andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #847 from nflondo/main-source 

Charts CI
pull/849/head
alex-isv 2023-08-02 15:32:36 -06:00 committed by GitHub
parent b829d40a1c 6f53285baa
commit 65d5124407
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
211 changed files with 5103 additions and 9493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.42.0.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.42.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-13.0.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-12.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-17.14.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-17.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/clastix/kamaji-0.12.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/cockroach-labs/cockroachdb-11.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.33.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-vxflexos-2.7.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.63.9.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.63.9.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.0.401.tgz Normal file
View File

Binary file not shown.

BIN
assets/mongodb/community-operator-0.8.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-1.0.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.25.tgz Normal file
View File

Binary file not shown.

BIN
assets/prophetstor/federatorai-5.1.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.0.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.3.24.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.5.tgz Normal file
View File

Binary file not shown.

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: Extra secret labels with .Values.notifications.secret.labels
- kind: changed
description: Upgrade Argo CD to v2.7.10
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.7.9
appVersion: v2.7.10
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.42.0
version: 5.42.1

4
charts/bitnami/mariadb/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: Database
licenses: Apache-2.0
apiVersion: v2
appVersion: 10.11.4
appVersion: 11.0.2
dependencies:
- name: common
repository: file://./charts/common
@ -30,4 +30,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 12.2.9
version: 13.0.0

8
charts/bitnami/mariadb/README.md
View File

@ -83,10 +83,10 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.4-debian-11-r46` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `11.0.2-debian-11-r2` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r16` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r22` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r0` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r5` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

6
charts/bitnami/mariadb/values.yaml
View File

@ -90,7 +90,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
tag: 10.11.4-debian-11-r46
tag: 11.0.2-debian-11-r2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1004,7 +1004,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r16
tag: 11-debian-11-r22
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@ -1040,7 +1040,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.15.0-debian-11-r0
tag: 0.15.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)

2
charts/bitnami/postgresql/Chart.yaml
View File

@ -31,4 +31,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 12.7.1
version: 12.8.0

38
charts/bitnami/postgresql/README.md
View File

@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r75` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r77` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@ -361,6 +361,38 @@ kubectl delete pvc -l release=my-release
| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` |
### Backup parameters
| Name | Description | Value |
| ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` |
| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` |
| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` |
| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` |
| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` |
| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` |
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
| `backup.cronjob.containerSecurityContext.runAsUser` | User ID for the backup container | `1001` |
| `backup.cronjob.containerSecurityContext.runAsGroup` | Group ID for the backup container | `0` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set backup container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Is the container itself readonly | `true` |
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate backup pod(s) privileges | `false` |
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set backup container's Security Context seccompProfile type | `RuntimeDefault` |
| `backup.cronjob.containerSecurityContext.capabilities.drop` | Set backup container's Security Context capabilities to drop | `["ALL"]` |
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` |
| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` |
| `backup.cronjob.storage.annotations` | PVC annotations | `{}` |
| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/pgdump` |
| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
### NetworkPolicy parameters
| Name | Description | Value |
@ -387,7 +419,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r19` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r22` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -418,7 +450,7 @@ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.13.2-debian-11-r1` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.13.2-debian-11-r4` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |

3
charts/bitnami/postgresql/templates/_helpers.tpl
View File

@ -161,8 +161,7 @@ Return true if a secret object should be created
{{- define "postgresql.createSecret" -}}
{{- $customUser := include "postgresql.username" . -}}
{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword .Values.global.postgresql.auth.password .Values.auth.password) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) -}}
{{- if and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret))
(or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres")) (eq .Values.architecture "replication") (and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw))) -}}
{{- if and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres")) (eq .Values.architecture "replication") (and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw))) -}}
{{- true -}}
{{- end -}}
{{- end -}}

126
charts/bitnami/postgresql/templates/backup/cronjob.yaml Normal file
View File

@ -0,0 +1,126 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.backup.enabled }}
{{- $customUser := include "postgresql.username" . }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "postgresql.primary.fullname" . }}-pgdumpall
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: pg_dumpall
{{- if .Values.backup.cronjob.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.backup.cronjob.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
schedule: {{ quote .Values.backup.cronjob.schedule }}
concurrencyPolicy: {{ .Values.backup.cronjob.concurrencyPolicy }}
failedJobsHistoryLimit: {{ .Values.backup.cronjob.failedJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ .Values.backup.cronjob.successfulJobsHistoryLimit }}
{{- if .Values.backup.cronjob.startingDeadlineSeconds }}
startingDeadlineSeconds: {{ .Values.backup.cronjob.startingDeadlineSeconds }}
{{- end }}
jobTemplate:
spec:
{{- if .Values.backup.cronjob.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ .Values.backup.cronjob.ttlSecondsAfterFinished }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 12 }}
app.kubernetes.io/component: pg_dumpall
{{- if .Values.backup.cronjob.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 12 }}
{{- end }}
{{- if or .Values.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.backup.cronjob.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 12 }}
{{- end }}
{{- end }}
spec:
containers:
- name: {{ include "postgresql.primary.fullname" . }}-pgdumpall
image: {{ include "postgresql.image" . }}
env:
- name: PGUSER
{{- if .Values.auth.enablePostgresUser }}
value: postgres
{{- else }}
value: {{ $customUser | quote }}
{{- end }}
{{- if .Values.auth.usePasswordFiles }}
- name: PGPASSFILE
value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.adminPasswordKey" .) }}
{{- else }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ include "postgresql.secretName" . }}
key: {{ include "postgresql.adminPasswordKey" . }}
{{- end }}
- name: PGHOST
value: {{ include "postgresql.primary.fullname" . }}
- name: PGPORT
value: {{ .Values.containerPorts.postgresql | quote }}
- name: PGDUMP_DIR
value: {{ .Values.backup.cronjob.storage.mountPath }}
{{- if .Values.tls.enabled }}
- name: PGSSLROOTCERT
{{- if .Values.tls.autoGenerated -}}
value: /tmp/certs/ca.crt
{{- else }}
value: {{- printf "/tmp/certs/%s" .Values.tls.certCAFilename -}}
{{- end }}
{{- end }}
command:
{{- range .Values.backup.cronjob.command }}
- {{ . }}
{{- end }}
volumeMounts:
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
- name: datadir
mountPath: {{ .Values.backup.cronjob.storage.mountPath }}
subPath: {{ .Values.backup.cronjob.storage.subPath }}
securityContext:
{{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 14 }}
restartPolicy: {{ .Values.backup.cronjob.restartPolicy }}
volumes:
{{- if .Values.tls.enabled }}
- name: raw-certificates
emptyDir: /tmp/certs
{{- end }}
{{- if .Values.backup.cronjob.storage.existingClaim }}
- name: datadir
persistentVolumeClaim:
claimName: {{ printf "%s" (tpl .Values.backup.cronjob.storage.existingClaim .) }}
{{- else }}
- name: datadir
persistentVolumeClaim:
claimName: {{ include "postgresql.primary.fullname" . }}-pgdumpall
{{- end }}
{{- end }}

41
charts/bitnami/postgresql/templates/backup/pvc.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.backup.enabled (not .Values.backup.cronjob.storage.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "postgresql.primary.fullname" . }}-pgdumpall
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: pg_dumpall
{{- if .Values.backup.cronjob.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations .Values.backup.cronjob.storage.resourcePolicy}}
annotations:
{{- if .Values.backup.cronjob.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.backup.cronjob.storage.resourcePolicy }}
helm.sh/resource-policy: {{ .Values.backup.cronjob.storage.resourcePolicy | quote }}
{{- end }}
spec:
accessModes:
{{- range .Values.backup.cronjob.storage.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.backup.cronjob.storage.size | quote }}
{{ include "common.storage.class" (dict "persistence" .Values.backup.cronjob.storage "global" .Values.global) }}
{{- end }}

101
charts/bitnami/postgresql/values.yaml
View File

@ -98,7 +98,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 15.3.0-debian-11-r75
tag: 15.3.0-debian-11-r77
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1049,6 +1049,101 @@ readReplicas:
##
dataSource: {}
## @section Backup parameters
## This section implements a trivial logical dump cronjob of the database.
## This only comes with the consistency guarantees of the dump program.
## This is not a snapshot based roll forward/backward recovery backup.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
backup:
## @param backup.enabled Enable the logical dump of the database "regularly"
enabled: false
cronjob:
## @param backup.cronjob.schedule Set the cronjob parameter schedule
schedule: "@daily"
## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy
concurrencyPolicy: Allow
## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit
failedJobsHistoryLimit: 1
## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit
successfulJobsHistoryLimit: 3
## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds
startingDeadlineSeconds: ""
## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished
ttlSecondsAfterFinished: ""
## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
restartPolicy: OnFailure
## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container
## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type
## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop
containerSecurityContext:
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## @param backup.cronjob.command Set backup container's command to run
command:
- /bin/sh
- -c
- "pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"
## @param backup.cronjob.labels Set the cronjob labels
labels: {}
## @param backup.cronjob.annotations Set the cronjob annotations
annotations: {}
storage:
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: ""
## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
##
resourcePolicy: ""
## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner.
##
storageClass: ""
## @param backup.cronjob.storage.accessModes PV Access Mode
##
accessModes:
- ReadWriteOnce
## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume
##
size: 8Gi
## @param backup.cronjob.storage.annotations PVC annotations
##
annotations: {}
## @param backup.cronjob.storage.mountPath Path to mount the volume at
##
mountPath: /backup/pgdump
## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at
## and one PV for multiple services.
##
subPath: ""
## Fine tuning for volumeClaimTemplates
##
volumeClaimTemplates:
## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
## A label query over volumes to consider for binding (e.g. when using local volumes)
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
##
selector: {}
## @section NetworkPolicy parameters
##
@ -1165,7 +1260,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r19
tag: 11-debian-11-r22
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1266,7 +1361,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.13.2-debian-11-r1
tag: 0.13.2-debian-11-r4
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

2
charts/bitnami/redis/Chart.yaml
View File

@ -28,4 +28,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 17.14.3
version: 17.14.5

12
charts/bitnami/redis/README.md
View File

@ -101,7 +101,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | Redis&reg; image registry | `docker.io` |
| `image.repository` | Redis&reg; image repository | `bitnami/redis` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.0.12-debian-11-r15` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.0.12-debian-11-r19` |
| `image.digest` | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Redis&reg; image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Redis&reg; image pull secrets | `[]` |
@ -345,7 +345,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.enabled` | Use Redis&reg; Sentinel on Redis&reg; pods. | `false` |
| `sentinel.image.registry` | Redis&reg; Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis&reg; Sentinel image repository | `bitnami/redis-sentinel` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.0.12-debian-11-r13` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.0.12-debian-11-r18` |
| `sentinel.image.digest` | Redis&reg; Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sentinel.image.pullPolicy` | Redis&reg; Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis&reg; Sentinel image pull secrets | `[]` |
@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.annotations` | Additional custom annotations for Redis&reg; Sentinel resource | `{}` |
| `sentinel.masterSet` | Master set name | `mymaster` |
| `sentinel.quorum` | Sentinel Quorum | `2` |
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `220` |
| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `200` |
| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` |
| `sentinel.redisShutdownWaitFailover` | Whether the Redis&reg; master container waits for the failover at shutdown (in addition to the Redis&reg; Sentinel container). | `true` |
| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis&reg; node is down | `60000` |
@ -468,7 +468,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis&reg; metrics | `false` |
| `metrics.image.registry` | Redis&reg; Exporter image registry | `docker.io` |
| `metrics.image.repository` | Redis&reg; Exporter image repository | `bitnami/redis-exporter` |
| `metrics.image.tag` | Redis&reg; Exporter image tag (immutable tags are recommended) | `1.52.0-debian-11-r0` |
| `metrics.image.tag` | Redis&reg; Exporter image tag (immutable tags are recommended) | `1.52.0-debian-11-r5` |
| `metrics.image.digest` | Redis&reg; Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Redis&reg; Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Redis&reg; Exporter image pull secrets | `[]` |
@ -541,7 +541,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r19` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r25` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
@ -551,7 +551,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | OS Shell + Utility image registry | `docker.io` |
| `sysctl.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` |
| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r19` |
| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r25` |
| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |

13
charts/bitnami/redis/values.yaml
View File

@ -91,7 +91,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
tag: 7.0.12-debian-11-r15
tag: 7.0.12-debian-11-r19
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1030,7 +1030,7 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.0.12-debian-11-r13
tag: 7.0.12-debian-11-r18
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1058,9 +1058,8 @@ sentinel:
##
quorum: 2
## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out.
## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes.
##
getMasterTimeout: 220
getMasterTimeout: 200
## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it.
## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data.
## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000.
@ -1485,7 +1484,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/redis-exporter
tag: 1.52.0-debian-11-r0
tag: 1.52.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1759,7 +1758,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r19
tag: 11-debian-11-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1807,7 +1806,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r19
tag: 11-debian-11-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

6
charts/bitnami/wordpress/Chart.lock
View File

@ -4,9 +4,9 @@ dependencies:
version: 6.5.6
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.2.9
version: 13.0.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.6.0
digest: sha256:00b9c8659345fc1a9be28d3f337b01c614c4c93fdda2234aa3b6fbc947601879
generated: "2023-07-26T23:52:22.277029253Z"
digest: sha256:9d4361c9b5bc1818c9378577fbebe155e3fb9e04fcafee3c3f8f38fdf3644a01
generated: "2023-08-01T13:37:46.5926+02:00"

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -15,7 +15,7 @@ dependencies:
- condition: mariadb.enabled
name: mariadb
repository: file://./charts/mariadb
version: 12.x.x
version: 13.x.x
- name: common
repository: file://./charts/common
tags:
@ -40,4 +40,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 16.1.34
version: 17.0.1

10
charts/bitnami/wordpress/README.md
View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r72` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r75` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r19` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r25` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r55` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r60` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
@ -513,6 +513,10 @@ To enable the new features, it is not possible to do it by upgrading an existing
## Upgrading
### To 17.0.0
This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade.
### To 16.0.0
This major release bumps the MariaDB version to 10.11. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for upgrading from MariaDB 10.6 to 10.11. No major issues are expected during the upgrade.

4
charts/bitnami/wordpress/charts/mariadb/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Database
licenses: Apache-2.0
apiVersion: v2
appVersion: 10.11.4
appVersion: 11.0.2
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
@ -26,4 +26,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 12.2.9
version: 13.0.0

8
charts/bitnami/wordpress/charts/mariadb/README.md
View File

@ -83,10 +83,10 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.4-debian-11-r46` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `11.0.2-debian-11-r2` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r16` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r22` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r0` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r5` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

6
charts/bitnami/wordpress/charts/mariadb/values.yaml
View File

@ -90,7 +90,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
tag: 10.11.4-debian-11-r46
tag: 11.0.2-debian-11-r2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1004,7 +1004,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r16
tag: 11-debian-11-r22
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@ -1040,7 +1040,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.15.0-debian-11-r0
tag: 0.15.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)

6
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.2.2-debian-11-r72
tag: 6.2.2-debian-11-r75
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -766,7 +766,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r19
tag: 11-debian-11-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -860,7 +860,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.13.4-debian-11-r55
tag: 0.13.4-debian-11-r60
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

4
charts/clastix/kamaji/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/release-name: kamaji
apiVersion: v2
appVersion: v0.3.1
appVersion: v0.3.2
description: Kamaji deploys and operates Kubernetes at scale with a fraction of the
operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster”
to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is special
@ -25,4 +25,4 @@ name: kamaji
sources:
- https://github.com/clastix/kamaji
type: application
version: 0.12.2
version: 0.12.3

2
charts/clastix/kamaji/README.md
View File

@ -1,6 +1,6 @@
# kamaji
![Version: 0.12.2](https://img.shields.io/badge/Version-0.12.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.1](https://img.shields.io/badge/AppVersion-v0.3.1-informational?style=flat-square)
![Version: 0.12.3](https://img.shields.io/badge/Version-0.12.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.2](https://img.shields.io/badge/AppVersion-v0.3.2-informational?style=flat-square)
Kamaji deploys and operates Kubernetes at scale with a fraction of the operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster” to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is special because the Control Plane components are running in a single pod instead of dedicated machines. This solution makes running multiple Control Planes cheaper and easier to deploy and operate.

4
charts/cockroach-labs/cockroachdb/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.8-0'
catalog.cattle.io/release-name: cockroachdb
apiVersion: v1
appVersion: 23.1.6
appVersion: 23.1.7
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
home: https://www.cockroachlabs.com
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
@ -14,4 +14,4 @@ maintainers:
name: cockroachdb
sources:
- https://github.com/cockroachdb/cockroach
version: 11.1.3
version: 11.1.4

10
charts/cockroach-labs/cockroachdb/README.md
View File

@ -229,10 +229,10 @@ kubectl get pods \
```
```
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.6
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.6
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.6
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.6
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.7
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.7
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.7
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.7
```
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
| `conf.store.size` | CockroachDB storage size | `""` |
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
| `image.repository` | Container image name | `cockroachdb/cockroach` |
| `image.tag` | Container image tag | `v23.1.6` |
| `image.tag` | Container image tag | `v23.1.7` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
| `statefulset.replicas` | StatefulSet replicas number | `3` |

2
charts/cockroach-labs/cockroachdb/values.yaml
View File

@ -1,7 +1,7 @@
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
image:
repository: cockroachdb/cockroach
tag: v23.1.6
tag: v23.1.7
pullPolicy: IfNotPresent
credentials: {}
# registry: docker.io

4
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Datadog changelog
## 3.33.7
* Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config
## 3.33.6
* Ensure the core agent is aware that CSPM is enabled (for inventories purposes).

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.33.6
version: 3.33.7

2
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.33.6](https://img.shields.io/badge/Version-3.33.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.33.7](https://img.shields.io/badge/Version-3.33.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

14
charts/datadog/datadog/templates/agent-cilium-network-policy.yaml
View File

@ -92,6 +92,13 @@ specs:
- matchName: "process.{{ $.Values.datadog.site }}"
- matchName: "orchestrator.{{ $.Values.datadog.site }}"
- matchName: "instrumentation-telemetry-intake.{{ $.Values.datadog.site }}"
- matchName: "intake.profile.{{ $.Values.datadog.site }}"
- matchName: "ndm-intake.{{ $.Values.datadog.site }}"
- matchName: "snmp-traps-intake.{{ $.Values.datadog.site }}"
- matchName: "ndmflow-intake.{{ $.Values.datadog.site }}"
- matchName: "config.{{ $.Values.datadog.site }}"
- matchName: "dbm-metrics-intake.{{ $.Values.datadog.site }}"
- matchName: "dbquery-intake.{{ $.Values.datadog.site }}"
{{- else}}
- matchPattern: "*-app.agent.datadoghq.com"
- matchName: "app.datadoghq.com"
@ -101,6 +108,13 @@ specs:
- matchName: "process.datadoghq.com"
- matchName: "orchestrator.datadoghq.com"
- matchName: "instrumentation-telemetry-intake.datadoghq.com"
- matchName: "intake.profile.datadoghq.com"
- matchName: "ndm-intake.datadoghq.com"
- matchName: "snmp-traps-intake.datadoghq.com"
- matchName: "ndmflow-intake.datadoghq.com"
- matchName: "config.datadoghq.com"
- matchName: "dbm-metrics-intake.datadoghq.com"
- matchName: "dbquery-intake.datadoghq.com"
{{- end}}
toPorts:
- ports:

20
charts/datadog/datadog/templates/agent-clusterchecks-cilium-network-policy.yaml
View File

@ -41,11 +41,27 @@ specs:
- matchName: {{ trimPrefix "https://" $.Values.datadog.dd_url }}
{{- end}}
{{- if $.Values.datadog.site}}
- matchName: "app.{{ $.Values.datadog.site }}"
- matchPattern: "*-app.agent.{{ $.Values.datadog.site }}"
- matchName: "app.{{ $.Values.datadog.site }}"
- matchName: "api.{{ $.Values.datadog.site }}"
- matchName: "orchestrator.{{ $.Values.datadog.site }}"
- matchName: "ndm-intake.{{ $.Values.datadog.site }}"
- matchName: "snmp-traps-intake.{{ $.Values.datadog.site }}"
- matchName: "ndmflow-intake.{{ $.Values.datadog.site }}"
- matchName: "config.{{ $.Values.datadog.site }}"
- matchName: "dbm-metrics-intake.{{ $.Values.datadog.site }}"
- matchName: "dbquery-intake.{{ $.Values.datadog.site }}"
{{- else}}
- matchName: "app.datadoghq.com"
- matchPattern: "*-app.agent.datadoghq.com"
- matchName: "app.datadoghq.com"
- matchName: "api.datadoghq.com"
- matchName: "orchestrator.datadoghq.com"
- matchName: "ndm-intake.datadoghq.com"
- matchName: "snmp-traps-intake.datadoghq.com"
- matchName: "ndmflow-intake.datadoghq.com"
- matchName: "config.datadoghq.com"
- matchName: "dbm-metrics-intake.datadoghq.com"
- matchName: "dbquery-intake.datadoghq.com"
{{- end}}
toPorts:
- ports:

4
charts/dell/csi-vxflexos/Chart.yaml
View File

@ -5,7 +5,7 @@ annotations:
catalog.cattle.io/namespace: vxflexos
catalog.cattle.io/release-name: vxflexos
apiVersion: v2
appVersion: 2.7.0
appVersion: 2.7.1
description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a VxFlex
OS StorageClass. '
@ -19,4 +19,4 @@ maintainers:
name: csi-vxflexos
sources:
- https://github.com/dell/csi-vxflexos
version: 2.7.0
version: 2.7.1

2
charts/dell/csi-vxflexos/values.yaml
View File

@ -3,7 +3,7 @@
# "version" is used to verify the values file matches driver version
# Not recommend to change
version: v2.7.0
version: v2.7.1
images:
# "driver" defines the container image, used for the driver container.

2
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
## [107.63.8] - Jul 20, 2023
## [107.63.9] - Jul 20, 2023
* Added support for Openshift by adding the securityContext in container level.
* **IMPORTANT**
* Nginx deployment is disabled on openshift.

4
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.63.8
appVersion: 7.63.9
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
version: 107.63.8
version: 107.63.9

2
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [107.63.8] - Aug 25, 2022
## [107.63.9] - Aug 25, 2022
* Included event service as mandatory and remove the flag from values.yaml
## [107.41.0] - Jul 22, 2022

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.63.8
appVersion: 7.63.9
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.63.8
version: 107.63.9
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
version: 107.63.8
version: 107.63.9

2
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [107.63.8] - Jul 20, 2023
## [107.63.9] - Jul 20, 2023
* Added support for Openshift by adding the securityContext in container level.
* **IMPORTANT**
* Nginx deployment is disabled on openshift.

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.63.8
appVersion: 7.63.9
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
version: 107.63.8
version: 107.63.9

2
charts/kasten/k10/Chart.lock
View File

@ -6,4 +6,4 @@ dependencies:
repository: ""
version: 15.8.5
digest: sha256:4399c78f4e445e4fbb26151707c9b481fece2002ac02ae20612d9f26e6b66643
generated: "2023-07-15T05:48:19.983972564Z"
generated: "2023-08-01T11:04:57.116820404Z"

4
charts/kasten/k10/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 6.0.3
appVersion: 6.0.4
dependencies:
- name: grafana
repository: file://./charts/grafana
@ -19,4 +19,4 @@ maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
version: 6.0.301
version: 6.0.401

15
charts/kasten/k10/README.md
View File

@ -88,7 +88,8 @@ Parameter | Description | Default
`secrets.awsAccessKeyId` | AWS access key ID (required for AWS deployment) | `None`
`secrets.awsSecretAccessKey` | AWS access key secret | `None`
`secrets.awsIamRole` | ARN of the AWS IAM role assumed by K10 to perform any AWS operation. | `None`
`secrets.googleApiKey` | Non-default base64 encoded GCP Service Account key file | `None`
`secrets.googleApiKey` | Non-default base64 encoded GCP Service Account key | `None`
`secrets.googleProjectId` | Sets Google Project ID other than the one used in the GCP Service Account | `None`
`secrets.azureTenantId` | Azure tenant ID (required for Azure deployment) | `None`
`secrets.azureClientId` | Azure Service App ID | `None`
`secrets.azureClientSecret` | Azure Service APP secret | `None`
@ -243,7 +244,7 @@ Parameter | Description | Default
`garbagecollector.importRunActions.enabled` | Enables ``importRunActions`` collector | `false`
`garbagecollector.retireActions.enabled` | Enables ``retireActions`` collector | `false`
`kubeVirtVMs.snapshot.unfreezeTimeout` | Defines the time duration within which the VMs must be unfrozen while backing them up. To know more about format [go doc](https://pkg.go.dev/time#ParseDuration) can be followed | `5m`
`excludedApps` | Specifies a list of applications to be excluded from the dashboard & compliance considerations. Format should be a :ref:`YAML array<k10_compliance>` | `None`
`excludedApps` | Specifies a list of applications to be excluded from the dashboard & compliance considerations. Format should be a :ref:`YAML array<k10_compliance>` | `["kube-system", "kube-ingress", "kube-node-lease", "kube-public", "kube-rook-ceph"]`
`kanisterPodMetricSidecar.enabled` | Enable the sidecar container to gather metrics from ephemeral pods | `true`
`kanisterPodMetricSidecar.metricLifetime` | Check periodically for metrics that should be removed | `2m`
`kanisterPodMetricSidecar.pushGatewayInterval` | Set the interval for sending metrics into the Prometheus | `30s`
@ -274,9 +275,17 @@ To set a single value from a file, `--set-file` may be used over `--set`:
To use non-default GCP ServiceAccount (SA) credentials, the credentials JSON file needs to be encoded into a base64
string.
string:
```bash
sa_key=$(base64 -w0 sa-key.json)
helm install k10 kasten/k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key
```
If the Google Service Account belongs to a project other than the one in which the cluster
is located, then the project's ID of the cluster must be also provided during the installation:
```bash
sa_key=$(base64 -w0 sa-key.json)
helm install k10 kasten/k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key --set secrets.googleProjectId=<project-id>
```

188
charts/kasten/k10/charts/grafana/values.yaml
View File

@ -5099,6 +5099,194 @@ dashboards:
],
"title": "Execution Control",
"type": "row"
},
{
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 54
},
"id": 84,
"panels": [
{
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percentunit"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 55
},
"id": 86,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": "Prometheus",
"editorMode": "code",
"expr": "sum(rate(action_export_transferred_bytes[30m]))/sum((rate(action_export_processed_bytes[30m])>0))",
"legendFormat": "Transferred/Processed across all actions",
"range": true,
"refId": "A"
}
],
"title": "Transferred/Processed Ratio",
"type": "timeseries"
},
{
"datasource": "Prometheus",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percentunit"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 55
},
"id": 88,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": "Prometheus",
"editorMode": "code",
"expr": "(rate(action_export_transferred_bytes[30m])/(rate(action_export_processed_bytes[30m])>0))",
"legendFormat": "{{policy}}:{{app}}",
"range": true,
"refId": "A"
}
],
"title": "Transferred/Processed Ratio per policy:app",
"type": "timeseries"
}
],
"title": "Data reduction",
"type": "row"
}
],
"schemaVersion": 37,

2
charts/kasten/k10/templates/_definitions.tpl
View File

@ -31,9 +31,9 @@ vbrintegrationapi:
{{- end -}}
{{- define "k10.colocatedServiceLookup" -}}
crypto:
- bloblifecyclemanager
- events
- garbagecollector
- bloblifecyclemanager
dashboardbff:
- vbrintegrationapi
state:

17
charts/kasten/k10/templates/_helpers.tpl
View File

@ -500,7 +500,22 @@ Check if Google creds are specified
*/}}
{{- define "check.googlecreds" -}}
{{- if .Values.secrets.googleApiKey -}}
{{- print true -}}
{{- if eq (include "check.isBase64" .Values.secrets.googleApiKey) "false" -}}
{{- fail "secrets.googleApiKey must be base64 encoded" -}}
{{- end -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if Google Project ID is specified
*/}}
{{- define "check.googleproject" -}}
{{- if .Values.secrets.googleProjectId -}}
{{- if not .Values.secrets.googleApiKey -}}
{{- fail "secrets.googleApiKey field is required when using secrets.googleProjectId" -}}
{{- end -}}
{{- print true -}}
{{- end -}}
{{- end -}}

9
charts/kasten/k10/templates/_k10_container.tpl
View File

@ -83,6 +83,13 @@ stating that types are not same for the equality check
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/var/run/secrets/kasten.io/kasten-gke-sa.json"
{{- end }}
{{- if eq (include "check.googleproject" .) "true" }}
- name: projectID
valueFrom:
secretKeyRef:
name: google-secret
key: kasten-gke-project
{{- end }}
{{- if eq (include "check.ibmslcreds" .) "true" }}
- name: IBM_SL_API_KEY
valueFrom:
@ -374,7 +381,7 @@ stating that types are not same for the equality check
configMapKeyRef:
name: k10-config
key: AWSAssumeRoleDuration
{{- if (list "dashboardbff" "catalog" | has $service) }}
{{- if (list "dashboardbff" "catalog" "executor" | has $service) }}
{{- if .Values.metering.mode }}
- name: K10REPORTMODE
value: {{ .Values.metering.mode }}

2
charts/kasten/k10/templates/_k10_image_tag.tpl
View File

@ -1 +1 @@
{{- define "k10.imageTag" -}}6.0.3{{- end -}}
{{- define "k10.imageTag" -}}6.0.4{{- end -}}

3
charts/kasten/k10/templates/secrets.yaml
View File

@ -42,6 +42,9 @@ metadata:
type: Opaque
data:
kasten-gke-sa.json: {{ .Values.secrets.googleApiKey }}
{{- if eq (include "check.googleproject" .) "true" }}
kasten-gke-project: {{ .Values.secrets.googleProjectId | b64enc }}
{{- end }}
{{- end }}
{{- if eq (include "check.ibmslcreds" .) "true" }}
---

10
charts/kasten/k10/values.schema.json
View File

@ -1146,7 +1146,13 @@
"type": "string",
"default": "",
"title": "Google API Key",
"description": "Non-default base64 encoded GCP Service Account key file"
"description": "Non-default base64 encoded GCP Service Account key"
},
"googleProjectId": {
"type": "string",
"default": "",
"title": "Google Project ID",
"description": "Set Google Project ID other than the one in the GCP Service Account"
},
"ibmSoftLayerApiKey": {
"type": "string",
@ -2615,7 +2621,7 @@
"items": {
"type": "string"
},
"default": [],
"default": ["kube-system", "kube-ingress", "kube-node-lease", "kube-public", "kube-rook-ceph"],
"title": "List of applications to be excluded",
"description": "List of applications to be excluded from the dashboard & compliance considerations"
},

3
charts/kasten/k10/values.yaml
View File

@ -228,6 +228,7 @@ secrets:
awsSecretAccessKey: ''
awsIamRole: ''
googleApiKey: ''
googleProjectId: ''
dockerConfig: ''
dockerConfigPath: ''
azureTenantId: ''
@ -456,7 +457,7 @@ awsConfig:
assumeRoleDuration: ""
efsBackupVaultName: "k10vault"
excludedApps: []
excludedApps: ["kube-system", "kube-ingress", "kube-node-lease", "kube-public", "kube-rook-ceph"]
grafana:
enabled: true

6
charts/mongodb/community-operator/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: community-operator-crds
repository: https://mongodb.github.io/helm-charts
version: 0.8.0
digest: sha256:0269f3a1c42f288a4b21afb4ad5a0ad5044b87525bc9176891538785f9f8c9f4
generated: "2023-05-16T09:59:08.976230041Z"
version: 0.8.1
digest: sha256:cda6f5b7bcff0acff268d6280b2106411c814c046889d90c22b3810e2dcf9bb2
generated: "2023-07-31T14:53:29.831699918Z"

6
charts/mongodb/community-operator/Chart.yaml
View File

@ -4,12 +4,12 @@ annotations:
catalog.cattle.io/kube-version: '>=1.16-0'
catalog.cattle.io/release-name: community-operator
apiVersion: v2
appVersion: 0.8.0
appVersion: 0.8.1
dependencies:
- condition: community-operator-crds.enabled
name: community-operator-crds
repository: file://./charts/community-operator-crds
version: 0.8.0
version: 0.8.1
description: MongoDB Kubernetes Community Operator
home: https://github.com/mongodb/mongodb-kubernetes-operator
icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
@ -23,4 +23,4 @@ maintainers:
name: MongoDB
name: community-operator
type: application
version: 0.8.0
version: 0.8.1

4
charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 0.8.0
appVersion: 0.8.1
description: MongoDB Kubernetes Community Operator - CRDs
home: https://github.com/mongodb/mongodb-kubernetes-operator
icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
@ -13,4 +13,4 @@ maintainers:
name: MongoDB
name: community-operator-crds
type: application
version: 0.8.0
version: 0.8.1

26
charts/mongodb/community-operator/charts/community-operator-crds/templates/mongodbcommunity.mongodb.com_mongodbcommunity.yaml
View File

@ -52,6 +52,12 @@ spec:
spec:
description: MongoDBCommunitySpec defines the desired state of MongoDB
properties:
additionalConnectionStringConfig:
description: Additional options to be appended to the connection string.
These options apply to the entire resource and to each user.
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
additionalMongodConfig:
description: 'AdditionalMongodConfig is additional configuration that
can be passed to each data-bearing mongod at runtime. Uses the same
@ -331,6 +337,19 @@ spec:
description: StatefulSetConfiguration holds the optional custom StatefulSet
that should be merged into the operator created one.
properties:
metadata:
description: StatefulSetMetadataWrapper is a wrapper around Labels
and Annotations
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
@ -348,6 +367,13 @@ spec:
in your deployment
items:
properties:
additionalConnectionStringConfig:
description: Additional options to be appended to the connection
string. These options apply only to this user and will override
any existing options in the resource.
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
connectionStringSecretName:
description: ConnectionStringSecretName is the name of the secret
object created by the operator which exposes the connection

5
charts/mongodb/community-operator/templates/mongodbcommunity_cr_with_tls.yaml
View File

@ -75,5 +75,8 @@ spec:
{{- end }}
authentication:
modes: ["SCRAM"]
users: []
{{- with .Values.resource.users }}
users:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

13
charts/mongodb/community-operator/templates/operator.yaml
View File

@ -22,6 +22,10 @@ spec:
labels:
name: {{ .Values.operator.name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@ -68,7 +72,12 @@ spec:
name: {{ .Values.operator.deploymentName }}
resources:
{{- toYaml .Values.operator.resources | nindent 12 }}
{{- if .Values.operator.securityContext }}
securityContext:
readOnlyRootFilesystem: true
runAsUser: 2000
{{- toYaml .Values.operator.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.operator.podSecurityContext }}
securityContext:
{{- toYaml .Values.operator.podSecurityContext | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.operator.name }}

35
charts/mongodb/community-operator/values.yaml
View File

@ -1,3 +1,8 @@
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: "image-pull-secret"
## Operator
operator:
# Name that will be assigned to most of internal Kubernetes objects like
@ -11,7 +16,7 @@ operator:
deploymentName: mongodb-kubernetes-operator
# Version of mongodb-kubernetes-operator
version: 0.8.0
version: 0.8.1
# Uncomment this line to watch all namespaces
# watchNamespace: "*"
@ -31,6 +36,12 @@ operator:
# - name: CLUSTER_DOMAIN
# value: my-cluster.domain
podSecurityContext:
runAsNonRoot: true
runAsUser: 2000
securityContext: {}
## Operator's database
database:
name: mongodb-database
@ -45,13 +56,13 @@ database:
agent:
name: mongodb-agent
version: 12.0.21.7698-1
version: 12.0.24.7719-1
versionUpgradeHook:
name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
version: 1.0.7
readinessProbe:
name: mongodb-kubernetes-readinessprobe
version: 1.0.14
version: 1.0.15
mongodb:
name: mongo
repo: docker.io
@ -85,3 +96,21 @@ resource:
certManager:
certDuration: 8760h # 365 days
renewCertBefore: 720h # 30 days
users: []
# if using the MongoDBCommunity Resource, list any users to be added to the resource
# users:
# - name: my-user
# db: admin
# passwordSecretRef: # a reference to the secret that will be used to generate the user's password
# name: <secretName>
# roles:
# - name: clusterAdmin
# db: admin
# - name: userAdminAnyDatabase
# db: admin
# - name: readWriteAnyDatabase
# db: admin
# - name: dbAdminAnyDatabase
# db: admin
# scramCredentialsSecretName: my-scram

4
charts/nats/nats/.helmignore
View File

@ -14,9 +14,13 @@
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# template tests
/test

2
charts/nats/nats/Chart.yaml
View File

@ -18,4 +18,4 @@ maintainers:
name: The NATS Authors
url: https://github.com/nats-io
name: nats
version: 0.19.17
version: 1.0.0

1129
charts/nats/nats/README.md
View File

File diff suppressed because it is too large Load Diff

155
charts/nats/nats/UPGRADING.md Normal file
View File

@ -0,0 +1,155 @@
# Upgrading from 0.x to 1.x
Instructions for upgrading an existing `nats` 0.x release to 1.x.
## Rename Immutable Fields
There are a number of immutable fields in the NATS Stateful Set and NATS Box deployment. All 1.x `values.yaml` files targeting an existing 0.x release will require some or all of these settings:
```yaml
config:
# required if using JetStream file storage
jetstream:
# uncomment the next line if using JetStream file storage
# enabled: true
fileStore:
pvc:
name:
$tplYaml: >-
{{ include "nats.fullname" . }}-js-pvc
# set other PVC options here to make it match 0.x, refer to values.yaml for schema
# required if using a full or cache resolver
resolver:
# uncomment the next line if using a full or cache resolver
# enabled: true
pvc:
name: nats-jwt-pvc
# set other PVC options here to make it match 0.x, refer to values.yaml for schema
# required
statefulSet:
patch:
- op: remove
path: /spec/selector/matchLabels/app.kubernetes.io~1component
- $tplYamlSpread: |-
{{- if and
.Values.config.jetstream.enabled
.Values.config.jetstream.fileStore.enabled
.Values.config.jetstream.fileStore.pvc.enabled
.Values.config.resolver.enabled
.Values.config.resolver.pvc.enabled
}}
- op: move
from: /spec/volumeClaimTemplates/0
path: /spec/volumeClaimTemplates/1
{{- else}}
[]
{{- end }}
# required
headlessService:
name:
$tplYaml: >-
{{ include "nats.fullname" . }}
# required unless 0.x values explicitly set nats.serviceAccount.create=false
serviceAccount:
enabled: true
# required to use new ClusterIP service for Clients accessing NATS
# if using TLS, this may require adding another SAN
service:
# uncomment the next line to disable the new ClusterIP service
# enabled: false
name:
$tplYaml: >-
{{ include "nats.fullname" . }}-svc
# required if using NatsBox
natsBox:
deployment:
patch:
- op: replace
path: /spec/selector/matchLabels
value:
app: nats-box
- op: add
path: /spec/template/metadata/labels/app
value: nats-box
```
## Update NATS Config to new values.yaml schema
Most values that control the NATS Config have changed and moved under the `config` key. Refer to the 1.x Chart's [values.yaml](values.yaml) for the complete schema.
After migrating to the new values schema, ensure that changes you expect in the NATS Config files match by templating the old and new config files.
Template your old 0.x Config Map, this example uses a file called `values-old.yaml`:
```sh
helm template \
--version "0.x" \
-f values-old.yaml \
-s templates/configmap.yaml \
nats \
nats/nats
```
Template your new 1.x Config Map, this example uses a file called `values.yaml`:
```sh
helm template \
--version "^1-beta" \
-f values.yaml \
-s templates/config-map.yaml \
nats \
nats/nats
```
## Update Kubernetes Resources to new values.yaml schema
Most values that control Kubernetes Resources have been changed. Refer to the 1.x Chart's [values.yaml](values.yaml) for the complete schema.
After migrating to the new values schema, ensure that changes you expect in resources match by templating the old and new resources.
| Resource | 0.x Template File | 1.x Template File |
|-------------------------|---------------------------------|-------------------------------------------|
| Config Map | `templates/configmap.yaml` | `templates/config-map.yaml` |
| Stateful Set | `templates/statefulset.yaml` | `templates/stateful-set.yaml` |
| Headless Service | `templates/service.yaml` | `templates/headless-service.yaml` |
| ClusterIP Service | N/A | `templates/service.yaml` |
| Network Policy | `templates/networkpolicy.yaml` | N/A |
| Pod Disruption Budget | `templates/pdb.yaml` | `templates/pod-disruption-budget.yaml` |
| Service Account | `templates/rbac.yaml` | `templates/service-account.yaml` |
| Resource | `templates/` | `templates/` |
| Resource | `templates/` | `templates/` |
| Prometheus Monitor | `templates/serviceMonitor.yaml` | `templates/pod-monitor.yaml` |
| NatsBox Deployment | `templates/nats-box.yaml` | `templates/nats-box/deployment.yaml` |
| NatsBox Service Account | N/A | `templates/nats-box/service-account.yaml` |
| NatsBox Contents Secret | N/A | `templates/nats-box/contents-secret.yaml` |
| NatsBox Contexts Secret | N/A | `templates/nats-box/contexts-secret.yaml` |
For example, to check that the Stateful Set matches:
Template your old 0.x Stateful Set, this example uses a file called `values-old.yaml`:
```sh
helm template \
--version "0.x" \
-f values-old.yaml \
-s templates/statefulset.yaml \
nats \
nats/nats
```
Template your new 1.x Stateful Set, this example uses a file called `values.yaml`:
```sh
helm template \
--version "^1-beta" \
-f values.yaml \
-s templates/stateful-set.yaml \
nats \
nats/nats
```

10
charts/nats/nats/files/config-map.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .Values.configMap.name }}
labels:
{{- include "nats.labels" $ | nindent 4 }}
data:
nats.conf: |
{{- include "nats.formatConfig" .config | nindent 4 }}

32
charts/nats/nats/files/config/cluster.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- with .Values.config.cluster }}
name: {{ $.Values.statefulSet.name }}
port: {{ .port }}
no_advertise: true
routes:
{{- $proto := ternary "tls" "nats" .tls.enabled }}
{{- $auth := "" }}
{{- if and .routeURLs.user .routeURLs.password }}
{{- $auth = printf "%s:%s@" (urlquery .routeURLs.user) (urlquery .routeURLs.password) -}}
{{- end }}
{{- $domain := $.Values.headlessService.name }}
{{- if .routeURLs.useFQDN }}
{{- $domain = printf "%s.%s.svc.%s" $domain (include "nats.namespace" $) .routeURLs.k8sClusterDomain }}
{{- end }}
{{- $port := (int .port) }}
{{- range $i, $_ := until (int .replicas) }}
- {{ printf "%s://%s%s-%d.%s:%d" $proto $auth $.Values.statefulSet.name $i $domain $port }}
{{- end }}
{{- if and .routeURLs.user .routeURLs.password }}
authorization:
user: {{ .routeURLs.user | quote }}
password: {{ .routeURLs.password | quote }}
{{- end }}
{{- with .tls }}
{{- if .enabled }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

115
charts/nats/nats/files/config/config.yaml Normal file
View File

@ -0,0 +1,115 @@
{{- $pidFile := ternary "/var/run/nats/nats.pid" "/var/run/nats.pid" .Values.reloader.enabled }}
{{- with .Values.config }}
server_name: << $SERVER_NAME >>
lame_duck_grace_period: 10s
lame_duck_duration: 30s
pid_file: {{ $pidFile }}
########################################
# NATS
########################################
{{- with .nats }}
port: {{ .port }}
{{- with .tls }}
{{- if .enabled }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
########################################
# leafnodes
########################################
{{- with .leafnodes }}
{{- if .enabled }}
leafnodes:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/leafnodes.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
########################################
# websocket
########################################
{{- with .websocket }}
{{- if .enabled }}
websocket:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/websocket.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
########################################
# MQTT
########################################
{{- with .mqtt }}
{{- if .enabled }}
mqtt:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/mqtt.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
########################################
# cluster
########################################
{{- with .cluster }}
{{- if .enabled }}
cluster:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/cluster.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
########################################
# gateway
########################################
{{- with .gateway }}
{{- if .enabled }}
gateway:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/gateway.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
########################################
# monitor
########################################
{{- with .monitor }}
{{- if .enabled }}
{{- if .tls.enabled }}
https_port: {{ .port }}
{{- else }}
http_port: {{ .port }}
{{- end }}
{{- end }}
{{- end }}
########################################
# profiling
########################################
{{- with .profiling }}
{{- if .enabled }}
prof_port: {{ .port }}
{{- end }}
{{- end }}
########################################
# jetstream
########################################
{{- with $.Values.config.jetstream -}}
{{- if .enabled }}
jetstream:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/jetstream.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
########################################
# resolver
########################################
{{- with $.Values.config.resolver -}}
{{- if .enabled }}
resolver:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/resolver.yaml" "ctx" $) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

11
charts/nats/nats/files/config/gateway.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- with .Values.config.gateway }}
name: {{ $.Values.statefulSet.name }}
port: {{ .port }}
{{- with .tls }}
{{- if .enabled }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

23
charts/nats/nats/files/config/jetstream.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- with .Values.config.jetstream }}
{{- with .memoryStore }}
{{- if .enabled }}
{{- with .maxSize }}
max_memory_store: << {{ . }} >>
{{- end }}
{{- else }}
max_memory_store: 0
{{- end }}
{{- end }}
{{- with .fileStore }}
{{- if .enabled }}
store_dir: {{ .dir }}
{{- if .maxSize }}
max_file_store: << {{ .maxSize }} >>
{{- else if .pvc.enabled }}
max_file_store: << {{ .pvc.size }} >>
{{- end }}
{{- else }}
max_file_store: 0
{{- end }}
{{- end }}
{{- end }}

11
charts/nats/nats/files/config/leafnodes.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- with .Values.config.leafnodes }}
port: {{ .port }}
no_advertise: true
{{- with .tls }}
{{- if .enabled }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

10
charts/nats/nats/files/config/mqtt.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- with .Values.config.mqtt }}
port: {{ .port }}
{{- with .tls }}
{{- if .enabled }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

10
charts/nats/nats/files/config/protocol.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- with .protocol }}
port: {{ .port }}
{{- with .tls }}
{{- if .enabled }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

3
charts/nats/nats/files/config/resolver.yaml Normal file
View File

@ -0,0 +1,3 @@
{{- with .Values.config.resolver }}
dir: {{ .dir }}
{{- end }}

16
charts/nats/nats/files/config/tls.yaml Normal file
View File

@ -0,0 +1,16 @@
# tls
{{- with .tls }}
{{- if .secretName }}
{{- $dir := trimSuffix "/" .dir }}
cert_file: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }}
key_file: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }}
{{- end }}
{{- end }}
# tlsCA
{{- with $.Values.tlsCA }}
{{- if and .enabled (or .configMapName .secretName) }}
{{- $dir := trimSuffix "/" .dir }}
ca_file: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }}
{{- end }}
{{- end }}

13
charts/nats/nats/files/config/websocket.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- with .Values.config.websocket }}
port: {{ .port }}
compression: true
{{- if .tls.enabled }}
{{- with .tls }}
tls:
{{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }}
{{- end }}
{{- else }}
no_tls: true
{{- end }}
{{- end }}

24
charts/nats/nats/files/headless-service.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v1
kind: Service
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .Values.headlessService.name }}
labels:
{{- include "nats.labels" $ | nindent 4 }}
spec:
selector:
{{- include "nats.selectorLabels" $ | nindent 4 }}
clusterIP: None
publishNotReadyAddresses: true
ports:
{{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }}
{{- $configProtocol := get $.Values.config $protocol }}
{{- if or (eq $protocol "nats") $configProtocol.enabled }}
{{- $tlsEnabled := false }}
{{- if hasKey $configProtocol "tls" }}
{{- $tlsEnabled = $configProtocol.tls.enabled }}
{{- end }}
{{- $appProtocol := or (eq $protocol "websocket") (eq $protocol "monitor") | ternary ($tlsEnabled | ternary "https" "http") ($tlsEnabled | ternary "tls" "tcp") }}
- {{ dict "name" $protocol "port" $configProtocol.port "targetPort" $protocol "appProtocol" $appProtocol | toYaml | nindent 4 }}
{{- end }}
{{- end }}

34
charts/nats/nats/files/ingress.yaml Normal file
View File

@ -0,0 +1,34 @@
{{- with .Values.config.websocket.ingress }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .name }}
labels:
{{- include "nats.labels" $ | nindent 4 }}
spec:
{{- with .className }}
ingressClassName: {{ . | quote }}
{{- end }}
rules:
{{- $path := .path }}
{{- $pathType := .pathType }}
{{- range .hosts }}
- host: {{ . | quote }}
http:
paths:
- path: {{ $path | quote }}
pathType: {{ $pathType | quote }}
backend:
service:
name: {{ $.Values.service.name }}
port:
name: websocket
{{- end }}
{{- if .tlsSecretName }}
tls:
- secretName: {{ .tlsSecretName | quote }}
hosts:
{{- toYaml .hosts | nindent 4 }}
{{- end }}
{{- end }}

17
charts/nats/nats/files/nats-box/contents-secret.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .Values.natsBox.contentsSecret.name }}
labels:
{{- include "natsBox.labels" $ | nindent 4 }}
type: Opaque
stringData:
{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
{{- range $secretKey, $secretVal := dict "creds" "creds" "nkey" "nk" }}
{{- $secret := get $ctxVal $secretKey }}
{{- if and $secret $secret.contents }}
"{{ $ctxKey }}.{{ $secretVal }}": {{ $secret.contents | quote }}
{{- end }}
{{- end }}
{{- end }}

49
charts/nats/nats/files/nats-box/contexts-secret/context.yaml Normal file
View File

@ -0,0 +1,49 @@
{{- $contextName := .contextName }}
# url
{{- if .Values.service.enabled }}
url: nats://{{ .Values.service.name }}
{{- else }}
url: nats://{{ .Values.headlessService.name }}
{{- end }}
{{- with .context }}
# creds
{{- with .creds}}
{{- if .contents }}
creds: /etc/nats-contents/{{ $contextName }}.creds
{{- else if .secretName }}
{{- $dir := trimSuffix "/" .dir }}
creds: {{ printf "%s/%s" $dir (.key | default "nats.creds") | quote }}
{{- end }}
{{- end }}
# nkey
{{- with .nkey}}
{{- if .contents }}
nkey: /etc/nats-contents/{{ $contextName }}.nk
{{- else if .secretName }}
{{- $dir := trimSuffix "/" .dir }}
nkey: {{ printf "%s/%s" $dir (.key | default "nats.nk") | quote }}
{{- end }}
{{- end }}
# tls
{{- with .tls }}
{{- if .secretName }}
{{- $dir := trimSuffix "/" .dir }}
cert: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }}
key: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }}
{{- end }}
{{- end }}
# tlsCA
{{- with $.Values.tlsCA }}
{{- if and .enabled (or .configMapName .secretName) }}
{{- $dir := trimSuffix "/" .dir }}
ca: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }}
{{- end }}
{{- end }}
{{- end }}

13
charts/nats/nats/files/nats-box/contexts-secret/contexts-secret.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .Values.natsBox.contextsSecret.name }}
labels:
{{- include "natsBox.labels" $ | nindent 4 }}
type: Opaque
stringData:
{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
"{{ $ctxKey }}.json": |
{{- include "toPrettyRawJson" (include "nats.loadMergePatch" (dict "file" "nats-box/contexts-secret/context.yaml" "merge" (.merge | default dict) "patch" (.patch | default list) "ctx" (merge (dict "contextName" $ctxKey "context" $ctxVal) $)) | fromYaml) | nindent 4 }}
{{- end }}

43
charts/nats/nats/files/nats-box/deployment/container.yaml Normal file
View File

@ -0,0 +1,43 @@
name: nats-box
{{ include "nats.image" (merge (pick $.Values "global") .Values.natsBox.container.image) }}
{{- with .Values.natsBox.container.env }}
env:
{{- include "nats.env" . }}
{{- end }}
command:
- sh
- -ec
- |
work_dir="$(pwd)"
mkdir -p "$XDG_CONFIG_HOME/nats"
cd "$XDG_CONFIG_HOME/nats"
if ! [ -s context ]; then
ln -s /etc/nats-contexts context
fi
{{- if .Values.natsBox.defaultContextName }}
if ! [ -f context.txt ]; then
echo -n {{ .Values.natsBox.defaultContextName | quote }} > context.txt
fi
{{- end }}
cd "$work_dir"
exec sh -ec "$0"
args:
- trap true INT TERM; sleep infinity & wait
volumeMounts:
# contexts secret
- name: contexts
mountPath: /etc/nats-contexts
# contents secret
{{- if .hasContentsSecret }}
- name: contents
mountPath: /etc/nats-contents
{{- end }}
# tlsCA
{{- include "nats.tlsCAVolumeMount" $ }}
# secrets
{{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
- name: {{ .name | quote }}
mountPath: {{ .dir | quote }}
{{- end }}

16
charts/nats/nats/files/nats-box/deployment/deployment.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .Values.natsBox.deployment.name }}
labels:
{{- include "natsBox.labels" $ | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "natsBox.selectorLabels" $ | nindent 6 }}
replicas: 1
template:
{{- with .Values.natsBox.podTemplate }}
{{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/pod-template.yaml" "ctx" $) .) | nindent 4 }}
{{- end }}

37
charts/nats/nats/files/nats-box/deployment/pod-template.yaml Normal file
View File

@ -0,0 +1,37 @@
metadata:
labels:
{{- include "natsBox.labels" $ | nindent 4 }}
spec:
containers:
{{- with .Values.natsBox.container }}
- {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/container.yaml" "ctx" $) .) | nindent 4 }}
{{- end }}
# service discovery uses DNS; don't need service env vars
enableServiceLinks: false
{{- with .Values.natsBox.serviceAccount }}
{{- if .enabled }}
serviceAccountName: {{ .name | quote }}
{{- end }}
{{- end }}
volumes:
# contexts secret
- name: contexts
secret:
secretName: {{ .Values.natsBox.contextsSecret.name }}
# contents secret
{{- if .hasContentsSecret }}
- name: contents
secret:
secretName: {{ .Values.natsBox.contentsSecret.name }}
{{- end }}
# tlsCA
{{- include "nats.tlsCAVolume" $ | nindent 2 }}
# secrets
{{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
- name: {{ .name | quote }}
secret:
secretName: {{ .secretName | quote }}
{{- end }}

7
charts/nats/nats/files/nats-box/service-account.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
{{- include "nats.metadataNamespace" $ | nindent 2 }}
name: {{ .Values.natsBox.serviceAccount.name }}
labels:
{{- include "natsBox.labels" $ | nindent 4 }}

Some files were not shown because too many files have changed in this diff Show More