "legendFormat": "{{policy}}:{{app}}", - "range": true, - "refId": "A" - } - ], - "title": "Transferred bytes per policy:app", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [ ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [ ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 63 - }, - "id": 90, - "options": { - "legend": { - "calcs": [ ], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "increase(action_export_processed_bytes[5m:30s]) > 0", - "legendFormat": "{{policy}}:{{app}}", - "range": true, - "refId": "A" - } - ], - "title": "Processed bytes per policy:app", - "type": "timeseries" - } - ], - "title": "Data reduction", - "type": "row" + "datasource": "Prometheus", + "definition": "limiter_pending_count", + "description": "", + "hide": 2, + "includeAll": true, + "label": "operation", + "multi": false, + "name": "operation", + "options": [], + "query": { + "query": "limiter_pending_count", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/operation=\\\"([\\w]+)\\\"/", + "skipUrlSync": false, + "sort": 0, + "type": "query" } - ], - "schemaVersion": 37, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "hide": 2, - "label": "Cluster", - "name": "cluster", - "query": "", - "skipUrlSync": false, - "type": "constant" - }, - { - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "Prometheus", - "definition": "limiter_pending_count", - "description": "", - "hide": 2, - "includeAll": true, - "label": "operation", - "multi": false, - "name": "operation", - "options": [], - "query": { - "query": "limiter_pending_count", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "/operation=\\\"([\\w]+)\\\"/", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "K10 Dashboard", - "uid": "8Ebb3xS7k", - "version": 1 - } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "K10 Dashboard", + "uid": "8Ebb3xS7k", + "version": 1 + } # custom-dashboard: # file: dashboards/custom-dashboard.json # prometheus-stats: # gnetId: 2 - # revision: 2 - # datasource: Prometheus - # local-dashboard: - # url: https://example.com/repository/test.json - # token: '' - # local-dashboard-base64: - # url: https://example.com/repository/test-b64.json - # token: '' - # b64content: true ## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. ## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. @@ -5557,11 +5665,11 @@ grafana.ini: url: https://grafana.net dashboards: default_home_dashboard_path: /var/lib/grafana/dashboards/default/default.json -## grafana Authentication can be enabled with the following values on grafana.ini - # server: - # The full public facing url you use in browser, used for redirects and emails - # root_url: - + # Customized by Kasten for K10 + server: + root_url: /{{ include "k10.ingressPath" . | trimSuffix "/"}}/grafana + serve_from_sub_path: false + ## grafana Authentication can be enabled with the following values on grafana.ini auth: disable_login_form: true disable_signout_menu: true @@ -5630,7 +5738,7 @@ smtp: sidecar: image: repository: quay.io/kiwigrid/k8s-sidecar - tag: 1.19.2 + tag: 1.24.6 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -5640,21 +5748,73 @@ sidecar: # requests: # cpu: 50m # memory: 50Mi - securityContext: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault # skipTlsVerify Set to true to skip tls verification for kube api calls # skipTlsVerify: true enableUniqueFilenames: false readinessProbe: {} livenessProbe: {} - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - logLevel: INFO + # Log level default for all sidecars. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. Defaults to INFO + # logLevel: INFO + alerts: + enabled: false + # Additional environment variables for the alerts sidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true + # label that the configmaps with alert are marked with + label: grafana_alert + # value of label that the configmaps with alert are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO + # If specified, the sidecar will search for alert config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # Endpoint to send request to reload alerts + reloadURL: "http://localhost:3000/api/admin/provisioning/alerting/reload" + # Absolute path to shell script to execute after a alert got reloaded + script: null + skipReload: false + # Deploy the alert sidecar as an initContainer in addition to a container. + # Additional alert sidecar volume mounts + extraMounts: [] + # Sets the size limit of the alert sidecar emptyDir volume + sizeLimit: {} dashboards: enabled: false + # Additional environment variables for the dashboards sidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true SCProvider: true # label that the configmaps with dashboards are marked with label: grafana_dashboard # value of label that the configmaps with dashboards are set to labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) folder: /tmp/dashboards # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead @@ -5670,8 +5830,11 @@ sidecar: # If specified, the sidecar will look for annotation with this name to create folder and put graph here. # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. folderAnnotation: null + # Endpoint to send request to reload alerts + reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" # Absolute path to shell script to execute after a configmap got reloaded script: null + skipReload: false # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 @@ -5704,10 +5867,16 @@ sidecar: sizeLimit: {} datasources: enabled: false + # Additional environment variables for the datasourcessidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true # label that the configmaps with datasources are marked with label: grafana_datasource # value of label that the configmaps with datasources are set to labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO # If specified, the sidecar will search for datasource config-maps inside this namespace. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces @@ -5716,8 +5885,20 @@ sidecar: watchMethod: WATCH # search in configmap, secret or both resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # # Endpoint to send request to reload datasources reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" + # Absolute path to shell script to execute after a datasource got reloaded + script: null skipReload: false # Deploy the datasource sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any datasources defined at startup time. @@ -5726,10 +5907,16 @@ sidecar: sizeLimit: {} plugins: enabled: false + # Additional environment variables for the plugins sidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true # label that the configmaps with plugins are marked with label: grafana_plugin # value of label that the configmaps with plugins are set to labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO # If specified, the sidecar will search for plugin config-maps inside this namespace. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces @@ -5738,8 +5925,20 @@ sidecar: watchMethod: WATCH # search in configmap, secret or both resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # # Endpoint to send request to reload plugins reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" + # Absolute path to shell script to execute after a plugin got reloaded + script: null skipReload: false # Deploy the datasource sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any plugins defined at startup time. @@ -5748,14 +5947,42 @@ sidecar: sizeLimit: {} notifiers: enabled: false + # Additional environment variables for the notifierssidecar + env: {} + # Do not reprocess already processed unchanged resources on k8s API reconnect. + # ignoreAlreadyProcessed: true # label that the configmaps with notifiers are marked with label: grafana_notifier + # value of label that the configmaps with notifiers are set to + labelValue: "" + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + # logLevel: INFO # If specified, the sidecar will search for notifier config-maps inside this namespace. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH # search in configmap, secret or both resource: both + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # Endpoint to send request to reload notifiers + reloadURL: "http://localhost:3000/api/admin/provisioning/notifications/reload" + # Absolute path to shell script to execute after a notifier got reloaded + script: null + skipReload: false + # Deploy the notifier sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any notifiers defined at startup time. + initNotifiers: false # Sets the size limit of the notifier sidecar emptyDir volume sizeLimit: {} @@ -5769,12 +5996,20 @@ revisionHistoryLimit: 10 ## Add a seperate remote image renderer deployment/service imageRenderer: + deploymentStrategy: {} # Enable the image-renderer deployment & service enabled: false replicas: 1 + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPU: "60" + targetMemory: "" + behavior: {} image: # image-renderer Image repository - repository: grafana/grafana-image-renderer + repository: docker.io/grafana/grafana-image-renderer # image-renderer Image tag tag: latest # image-renderer Image sha (optional) @@ -5787,10 +6022,33 @@ imageRenderer: # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 # RENDERING_MODE: clustered # IGNORE_HTTPS_ERRORS: true + + ## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. + ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core + ## Renders in container spec as: + ## env: + ## ... + ## - name: + ## valueFrom: + ## + envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + # image-renderer deployment serviceAccount serviceAccountName: "" # image-renderer deployment securityContext securityContext: {} + # image-renderer deployment container securityContext + containerSecurityContext: + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ['ALL'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true # image-renderer deployment Host Aliases hostAliases: [] # image-renderer deployment priority class @@ -5803,6 +6061,25 @@ imageRenderer: # image-renderer service port used by both service and deployment port: 8081 targetPort: 8081 + # Adds the appProtocol field to the image-renderer service. This allows to work with istio protocol selection. Ex: "http" or "tcp" + appProtocol: "" + serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + # See: https://doc.crds.dev/github.com/prometheus-operator/kube-prometheus/monitoring.coreos.com/ServiceMonitor/v1@v0.11.0#spec-targetLabels + targetLabels: [] + # - targetLabel1 + # - targetLabel2 # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana grafanaProtocol: http # In case a sub_path is used this needs to be added to the image renderer callback @@ -5816,6 +6093,8 @@ imageRenderer: limitIngress: true # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods limitEgress: false + # Allow additional services to access image-renderer (eg. Prometheus operator when ServiceMonitor is enabled) + extraIngressSelectors: [] resources: {} # limits: # cpu: 100m @@ -5838,6 +6117,11 @@ imageRenderer: ## affinity: {} + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: "default-scheduler" + networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. ## diff --git a/charts/kasten/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl index ffa06027d..59a25d72c 100644 --- a/charts/kasten/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -210,5 +210,5 @@ state-svc: {{- define "k10.multiClusterVersion" -}}2{{- end -}} {{- define "k10.mcExternalPort" -}}18000{{- end -}} {{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}} -{{- define "k10.kanisterToolsImageTag" -}}0.94.0{{- end -}} +{{- define "k10.kanisterToolsImageTag" -}}0.95.0{{- end -}} {{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}} diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index 82f8aa12e..09b70abef 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}6.0.6{{- end -}} \ No newline at end of file +{{- define "k10.imageTag" -}}6.0.7{{- end -}} \ No newline at end of file diff --git a/charts/kasten/k10/templates/gateway-ext.yaml b/charts/kasten/k10/templates/gateway-ext.yaml index 7e2fe8786..00da4c27b 100644 --- a/charts/kasten/k10/templates/gateway-ext.yaml +++ b/charts/kasten/k10/templates/gateway-ext.yaml @@ -21,6 +21,9 @@ metadata: {{- if .Values.externalGateway.awsSSLCertARN }} service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.externalGateway.awsSSLCertARN }} service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https + {{- if .Values.externalGateway.awsSecurityGroup }} + service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: {{ .Values.externalGateway.awsSecurityGroup }} + {{- end }} {{- end }} spec: type: LoadBalancer diff --git a/charts/kasten/k10/templates/grafana-scc.yaml b/charts/kasten/k10/templates/grafana-scc.yaml index c7b517e75..014d1be46 100644 --- a/charts/kasten/k10/templates/grafana-scc.yaml +++ b/charts/kasten/k10/templates/grafana-scc.yaml @@ -19,7 +19,8 @@ requiredDropCapabilities: - SETUID - SETGID defaultAddCapabilities: [] -allowedCapabilities: [] +allowedCapabilities: + - CHOWN priority: 0 runAsUser: type: RunAsAny @@ -29,6 +30,8 @@ fsGroup: type: RunAsAny supplementalGroups: type: RunAsAny +seccompProfiles: + - runtime/default volumes: - configMap - downwardAPI diff --git a/charts/kasten/k10/templates/k10-config.yaml b/charts/kasten/k10/templates/k10-config.yaml index 04dbb7276..1d8b4cb94 100644 --- a/charts/kasten/k10/templates/k10-config.yaml +++ b/charts/kasten/k10/templates/k10-config.yaml @@ -14,7 +14,7 @@ data: multiClusterVersion: {{ include "k10.multiClusterVersion" . | quote }} modelstoredirname: "//mnt/k10state/kasten-io/" apiDomain: {{ include "apiDomain" . }} - concurrentSnapConversions: {{ include "k10.defaultConcurrentSnapshotConversions" . | quote }} + concurrentSnapConversions: {{ default (include "k10.defaultConcurrentSnapshotConversions" .) .Values.limiter.concurrentSnapConversions | quote }} concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }} k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }} k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }} diff --git a/charts/kasten/k10/values.schema.json b/charts/kasten/k10/values.schema.json index ad5f57a0e..f629eafc3 100644 --- a/charts/kasten/k10/values.schema.json +++ b/charts/kasten/k10/values.schema.json @@ -1383,9 +1383,9 @@ }, "refreshTokenSupport": { "type": "boolean", - "default": true, + "default": false, "title": "OIDC Refresh Token support", - "description": "Enable OIDC Refresh Token support. Enabled by default." + "description": "Enable OIDC Refresh Token support. Disabled by default." } } }, @@ -2066,6 +2066,12 @@ "title": "Limiter", "description": "Limits set on several operations", "properties": { + "concurrentSnapConversions": { + "type": "integer", + "default": 3, + "title": "Concurrent snapshot conversions", + "description": "Limit of concurrent snapshots to convert during export " + }, "genericVolumeSnapshots": { "type": "integer", "default": 10, diff --git a/charts/kasten/k10/values.yaml b/charts/kasten/k10/values.yaml index 017d950a3..231362649 100644 --- a/charts/kasten/k10/values.yaml +++ b/charts/kasten/k10/values.yaml @@ -276,7 +276,7 @@ auth: #Must include providerURL, redirectURL, scopes, clientID/secret and logoutURL. secretName: "" sessionDuration: "1h" #Maximum OIDC session duration. Default value is 1 hour - refreshTokenSupport: true #Enable Refresh Token support. Enabled by default + refreshTokenSupport: false #Enable Refresh Token support. Disabled by default dex: enabled: false providerURL: "" @@ -395,6 +395,7 @@ apigateway: serviceResolver: dns limiter: + concurrentSnapConversions: 3 genericVolumeSnapshots: 10 genericVolumeCopies: 10 genericVolumeRestores: 10 diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index fcc8c252e..f34354557 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -4,6 +4,14 @@ Nothing yet. +## 2.27.0 + +### Improvements + +* Listens now all support `.address` configuration. This was an existing + setting that was not applied properly for some listens. + [#881](https://github.com/Kong/charts/pull/881) + ## 2.26.5 ### Fixed diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 9919211dc..72baf2ae1 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.26.5 +version: 2.27.0 diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md index e27b40ee9..7a18e141f 100644 --- a/charts/kong/kong/README.md +++ b/charts/kong/kong/README.md @@ -738,6 +738,7 @@ section of `values.yaml` file: | admissionWebhook.enabled | Whether to enable the validating admission webhook | true | | admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Ignore | | admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 | +| admissionWebhook.address | The address the ingress controller will listen on for admission webhooks, if not 0.0.0.0 | | | admissionWebhook.annotations | Annotations for the Validation Webhook Configuration | | | admissionWebhook.certificate.provided | Use a provided certificate. When set to false, the chart will automatically generate a certificate. | false | | admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | | diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index 1cb0f069b..7564c2e6d 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -330,10 +330,11 @@ Create KONG_STREAM_LISTEN string */}} {{- define "kong.streamListen" -}} {{- $unifiedListen := list -}} + {{- $address := (default "0.0.0.0" .address) -}} {{- range .stream -}} {{- $listenConfig := dict -}} {{- $listenConfig := merge $listenConfig . -}} - {{- $_ := set $listenConfig "address" "0.0.0.0" -}} + {{- $_ := set $listenConfig "address" $address -}} {{/* You set NGINX stream listens to UDP using a parameter due to historical reasons. Our configuration is dual-purpose, for both the Service and listen string, so we forcibly inject this parameter if that's the Service protocol. The default handles @@ -458,7 +459,8 @@ The name of the service used for the ingress controller's validation webhook {{- $_ := set $autoEnv "CONTROLLER_ELECTION_ID" (printf "kong-ingress-controller-leader-%s" .Values.ingressController.ingressClass) -}} {{- if .Values.ingressController.admissionWebhook.enabled }} - {{- $_ := set $autoEnv "CONTROLLER_ADMISSION_WEBHOOK_LISTEN" (printf "0.0.0.0:%d" (int64 .Values.ingressController.admissionWebhook.port)) -}} + {{- $address := (default "0.0.0.0" .Values.ingressController.admissionWebhook.address) -}} + {{- $_ := set $autoEnv "CONTROLLER_ADMISSION_WEBHOOK_LISTEN" (printf "%s:%d" $address (int64 .Values.ingressController.admissionWebhook.port)) -}} {{- end }} {{- if (not (eq (len .Values.ingressController.watchNamespaces) 0)) }} {{- $_ := set $autoEnv "CONTROLLER_WATCH_NAMESPACE" (.Values.ingressController.watchNamespaces | join ",") -}} @@ -955,7 +957,7 @@ the template that it itself is using form the above sections. {{- end -}} {{- $listenConfig := dict -}} {{- $listenConfig := merge $listenConfig . -}} - {{- $_ := set $listenConfig "address" $address -}} + {{- $_ := set $listenConfig "address" (default $address .address) -}} {{- $_ := set $autoEnv "KONG_ADMIN_LISTEN" (include "kong.listen" $listenConfig) -}} {{- if or .tls.client.secretName .tls.client.caBundle -}} diff --git a/charts/minio/minio-operator/Chart.yaml b/charts/minio/minio-operator/Chart.yaml index 683eb00b4..db54fe599 100644 --- a/charts/minio/minio-operator/Chart.yaml +++ b/charts/minio/minio-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: minio-operator apiVersion: v2 -appVersion: v5.0.8 +appVersion: v5.0.9 description: A Helm chart for MinIO Operator home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -19,4 +19,4 @@ name: minio-operator sources: - https://github.com/minio/operator type: application -version: 5.0.8 +version: 5.0.9 diff --git a/charts/minio/minio-operator/Chart.yaml-e b/charts/minio/minio-operator/Chart.yaml-e index 50fd1607b..b7fc8a969 100644 --- a/charts/minio/minio-operator/Chart.yaml-e +++ b/charts/minio/minio-operator/Chart.yaml-e @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.8 -appVersion: v5.0.8 +version: 5.0.9 +appVersion: v5.0.9 keywords: - storage - object-storage diff --git a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml index 863021397..5abb59184 100644 --- a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml +++ b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml @@ -43,6 +43,754 @@ spec: type: object spec: properties: + additionalVolumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + additionalVolumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array buckets: items: properties: diff --git a/charts/minio/minio-operator/values.yaml b/charts/minio/minio-operator/values.yaml index 38328a133..632e02821 100644 --- a/charts/minio/minio-operator/values.yaml +++ b/charts/minio/minio-operator/values.yaml @@ -2,21 +2,26 @@ operator: ## Setup environment variables for the Operator - # env: - # - name: MINIO_CONSOLE_TLS_ENABLE - # value: "off" - # - name: CLUSTER_DOMAIN - # value: "cluster.domain" - # - name: WATCHED_NAMESPACE - # value: "" - # - name: MINIO_OPERATOR_RUNTIME - # value: "OpenShift" +# env: +# - name: MINIO_OPERATOR_DEPLOYMENT_NAME +# valueFrom: +# fieldRef: +# fieldPath: metadata.labels['app.kubernetes.io/name'] +# - name: MINIO_CONSOLE_TLS_ENABLE +# value: "off" +# - name: CLUSTER_DOMAIN +# value: "cluster.domain" +# - name: WATCHED_NAMESPACE +# value: "" +# - name: MINIO_OPERATOR_RUNTIME +# value: "OpenShift" + env: [ ] # ### Image field: ## Image from tag (original behaviour), for example: # image: # repository: quay.io/minio/operator - # tag: v5.0.8 + # tag: v5.0.9 # pullPolicy: IfNotPresent ## Image from digest (added after original behaviour), for example: # image: @@ -25,12 +30,11 @@ operator: # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator - tag: v5.0.8 + tag: v5.0.9 pullPolicy: IfNotPresent imagePullSecrets: [ ] runtimeClassName: ~ initContainers: [ ] - env: [ ] replicaCount: 2 securityContext: runAsUser: 1000 @@ -66,7 +70,7 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.8 + tag: v5.0.9 pullPolicy: IfNotPresent env: [ ] imagePullSecrets: [ ] diff --git a/charts/minio/minio-operator/values.yaml-e b/charts/minio/minio-operator/values.yaml-e index 38328a133..632e02821 100644 --- a/charts/minio/minio-operator/values.yaml-e +++ b/charts/minio/minio-operator/values.yaml-e @@ -2,21 +2,26 @@ operator: ## Setup environment variables for the Operator - # env: - # - name: MINIO_CONSOLE_TLS_ENABLE - # value: "off" - # - name: CLUSTER_DOMAIN - # value: "cluster.domain" - # - name: WATCHED_NAMESPACE - # value: "" - # - name: MINIO_OPERATOR_RUNTIME - # value: "OpenShift" +# env: +# - name: MINIO_OPERATOR_DEPLOYMENT_NAME +# valueFrom: +# fieldRef: +# fieldPath: metadata.labels['app.kubernetes.io/name'] +# - name: MINIO_CONSOLE_TLS_ENABLE +# value: "off" +# - name: CLUSTER_DOMAIN +# value: "cluster.domain" +# - name: WATCHED_NAMESPACE +# value: "" +# - name: MINIO_OPERATOR_RUNTIME +# value: "OpenShift" + env: [ ] # ### Image field: ## Image from tag (original behaviour), for example: # image: # repository: quay.io/minio/operator - # tag: v5.0.8 + # tag: v5.0.9 # pullPolicy: IfNotPresent ## Image from digest (added after original behaviour), for example: # image: @@ -25,12 +30,11 @@ operator: # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator - tag: v5.0.8 + tag: v5.0.9 pullPolicy: IfNotPresent imagePullSecrets: [ ] runtimeClassName: ~ initContainers: [ ] - env: [ ] replicaCount: 2 securityContext: runAsUser: 1000 @@ -66,7 +70,7 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.8 + tag: v5.0.9 pullPolicy: IfNotPresent env: [ ] imagePullSecrets: [ ] diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 15f7a92b7..b8f38616d 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: https://charts.redpanda.com version: 0.1.5 digest: sha256:71281a2120a0fff2668989c34105d88cb4ad02db7a9affc446775f49746bd12b -generated: "2023-09-06T16:00:58.008853422Z" +generated: "2023-09-11T22:25:31.16539459Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 1d80a08f2..1e486170d 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -37,4 +37,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 5.3.3 +version: 5.3.4 diff --git a/charts/redpanda/redpanda/templates/services.nodeport.yaml b/charts/redpanda/redpanda/templates/services.nodeport.yaml index f8fe3d93d..a88cd74bf 100644 --- a/charts/redpanda/redpanda/templates/services.nodeport.yaml +++ b/charts/redpanda/redpanda/templates/services.nodeport.yaml @@ -42,7 +42,7 @@ spec: - name: admin-{{ $name }} protocol: TCP port: {{ $values.listeners.admin.port }} - nodePort: {{ dig "nodePort" (first (dig "advertisedPorts" (list $values.listeners.admin.port) $listener)) $listener }} + nodePort: {{ first (dig "advertisedPorts" (list $listener.port) $listener) }} {{- end }} {{- end }} {{- range $name, $listener := $values.listeners.kafka.external }} @@ -51,7 +51,7 @@ spec: - name: kafka-{{ $name }} protocol: TCP port: {{ $listener.port }} - nodePort: {{ dig "nodePort" (first (dig "advertisedPorts" (list $values.listeners.kafka.port) $listener)) $listener }} + nodePort: {{ first (dig "advertisedPorts" (list $listener.port) $listener) }} {{- end }} {{- end }} {{- range $name, $listener := $values.listeners.http.external }} @@ -60,7 +60,7 @@ spec: - name: http-{{ $name }} protocol: TCP port: {{ $listener.port }} - nodePort: {{ dig "nodePort" (first (dig "advertisedPorts" (list $values.listeners.http.port) $listener)) $listener }} + nodePort: {{ first (dig "advertisedPorts" (list $listener.port) $listener) }} {{- end }} {{- end }} {{- range $name, $listener := $values.listeners.schemaRegistry.external }} @@ -69,7 +69,7 @@ spec: - name: schema-{{ $name }} protocol: TCP port: {{ dig "port" $values.listeners.schemaRegistry.port $listener }} - nodePort: {{ dig "nodePort" (first (dig "advertisedPorts" (list $values.listeners.schemaRegistry.port) $listener)) $listener }} + nodePort: {{ first (dig "advertisedPorts" (list $listener.port) $listener) }} {{- end }} {{- end }} selector: diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 4fe1f0144..70cd6fcf6 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.16.12 +### New Features +* [b2146b31](https://github.com/sysdiglabs/charts/commit/b2146b31e56eb00a6dc270bbb9bb530a3ee69f4c): release agent 12.16.1 ([#1353](https://github.com/sysdiglabs/charts/issues/1353)) # v1.16.11 ### New Features * **agent,sysdig** [8aff7e6a](https://github.com/sysdiglabs/charts/commit/8aff7e6adcccd7ebbebabff7f7d89e5125fb8f46): use `updatecli` for agent version bumps during release ([#1338](https://github.com/sysdiglabs/charts/issues/1338)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index f5b4ab228..1f29efde0 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: Sysdig catalog.cattle.io/release-name: sysdig apiVersion: v1 -appVersion: 12.16.0 +appVersion: 12.16.1 deprecated: true description: Sysdig Monitor and Secure agent home: https://www.sysdig.com/ @@ -19,4 +19,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.16.11 +version: 1.16.12 diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index 1687d2aa9..80928d0fe 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,5 +1,5 @@ # What's Changed ### New Features -- **agent,sysdig** [8aff7e6a](https://github.com/sysdiglabs/charts/commit/8aff7e6adcccd7ebbebabff7f7d89e5125fb8f46): use `updatecli` for agent version bumps during release ([#1338](https://github.com/sysdiglabs/charts/issues/1338)) -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.22.2...sysdig-1.16.11 +- [b2146b31](https://github.com/sysdiglabs/charts/commit/b2146b31e56eb00a6dc270bbb9bb530a3ee69f4c): release agent 12.16.1 ([#1353](https://github.com/sysdiglabs/charts/issues/1353)) +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.22.5...sysdig-1.16.12 diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml index 4db82130e..74b7ee16a 100644 --- a/charts/sysdig/sysdig/values.yaml +++ b/charts/sysdig/sysdig/values.yaml @@ -7,7 +7,7 @@ image: overrideValue: null registry: quay.io repository: sysdig/agent - tag: 12.16.0 + tag: 12.16.1 # Specify a imagePullPolicy # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -168,14 +168,14 @@ sysdig: disableCaptures: false # Advanced settings. Any option in here will be directly translated into dragent.yaml in the Configmap settings: {} - ### Example: Agent tags - # tags: linux:ubuntu,dept:dev,local:nyc - ### Example: Proxy configuration (see https://docs.sysdig.com/en/enable-http-proxy-for-agents.html) - # ssl: false - # http_proxy: - # proxy_host: squid.yourdomain.com - # proxy_port: 3128 - # ssl: false + ### Example: Agent tags + # tags: linux:ubuntu,dept:dev,local:nyc + ### Example: Proxy configuration (see https://docs.sysdig.com/en/enable-http-proxy-for-agents.html) + # ssl: false + # http_proxy: + # proxy_host: squid.yourdomain.com + # proxy_port: 3128 + # ssl: false secure: # true here enables Sysdig Secure: container run-time security & forensics enabled: true @@ -515,15 +515,15 @@ kspmCollector: memory: 1536Mi env: {} customAppChecks: {} - # Allow passing custom app checks for Sysdig Agent. - # Example: - # - # sample.py: |- - # from checks import AgentCheck - # - # class MyCustomCheck(AgentCheck): - # def check(self, instance): - # self.gauge("testhelm", 1) +# Allow passing custom app checks for Sysdig Agent. +# Example: +# +# sample.py: |- +# from checks import AgentCheck +# +# class MyCustomCheck(AgentCheck): +# def check(self, instance): +# self.gauge("testhelm", 1) # Promscrape prometheus.yaml not configured by default prometheus: file: false @@ -550,13 +550,13 @@ extraVolumes: # - mountPath: /opt/draios/secret # name: sysdig-new-secret extraSecrets: [] - # Allow passing extra secrets that can be mounted via extraVolumes - # - # extraSecrets: - # - name: sysdig-new-secret - # data: - # sysdig-new-password-key1: bXlwYXNzd29yZA== - # sysdig-new-password-key2: bXlwYXNzd29yZA== +# Allow passing extra secrets that can be mounted via extraVolumes +# +# extraSecrets: +# - name: sysdig-new-secret +# data: +# sysdig-new-password-key1: bXlwYXNzd29yZA== +# sysdig-new-password-key2: bXlwYXNzd29yZA== # Allow sysdig to run on Kubernetes 1.6 masters. tolerations: - effect: NoSchedule diff --git a/charts/trilio/k8s-triliovault-operator/Chart.yaml b/charts/trilio/k8s-triliovault-operator/Chart.yaml index 0b09d0dfb..acbdfe38d 100644 --- a/charts/trilio/k8s-triliovault-operator/Chart.yaml +++ b/charts/trilio/k8s-triliovault-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19.0-0' catalog.cattle.io/release-name: k8s-triliovault-operator apiVersion: v2 -appVersion: 3.1.2 +appVersion: 3.1.3 dependencies: - condition: observability.enabled name: observability @@ -21,4 +21,4 @@ maintainers: name: k8s-triliovault-operator sources: - https://github.com/trilioData/k8s-triliovault-operator -version: 3.1.2 +version: 3.1.3 diff --git a/charts/trilio/k8s-triliovault-operator/values.yaml b/charts/trilio/k8s-triliovault-operator/values.yaml index c7812609f..e42c99072 100644 --- a/charts/trilio/k8s-triliovault-operator/values.yaml +++ b/charts/trilio/k8s-triliovault-operator/values.yaml @@ -4,7 +4,7 @@ operator-webhook-init: repository: operator-webhook-init k8s-triliovault-operator: repository: k8s-triliovault-operator -tag: "3.1.2" +tag: "3.1.3" # create image pull secrets and specify the name here. imagePullSecret: "" priorityClassName: "" @@ -174,8 +174,8 @@ podLabels: linkerd.io/inject: disabled relatedImages: tags: - tvk: "3.1.2" - event: "3.1.2" + tvk: "3.1.3" + event: "3.1.3" control-plane: image: "control-plane" metamover: diff --git a/index.yaml b/index.yaml index 5780ff35c..f9d5b2644 100644 --- a/index.yaml +++ b/index.yaml @@ -1665,8 +1665,8 @@ entries: argo-cd: - annotations: artifacthub.io/changes: | - - kind: added - description: added a toggle for the shared Helm working directory + - kind: changed + description: Improve readme migration notes artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -1677,7 +1677,7 @@ entries: catalog.cattle.io/release-name: argo-cd apiVersion: v2 appVersion: v2.8.3 - created: "2023-09-11T12:16:42.139946304Z" + created: "2023-09-13T13:33:59.843459616Z" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -1685,7 +1685,46 @@ entries: version: 4.23.0 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: 8fb4e9bb5ef3c30f45569d9307840851499f1e58fed7176ba41ab09e5b77ffbc + digest: 13eb14f537b330fe2f18c6b2f5fe65d48535c16caff5fe0de7fd538227ca2495 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.46.2.tgz + version: 5.46.2 + - annotations: + artifacthub.io/changes: | + - kind: added + description: added a toggle for the shared Helm working directory + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.8.3 + created: "2023-09-13T13:33:39.166057969Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: c58ee92d005a599d5a9b79e22cb49550e1af18b1141685d2b7976917bd7655c9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -4643,6 +4682,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.68.7 + created: "2023-09-13T13:34:05.979423906Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 1dccacdd7edf61acada13415fddccdf93e2d59dde04ccd8420f795f93502a505 + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.68.7.tgz + version: 107.68.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -5825,6 +5897,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.68.7 + created: "2023-09-13T13:34:06.391549817Z" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.68.7 + description: JFrog Container Registry + digest: 5750ba0f92a6a1201934dafd984612700dc9d975f0b33d44cf560b1f02dc4c10 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.68.7.tgz + version: 107.68.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -9425,6 +9531,48 @@ entries: - assets/aws-event-sources/aws-event-sources-0.1.901.tgz version: 0.1.901 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + images: | + - name: cassandra-exporter + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r394 + - name: cassandra + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r37 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r54 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.3 + created: "2023-09-13T13:34:01.252207719Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: eaf345152425d1ab730d2a6354ca8ccee49e663fdae05fedde2e9105f45af5ca + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/cassandra + urls: + - assets/bitnami/cassandra-10.5.3.tgz + version: 10.5.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -10320,6 +10468,40 @@ entries: - assets/softiron/ceph-csi-rbd-1.3.1.tgz version: 1.3.1 cert-manager: + - annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E + url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: cert-manager + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/namespace: cert-manager + catalog.cattle.io/release-name: cert-manager + apiVersion: v1 + appVersion: v1.13.0 + created: "2023-09-13T13:34:03.790048144Z" + description: A Helm chart for cert-manager + digest: c645f11c5e8e20d596df5cc7a0646f2479b4d0b451d54516e6800a8ff312481a + home: https://github.com/cert-manager/cert-manager + icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png + keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: cert-manager-maintainers@googlegroups.com + name: cert-manager-maintainers + url: https://cert-manager.io + name: cert-manager + sources: + - https://github.com/cert-manager/cert-manager + urls: + - assets/cert-manager/cert-manager-v1.13.0.tgz + version: v1.13.0 - annotations: artifacthub.io/prerelease: "false" artifacthub.io/signKey: | @@ -11159,6 +11341,31 @@ entries: - assets/citrix/citrix-cpx-istio-sidecar-injector-1.11.0.tgz version: 1.11.0 citrix-cpx-with-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller + catalog.cattle.io/kube-version: '>=v1.16.0-0' + catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller + apiVersion: v2 + appVersion: 1.35.6 + created: "2023-09-13T13:34:03.811806061Z" + description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running + as sidecar. + digest: 10ed63a7510ac3c4dca9909de63da761fa2150a934c6175e08e3ee01141a06c2 + home: https://www.cloud.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + kubeVersion: '>=v1.16.0-0' + maintainers: + - email: priyanka.sharma@cloud.com + name: priyankash-citrix + - email: subash.dangol@cloud.com + name: subashd + name: citrix-cpx-with-ingress-controller + sources: + - https://github.com/citrix/citrix-k8s-ingress-controller + urls: + - assets/citrix/citrix-cpx-with-ingress-controller-1.35.6.tgz + version: 1.35.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller @@ -11357,6 +11564,30 @@ entries: - assets/citrix/citrix-cpx-with-ingress-controller-1.8.2800.tgz version: 1.8.2800 citrix-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Citrix Ingress Controller + catalog.cattle.io/kube-version: '>=v1.16.0-0' + catalog.cattle.io/release-name: citrix-ingress-controller + apiVersion: v2 + appVersion: 1.35.6 + created: "2023-09-13T13:34:03.833733779Z" + description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX. + digest: ca0f72c6f4ade0fbe19da8a72e8dfb01f56ba05ea496d07a1a9c82429079f138 + home: https://www.cloud.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + kubeVersion: '>=v1.16.0-0' + maintainers: + - email: priyanka.sharma@cloud.com + name: priyankash-citrix + - email: subash.dangol@cloud.com + name: subashd + name: citrix-ingress-controller + sources: + - https://github.com/citrix/citrix-k8s-ingress-controller + urls: + - assets/citrix/citrix-ingress-controller-1.35.6.tgz + version: 1.35.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Citrix Ingress Controller @@ -14016,6 +14247,28 @@ entries: - assets/kubecost/cost-analyzer-1.70.000.tgz version: 1.70.000 crate-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrateDB Operator + catalog.cattle.io/release-name: crate-operator + apiVersion: v2 + appVersion: 2.31.0 + created: "2023-09-13T13:34:04.060836336Z" + dependencies: + - condition: crate-operator-crds.enabled + name: crate-operator-crds + repository: file://./charts/crate-operator-crds + version: 2.31.0 + description: Crate Operator - Helm chart for installing and upgrading Crate Operator. + digest: e5e9f3ba75a681c04e4516c9601ddbadbcacf759cb4a3f6733a0fbb49e5ec839 + icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg + maintainers: + - name: Crate.io + name: crate-operator + type: application + urls: + - assets/crate/crate-operator-2.31.0.tgz + version: 2.31.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrateDB Operator @@ -15220,6 +15473,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-09-13T13:34:04.556763265Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 1.0.1 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: f9238ec3c6c766aa3c79bc21a819e48649ce7ed672afa39305ede36c3a08f942 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.36.0.tgz + version: 3.36.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -17461,6 +17751,39 @@ entries: - assets/datadog/datadog-2.4.200.tgz version: 2.4.200 datadog-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog Operator + catalog.cattle.io/release-name: datadog-operator + apiVersion: v2 + appVersion: 1.1.0 + created: "2023-09-13T13:34:04.700176391Z" + dependencies: + - alias: datadogCRDs + condition: installCRDs + name: datadog-crds + repository: file://./charts/datadog-crds + tags: + - install-crds + version: =1.1.0 + description: Datadog Operator + digest: 376d13723c498d7e80e52c51bcbed4f40f73b02ceb89ab3df4b23cbea61f7048 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog-operator + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-operator-1.1.1.tgz + version: 1.1.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog Operator @@ -25606,6 +25929,34 @@ entries: - assets/jenkins/jenkins-4.2.9.tgz version: 4.2.9 k8s-triliovault-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: k8s-triliovault-operator + apiVersion: v2 + appVersion: 3.1.3 + created: "2023-09-13T13:34:09.928811697Z" + dependencies: + - condition: observability.enabled + name: observability + repository: file://./charts/observability + version: ^0.1.0 + description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. + digest: ca7bea2ee5494e80686f95ebaf1b7e9e19b2d0d78ef09b7d66c617d33ac60ceb + home: https://github.com/trilioData/k8s-triliovault-operator + icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png + kubeVersion: '>=1.19.0-0' + maintainers: + - email: prafull.ladha@trilio.io + name: prafull11 + name: k8s-triliovault-operator + sources: + - https://github.com/trilioData/k8s-triliovault-operator + urls: + - assets/trilio/k8s-triliovault-operator-3.1.3.tgz + version: 3.1.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator @@ -26462,6 +26813,32 @@ entries: - assets/komodor/k8s-watcher-0.10.1101.tgz version: 0.10.1101 k10: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 6.0.7 + created: "2023-09-13T13:34:06.976212982Z" + dependencies: + - name: grafana + repository: file://./charts/grafana + version: 6.59.0 + - name: prometheus + repository: file://./charts/prometheus + version: 23.3.0 + description: Kasten’s K10 Data Management Platform + digest: a55b531e62c2dc2085d352f0d5dba7ed2639149d4ed699f6c37148e841b779a2 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-6.0.701.tgz + version: 6.0.701 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: K10 @@ -29936,6 +30313,33 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.3" + created: "2023-09-13T13:34:07.237688904Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 510cf00254ffd1979b460cc7c5cddc229425e8ff0e5aeb4ced4b78a4d8253136 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.27.0.tgz + version: 2.27.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -33914,6 +34318,32 @@ entries: - assets/metallb/metallb-0.13.7.tgz version: 0.13.7 minio-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Minio Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: minio-operator + apiVersion: v2 + appVersion: v5.0.9 + created: "2023-09-13T13:34:07.754785991Z" + description: A Helm chart for MinIO Operator + digest: cc08dc89fdc6c7efd3c414ff6cdc449f9acda739107a9ba6e7b9f5e9f71717ca + home: https://min.io + icon: https://min.io/resources/img/logo/MINIO_wordmark.png + keywords: + - storage + - object-storage + - S3 + maintainers: + - email: dev@minio.io + name: MinIO, Inc + name: minio-operator + sources: + - https://github.com/minio/operator + type: application + urls: + - assets/minio/minio-operator-5.0.9.tgz + version: 5.0.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Minio Operator @@ -34279,6 +34709,50 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + images: | + - name: mysql + image: docker.io/bitnami/mysql:8.0.34-debian-11-r31 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r24 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r43 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 8.0.34 + created: "2023-09-13T13:34:01.954707102Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: ed389de7f30dde9cc7aed3b9c47a13d7f8de69b7a0b20553f63fcbe26e23fcf6 + home: https://bitnami.com + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mysql + urls: + - assets/bitnami/mysql-9.12.2.tgz + version: 9.12.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -39960,6 +40434,25 @@ entries: - assets/pixie/pixie-operator-chart-0.0.2501.tgz version: 0.0.2501 polaris: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Fairwinds Polaris + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/release-name: polaris + apiVersion: v1 + appVersion: "8.5" + created: "2023-09-13T13:34:04.920303079Z" + description: Validation of best practices in your Kubernetes clusters + digest: 08c0cda3af2b92a4e1a3c7a5ebdabc33d5234437f6378828b1dc18908a5e0a27 + icon: https://polaris.docs.fairwinds.com/img/polaris-logo.png + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: robertb@fairwinds.com + name: rbren + name: polaris + urls: + - assets/fairwinds/polaris-5.15.0.tgz + version: 5.15.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Fairwinds Polaris @@ -43147,6 +43640,50 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r60 + - name: redis-exporter + image: docker.io/bitnami/redis-exporter:1.54.0-debian-11-r0 + - name: redis-sentinel + image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r0 + - name: redis + image: docker.io/bitnami/redis:7.2.1-debian-11-r0 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.2.1 + created: "2023-09-13T13:34:02.589639113Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 3c0598528829802dfa6a57005773553b03279da8b8c3b25c8bb6350f0d4d4997 + home: https://bitnami.com + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-18.0.4.tgz + version: 18.0.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -44939,6 +45476,50 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.2.7 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.2.8 + created: "2023-09-13T13:34:09.074350727Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: file://./charts/connectors + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: c519f9c109819ca998fab2d275e8ef59b9c404ca356d410d348bef761c0e4ca9 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.3.4.tgz + version: 5.3.4 - annotations: artifacthub.io/images: | - name: redpanda @@ -51660,6 +52241,32 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.16.1 + created: "2023-09-13T13:34:09.481131207Z" + deprecated: true + description: Sysdig Monitor and Secure agent + digest: 9c29f413d6f434be35460c3904afb484dde71d99a40e1cafa6af3e546ca14ef1 + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.16.12.tgz + version: 1.16.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -60992,6 +61599,43 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r51 + - name: zookeeper + image: docker.io/bitnami/zookeeper:3.9.0-debian-11-r11 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.9.0 + created: "2023-09-13T13:34:03.731309361Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: 5488720aa44bc1a8f1fc373b7362cb7e9239fca9d87a9728f9910ed0a65a4a1c + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + urls: + - assets/bitnami/zookeeper-12.1.3.tgz + version: 12.1.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper