Charts CI

```
Updated:
  bitnami/airflow:
    - 16.0.6
  bitnami/kafka:
    - 26.0.0
  bitnami/tomcat:
    - 10.10.10
  bitnami/wordpress:
    - 18.0.7
  clastix/kamaji:
    - 0.12.8
  datadog/datadog:
    - 3.40.2
  fairwinds/polaris:
    - 5.16.0
  mongodb/community-operator:
    - 0.8.3
  nats/nats:
    - 1.1.2
  new-relic/nri-bundle:
    - 5.0.41
  ngrok/kubernetes-ingress-controller:
    - 0.12.0
  redpanda/redpanda:
    - 5.6.19
  speedscale/speedscale-operator:
    - 1.3.40
  sysdig/sysdig:
    - 1.16.17
```

charts/bitnami/airflow/Chart.yaml

@@ -50,4 +50,4 @@ maintainers:
 name: airflow
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/airflow
-version: 16.0.5
+version: 16.0.6

charts/bitnami/airflow/README.md

@@ -238,7 +238,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
 | `worker.image.registry`                        | Airflow Worker image registry                                                                                            | `docker.io`              |
 | `worker.image.repository`                      | Airflow Worker image repository                                                                                          | `bitnami/airflow-worker` |
-| `worker.image.tag`                             | Airflow Worker image tag (immutable tags are recommended)                                                                | `2.7.2-debian-11-r0`     |
+| `worker.image.tag`                             | Airflow Worker image tag (immutable tags are recommended)                                                                | `2.7.2-debian-11-r1`     |
 | `worker.image.digest`                          | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag           | `""`                     |
 | `worker.image.pullPolicy`                      | Airflow Worker image pull policy                                                                                         | `IfNotPresent`           |
 | `worker.image.pullSecrets`                     | Airflow Worker image pull secrets                                                                                        | `[]`                     |

charts/bitnami/airflow/values.yaml

@@ -650,7 +650,7 @@ worker:
   image:
     registry: docker.io
     repository: bitnami/airflow-worker
-    tag: 2.7.2-debian-11-r0
+    tag: 2.7.2-debian-11-r1
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

charts/bitnami/kafka/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: zookeeper
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 12.1.4
+  version: 12.1.6
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 2.13.2
-digest: sha256:07d7596708cc5b839395c9034fbd54f04e1f5d7baa6e0a9c50f2076b81762d87
+digest: sha256:92a8d2251d74b2692c483948b21d980dbef3eb43af70348da40a12503e233d11
-generated: "2023-10-12T11:26:10.244681296Z"
+generated: "2023-10-16T17:41:20.404606855Z"

charts/bitnami/kafka/Chart.yaml

@@ -10,14 +10,14 @@ annotations:
     - name: kafka-exporter
       image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r132
     - name: kafka
-      image: docker.io/bitnami/kafka:3.5.1-debian-11-r72
+      image: docker.io/bitnami/kafka:3.6.0-debian-11-r0
     - name: kubectl
       image: docker.io/bitnami/kubectl:1.28.2-debian-11-r16
     - name: os-shell
       image: docker.io/bitnami/os-shell:11-debian-11-r90
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 3.5.1
+appVersion: 3.6.0
 dependencies:
 - condition: zookeeper.enabled
   name: zookeeper
@@ -45,4 +45,4 @@ maintainers:
 name: kafka
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kafka
-version: 25.3.5
+version: 26.0.0

charts/bitnami/kafka/README.md

@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
 | `image.registry`                      | Kafka image registry                                                                                                                                                                                       | `docker.io`           |
 | `image.repository`                    | Kafka image repository                                                                                                                                                                                     | `bitnami/kafka`       |
-| `image.tag`                           | Kafka image tag (immutable tags are recommended)                                                                                                                                                           | `3.5.1-debian-11-r72` |
+| `image.tag`                           | Kafka image tag (immutable tags are recommended)                                                                                                                                                           | `3.6.0-debian-11-r0`  |
 | `image.digest`                        | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                                                                      | `""`                  |
 | `image.pullPolicy`                    | Kafka image pull policy                                                                                                                                                                                    | `IfNotPresent`        |
 | `image.pullSecrets`                   | Specify docker-registry secret names as an array                                                                                                                                                           | `[]`                  |

charts/bitnami/kafka/charts/zookeeper/Chart.yaml

@@ -2,9 +2,9 @@ annotations:
   category: Infrastructure
   images: |
     - name: os-shell
-      image: docker.io/bitnami/os-shell:11-debian-11-r89
+      image: docker.io/bitnami/os-shell:11-debian-11-r90
     - name: zookeeper
-      image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r0
+      image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r1
   licenses: Apache-2.0
 apiVersion: v2
 appVersion: 3.9.1
@@ -26,4 +26,4 @@ maintainers:
 name: zookeeper
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
-version: 12.1.4
+version: 12.1.6

charts/bitnami/kafka/charts/zookeeper/README.md

@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
 | `image.registry`              | ZooKeeper image registry                                                                                                   | `docker.io`             |
 | `image.repository`            | ZooKeeper image repository                                                                                                 | `bitnami/zookeeper`     |
-| `image.tag`                   | ZooKeeper image tag (immutable tags are recommended)                                                                       | `3.9.1-debian-11-r0`    |
+| `image.tag`                   | ZooKeeper image tag (immutable tags are recommended)                                                                       | `3.9.1-debian-11-r1`    |
 | `image.digest`                | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                  | `""`                    |
 | `image.pullPolicy`            | ZooKeeper image pull policy                                                                                                | `IfNotPresent`          |
 | `image.pullSecrets`           | Specify docker-registry secret names as an array                                                                           | `[]`                    |
@@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `volumePermissions.enabled`                            | Enable init container that changes the owner and group of the persistent volume                                                   | `false`            |
 | `volumePermissions.image.registry`                     | Init container volume-permissions image registry                                                                                  | `docker.io`        |
 | `volumePermissions.image.repository`                   | Init container volume-permissions image repository                                                                                | `bitnami/os-shell` |
-| `volumePermissions.image.tag`                          | Init container volume-permissions image tag (immutable tags are recommended)                                                      | `11-debian-11-r89` |
+| `volumePermissions.image.tag`                          | Init container volume-permissions image tag (immutable tags are recommended)                                                      | `11-debian-11-r90` |
 | `volumePermissions.image.digest`                       | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`               |
 | `volumePermissions.image.pullPolicy`                   | Init container volume-permissions image pull policy                                                                               | `IfNotPresent`     |
 | `volumePermissions.image.pullSecrets`                  | Init container volume-permissions image pull secrets                                                                              | `[]`               |

charts/bitnami/kafka/charts/zookeeper/values.yaml

@@ -79,7 +79,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/zookeeper
-  tag: 3.9.1-debian-11-r0
+  tag: 3.9.1-debian-11-r1
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -663,7 +663,7 @@ volumePermissions:
   image:
     registry: docker.io
     repository: bitnami/os-shell
-    tag: 11-debian-11-r89
+    tag: 11-debian-11-r90
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.

charts/bitnami/kafka/values.yaml

@@ -80,7 +80,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/kafka
-  tag: 3.5.1-debian-11-r72
+  tag: 3.6.0-debian-11-r0
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

charts/bitnami/tomcat/Chart.yaml

@@ -10,10 +10,10 @@ annotations:
     - name: os-shell
       image: docker.io/bitnami/os-shell:11-debian-11-r90
     - name: tomcat
-      image: docker.io/bitnami/tomcat:10.1.14-debian-11-r0
+      image: docker.io/bitnami/tomcat:10.1.15-debian-11-r0
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 10.1.14
+appVersion: 10.1.15
 dependencies:
 - name: common
   repository: file://./charts/common
@@ -38,4 +38,4 @@ maintainers:
 name: tomcat
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/tomcat
-version: 10.10.9
+version: 10.10.10

charts/bitnami/tomcat/README.md

@@ -81,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
 | `image.registry`              | Tomcat image registry                                                                                  | `docker.io`            |
 | `image.repository`            | Tomcat image repository                                                                                | `bitnami/tomcat`       |
-| `image.tag`                   | Tomcat image tag (immutable tags are recommended)                                                      | `10.1.14-debian-11-r0` |
+| `image.tag`                   | Tomcat image tag (immutable tags are recommended)                                                      | `10.1.15-debian-11-r0` |
 | `image.digest`                | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                   |
 | `image.pullPolicy`            | Tomcat image pull policy                                                                               | `IfNotPresent`         |
 | `image.pullSecrets`           | Specify docker-registry secret names as an array                                                       | `[]`                   |

charts/bitnami/tomcat/values.yaml

@@ -61,7 +61,7 @@ extraDeploy: []
 image:
   registry: docker.io
   repository: bitnami/tomcat
-  tag: 10.1.14-debian-11-r0
+  tag: 10.1.15-debian-11-r0
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

charts/bitnami/wordpress/Chart.yaml

@@ -47,4 +47,4 @@ maintainers:
 name: wordpress
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
-version: 18.0.6
+version: 18.0.7

charts/bitnami/wordpress/README.md

@@ -344,31 +344,32 @@ The command removes all the Kubernetes components associated with the chart and
 
 ### Database Parameters
 
-| Name                                       | Description                                                                       | Value               |
+| Name                                       | Description                                                                                    | Value               |
-| ------------------------------------------ | --------------------------------------------------------------------------------- | ------------------- |
+| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------- |
-| `mariadb.enabled`                          | Deploy a MariaDB server to satisfy the applications database requirements         | `true`              |
+| `mariadb.enabled`                          | Deploy a MariaDB server to satisfy the applications database requirements                      | `true`              |
-| `mariadb.architecture`                     | MariaDB architecture. Allowed values: `standalone` or `replication`               | `standalone`        |
+| `mariadb.architecture`                     | MariaDB architecture. Allowed values: `standalone` or `replication`                            | `standalone`        |
-| `mariadb.auth.rootPassword`                | MariaDB root password                                                             | `""`                |
+| `mariadb.auth.rootPassword`                | MariaDB root password                                                                          | `""`                |
-| `mariadb.auth.database`                    | MariaDB custom database                                                           | `bitnami_wordpress` |
+| `mariadb.auth.database`                    | MariaDB custom database                                                                        | `bitnami_wordpress` |
-| `mariadb.auth.username`                    | MariaDB custom user name                                                          | `bn_wordpress`      |
+| `mariadb.auth.username`                    | MariaDB custom user name                                                                       | `bn_wordpress`      |
-| `mariadb.auth.password`                    | MariaDB custom user password                                                      | `""`                |
+| `mariadb.auth.password`                    | MariaDB custom user password                                                                   | `""`                |
-| `mariadb.primary.persistence.enabled`      | Enable persistence on MariaDB using PVC(s)                                        | `true`              |
+| `mariadb.primary.persistence.enabled`      | Enable persistence on MariaDB using PVC(s)                                                     | `true`              |
-| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class                                                   | `""`                |
+| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class                                                                | `""`                |
-| `mariadb.primary.persistence.accessModes`  | Persistent Volume access modes                                                    | `[]`                |
+| `mariadb.primary.persistence.accessModes`  | Persistent Volume access modes                                                                 | `[]`                |
-| `mariadb.primary.persistence.size`         | Persistent Volume size                                                            | `8Gi`               |
+| `mariadb.primary.persistence.size`         | Persistent Volume size                                                                         | `8Gi`               |
-| `externalDatabase.host`                    | External Database server host                                                     | `localhost`         |
+| `externalDatabase.host`                    | External Database server host                                                                  | `localhost`         |
-| `externalDatabase.port`                    | External Database server port                                                     | `3306`              |
+| `externalDatabase.port`                    | External Database server port                                                                  | `3306`              |
-| `externalDatabase.user`                    | External Database username                                                        | `bn_wordpress`      |
+| `externalDatabase.user`                    | External Database username                                                                     | `bn_wordpress`      |
-| `externalDatabase.password`                | External Database user password                                                   | `""`                |
+| `externalDatabase.password`                | External Database user password                                                                | `""`                |
-| `externalDatabase.database`                | External Database database name                                                   | `bitnami_wordpress` |
+| `externalDatabase.database`                | External Database database name                                                                | `bitnami_wordpress` |
-| `externalDatabase.existingSecret`          | The name of an existing secret with database credentials. Evaluated as a template | `""`                |
+| `externalDatabase.existingSecret`          | The name of an existing secret with database credentials. Evaluated as a template              | `""`                |
-| `memcached.enabled`                        | Deploy a Memcached server for caching database queries                            | `false`             |
+| `memcached.enabled`                        | Deploy a Memcached server for caching database queries                                         | `false`             |
-| `memcached.auth.enabled`                   | Enable Memcached authentication                                                   | `false`             |
+| `memcached.auth.enabled`                   | Enable Memcached authentication                                                                | `false`             |
-| `memcached.auth.username`                  | Memcached admin user                                                              | `""`                |
+| `memcached.auth.username`                  | Memcached admin user                                                                           | `""`                |
-| `memcached.auth.password`                  | Memcached admin password                                                          | `""`                |
+| `memcached.auth.password`                  | Memcached admin password                                                                       | `""`                |
-| `memcached.service.port`                   | Memcached service port                                                            | `11211`             |
+| `memcached.auth.existingPasswordSecret`    | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""`                |
-| `externalCache.host`                       | External cache server host                                                        | `localhost`         |
+| `memcached.service.port`                   | Memcached service port                                                                         | `11211`             |
-| `externalCache.port`                       | External cache server port                                                        | `11211`             |
+| `externalCache.host`                       | External cache server host                                                                     | `localhost`         |
+| `externalCache.port`                       | External cache server port                                                                     | `11211`             |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

charts/bitnami/wordpress/values.yaml

@@ -1174,6 +1174,9 @@ memcached:
     ## @param memcached.auth.password Memcached admin password
     ##
     password: ""
+    ## @param memcached.auth.existingPasswordSecret Existing secret with Memcached credentials (must contain a value for `memcached-password` key)
+    ##
+    existingPasswordSecret: ""
   ## Service parameters
   ##
   service:

charts/clastix/kamaji/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>=1.21.0-0'
   catalog.cattle.io/release-name: kamaji
 apiVersion: v2
-appVersion: v0.3.4
+appVersion: v0.3.5
 description: Kamaji is a Kubernetes Control Plane Manager.
 home: https://github.com/clastix/kamaji
 icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png
@@ -20,4 +20,4 @@ name: kamaji
 sources:
 - https://github.com/clastix/kamaji
 type: application
-version: 0.12.5
+version: 0.12.8

charts/clastix/kamaji/README.md

@@ -1,6 +1,6 @@
 # kamaji
 
-![Version: 0.12.5](https://img.shields.io/badge/Version-0.12.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.4](https://img.shields.io/badge/AppVersion-v0.3.4-informational?style=flat-square)
+![Version: 0.12.8](https://img.shields.io/badge/Version-0.12.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.5](https://img.shields.io/badge/AppVersion-v0.3.5-informational?style=flat-square)
 
 Kamaji is a Kubernetes Control Plane Manager.
 
@@ -100,7 +100,7 @@ Here the values you can override:
 | etcd.persistence.accessModes[0] | string | `"ReadWriteOnce"` |  |
 | etcd.persistence.customAnnotations | object | `{}` | The custom annotations to add to the PVC |
 | etcd.persistence.size | string | `"10Gi"` |  |
-| etcd.persistence.storageClass | string | `""` |  |
+| etcd.persistence.storageClassName | string | `""` |  |
 | etcd.port | int | `2379` | The client request port. |
 | etcd.serviceAccount.create | bool | `true` | Create a ServiceAccount, required to install and provision the etcd backing storage (default: true) |
 | etcd.serviceAccount.name | string | `""` | Define the ServiceAccount name to use during the setup and provision of the etcd backing storage (default: "") |

charts/clastix/kamaji/templates/etcd_job_postinstall.yaml

@@ -30,11 +30,15 @@ spec:
             - bash
             - -c
             - |-
-              etcdctl member list -w table &&
+              etcdctl member list -w table
-              etcdctl user add --no-password=true root &&
+              if etcdctl user get root &>/dev/null; then
-              etcdctl role add root &&
+                echo "User already exists, nothing to do"
-              etcdctl user grant-role root root &&
+              else
-              etcdctl auth enable
+                etcdctl user add --no-password=true root &&
+                etcdctl role add root &&
+                etcdctl user grant-role root root &&
+                etcdctl auth enable
+              fi
           env:
             - name: ETCDCTL_ENDPOINTS
               value: https://etcd-0.{{ include "etcd.serviceName" . }}.{{ .Release.Namespace }}.svc.cluster.local:2379

charts/clastix/kamaji/templates/etcd_job_preinstall.yaml

@@ -37,13 +37,21 @@ spec:
       containers:
         - name: kubectl
           image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
-          command:
+          command: ["/bin/sh", "-c"]
-            - sh
+          args:
-            - -c
+            - |
-            - |-
+              if kubectl get secret {{ include "etcd.caSecretName" . }} --namespace={{ .Release.Namespace }} &>/dev/null; then
-              kubectl --namespace={{ .Release.Namespace }} delete secret --ignore-not-found=true {{ include "etcd.caSecretName" . }} {{ include "etcd.clientSecretName" . }} &&
+                echo "Secret {{ include "etcd.caSecretName" . }} already exists"
-              kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem &&
+              else
-              kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem
+                echo "Creating secret {{ include "etcd.caSecretName" . }}"
+                kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem
+              fi
+              if kubectl get secret {{ include "etcd.clientSecretName" . }} --namespace={{ .Release.Namespace }} &>/dev/null; then
+                echo "Secret {{ include "etcd.clientSecretName" . }} already exists"
+              else
+                echo "Creating secret {{ include "etcd.clientSecretName" . }}"
+                kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem
+              fi
           volumeMounts:
             - mountPath: /certs
               name: certs

charts/clastix/kamaji/templates/etcd_rbac.yaml

@@ -15,6 +15,7 @@ rules:
     resources:
       - secrets
     verbs:
+      - get
       - delete
     resourceNames:
       - {{ include "etcd.caSecretName" . }}

charts/clastix/kamaji/values.yaml

@@ -54,7 +54,7 @@ etcd:
     name: ""
   persistence:
     size: 10Gi
-    storageClass: ""
+    storageClassName: ""
     accessModes:
     - ReadWriteOnce
     # -- The custom annotations to add to the PVC

charts/datadog/datadog/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Datadog changelog
 
+## 3.40.2
+
+* Gate `PodSecurityPolicy` RBAC for k8s versions which no longer support this deprecated API.
+
+## 3.40.1
+
+* Add support for initContainer volume mounts
+
 ## 3.40.0
 
 * Default `Agent` and `Cluster-Agent` to `7.48.0` version.

charts/datadog/datadog/Chart.yaml

@@ -19,4 +19,4 @@ name: datadog
 sources:
 - https://app.datadoghq.com/account/settings#agent/kubernetes
 - https://github.com/DataDog/datadog-agent
-version: 3.40.0
+version: 3.40.2

charts/datadog/datadog/README.md

@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.40.0](https://img.shields.io/badge/Version-3.40.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.40.2](https://img.shields.io/badge/Version-3.40.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -411,6 +411,7 @@ helm install <RELEASE_NAME> \
 | agents.containers.agent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the agent container. |
 | agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers |
 | agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. |
+| agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers |
 | agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container |
 | agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict |
 | agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets |

charts/datadog/datadog/templates/_containers-init-linux.yaml

@@ -53,6 +53,9 @@
       subPath: system-probe.yaml
       readOnly: true
     {{- end }}
+    {{- if .Values.agents.containers.initContainers.volumeMounts }}
+    {{ toYaml .Values.agents.containers.initContainers.volumeMounts | nindent 4 }}
+    {{- end }}
   env:
     {{- include "containers-common-env" . | nindent 4 }}
     {{- if and (eq (include "cluster-agent-enabled" .) "false") .Values.datadog.leaderElection }}

charts/datadog/datadog/templates/_containers-init-windows.yaml

@@ -45,6 +45,9 @@
       readOnly: true
     {{- end }}
     {{- include "container-crisocket-volumemounts" . | nindent 4 }}
+    {{- if .Values.agents.containers.initContainers.volumeMounts }}
+    {{ toYaml .Values.agents.containers.initContainers.volumeMounts | nindent 4 }}
+    {{- end }}
   env:
     {{- include "containers-common-env" . | nindent 4 }}
   resources:

charts/datadog/datadog/templates/cluster-agent-rbac.yaml

@@ -249,7 +249,7 @@ rules:
   - namespaces
   verbs:
   - list
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 - apiGroups:
   - "policy"
   resources:
@@ -274,7 +274,7 @@ rules:
   - list
 {{- end }}
 {{- end }}
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 - apiGroups:
   - policy
   resources:

charts/datadog/datadog/templates/rbac.yaml

@@ -98,7 +98,7 @@ rules:
   - endpoints
   verbs:
   - get
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 - apiGroups:
   - policy
   resources:

charts/datadog/datadog/values.yaml

@@ -1576,6 +1576,8 @@ agents:
       #    memory: 200Mi
       # agents.containers.initContainers.securityContext -- Allows you to overwrite the default container SecurityContext for the init containers.
       securityContext: {}
+      # agents.containers.initContainers.volumeMounts -- Specify additional volumes to mount for the init containers
+      volumeMounts: []
 
   # agents.volumes -- Specify additional volumes to mount in the dd-agent container
   volumes: []

charts/fairwinds/polaris/CHANGELOG.md

@@ -5,6 +5,9 @@ All notable changes to this Helm chart will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this chart adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 5.16.0
+* Added default PDBs for both the webhook and the dashboard
+
 ## 5.15.0
 
 * Support `string` type of `config` value

charts/fairwinds/polaris/Chart.yaml

@@ -12,4 +12,4 @@ maintainers:
 - email: robertb@fairwinds.com
   name: rbren
 name: polaris
-version: 5.15.0
+version: 5.16.0

charts/fairwinds/polaris/README.md

@@ -75,6 +75,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
 | dashboard.disallowConfigExemptions | bool | `false` | Disallow exemptions that are configured in the config file |
 | dashboard.disallowAnnotationExemptions | bool | `false` | Disallow exemptions that are configured via annotations |
 | dashboard.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | securityContext to apply to the dashboard container |
+| dashboard.pdb.enable | bool | `true` | If true, enables a PDB for the dashboard |
 | webhook.enable | bool | `false` | Whether to run the webhook |
 | webhook.validate | bool | `true` | Enables the Validating Webhook, to reject resources with issues |
 | webhook.mutate | bool | `false` | Enables the Mutating Webhook, to modify resources with issues |
@@ -103,6 +104,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
 | webhook.disallowAnnotationExemptions | bool | `false` | Disallow exemptions that are configured via annotations |
 | webhook.mutatingConfigurationAnnotations | object | `{}` |  |
 | webhook.validatingConfigurationAnnotations | object | `{}` |  |
+| webhook.pdb.enable | bool | `true` | If true, enables a PDB for the webhook |
 | audit.enable | bool | `false` | Runs a one-time audit. This is used internally at Fairwinds, and may not be useful for others. |
 | audit.cleanup | bool | `false` | Whether to delete the namespace once the audit is finished. |
 | audit.outputURL | string | `""` | A URL which will receive a POST request with audit results. |

charts/fairwinds/polaris/templates/dashboard.pdb.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.dashboard.pdb }}
+{{- if and .Values.dashboard.enable .Values.dashboard.pdb.enable -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "polaris.fullname" . }}-dashboard
+  {{- if .Values.templateOnly }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "polaris.labels" . | nindent 4 }}
+    component: dashboard
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      {{- include "polaris.selectors" . | nindent 6 }}
+      component: dashboard
+{{- end }}
+{{- end }}

charts/fairwinds/polaris/templates/webhook.pdb.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.webhook.pdb }}
+{{- if and .Values.webhook.enable .Values.webhook.pdb.enable -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "polaris.fullname" . }}-webhook
+  {{- if .Values.templateOnly }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "polaris.labels" . | nindent 4 }}
+    component: webhook
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      {{- include "polaris.selectors" . | nindent 6 }}
+      component: webhook
+{{- end }}
+{{- end }}

charts/fairwinds/polaris/values.yaml

@@ -129,6 +129,9 @@ dashboard:
     capabilities:
       drop:
         - ALL
+  pdb:
+    # -- If true, enables a PDB for the dashboard
+    enable: true
 
 webhook:
   # webhook.enable -- Whether to run the webhook
@@ -244,6 +247,9 @@ webhook:
   disallowAnnotationExemptions: false
   mutatingConfigurationAnnotations: {}
   validatingConfigurationAnnotations: {}
+  pdb:
+    # -- If true, enables a PDB for the webhook
+    enable: true
 
 audit:
   # audit.enable -- Runs a one-time audit. This is used internally at Fairwinds, and may not be useful for others.

charts/mongodb/community-operator/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: community-operator-crds
   repository: https://mongodb.github.io/helm-charts
-  version: 0.8.2
+  version: 0.8.3
-digest: sha256:ddb4acc5ed25e7bd4751ae01be4326c7fdb37b6a3136cc21724af2fe0a5539b7
+digest: sha256:d2b27b3bb494d226e7af474e0441caab70859066e41186c0348d3d9b42006773
-generated: "2023-08-14T14:30:36.87801532Z"
+generated: "2023-10-17T14:45:13.566377748Z"

charts/mongodb/community-operator/Chart.yaml

@@ -4,12 +4,12 @@ annotations:
   catalog.cattle.io/kube-version: '>=1.16-0'
   catalog.cattle.io/release-name: community-operator
 apiVersion: v2
-appVersion: 0.8.2
+appVersion: 0.8.3
 dependencies:
 - condition: community-operator-crds.enabled
   name: community-operator-crds
   repository: file://./charts/community-operator-crds
-  version: 0.8.2
+  version: 0.8.3
 description: MongoDB Kubernetes Community Operator
 home: https://github.com/mongodb/mongodb-kubernetes-operator
 icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
@@ -23,4 +23,4 @@ maintainers:
   name: MongoDB
 name: community-operator
 type: application
-version: 0.8.2
+version: 0.8.3

charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.8.2
+appVersion: 0.8.3
 description: MongoDB Kubernetes Community Operator - CRDs
 home: https://github.com/mongodb/mongodb-kubernetes-operator
 icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
@@ -13,4 +13,4 @@ maintainers:
   name: MongoDB
 name: community-operator-crds
 type: application
-version: 0.8.2
+version: 0.8.3

charts/mongodb/community-operator/charts/community-operator-crds/templates/mongodbcommunity.mongodb.com_mongodbcommunity.yaml

@@ -69,10 +69,58 @@ spec:
                 description: AgentConfiguration sets options for the MongoDB automation
                   agent
                 properties:
+                  logFile:
+                    type: string
                   logLevel:
                     type: string
+                  logRotate:
+                    description: LogRotate if enabled, will enable LogRotate for all
+                      processes.
+                    properties:
+                      includeAuditLogsWithMongoDBLogs:
+                        description: set to 'true' to have the Automation Agent rotate
+                          the audit files along with mongodb log files
+                        type: boolean
+                      numTotal:
+                        description: maximum number of log files to have total
+                        type: integer
+                      numUncompressed:
+                        description: maximum number of log files to leave uncompressed
+                        type: integer
+                      percentOfDiskspace:
+                        description: Maximum percentage of the total disk space these
+                          log files should take up. The string needs to be able to
+                          be converted to float64
+                        type: string
+                      sizeThresholdMB:
+                        description: Maximum size for an individual log file before
+                          rotation. The string needs to be able to be converted to
+                          float64. Fractional values of MB are supported.
+                        type: string
+                      timeThresholdHrs:
+                        description: maximum hours for an individual log file before
+                          rotation
+                        type: integer
+                    required:
+                    - sizeThresholdMB
+                    - timeThresholdHrs
+                    type: object
                   maxLogFileDurationHours:
                     type: integer
+                  systemLog:
+                    description: SystemLog configures system log of mongod
+                    properties:
+                      destination:
+                        type: string
+                      logAppend:
+                        type: boolean
+                      path:
+                        type: string
+                    required:
+                    - destination
+                    - logAppend
+                    - path
+                    type: object
                 type: object
               arbiters:
                 description: 'Arbiters is the number of arbiters to add to the Replica
@@ -91,6 +139,40 @@ spec:
                       properties:
                         disabled:
                           type: boolean
+                        logRotate:
+                          description: CrdLogRotate is the crd definition of LogRotate
+                            including fields in strings while the agent supports them
+                            as float64
+                          properties:
+                            includeAuditLogsWithMongoDBLogs:
+                              description: set to 'true' to have the Automation Agent
+                                rotate the audit files along with mongodb log files
+                              type: boolean
+                            numTotal:
+                              description: maximum number of log files to have total
+                              type: integer
+                            numUncompressed:
+                              description: maximum number of log files to leave uncompressed
+                              type: integer
+                            percentOfDiskspace:
+                              description: Maximum percentage of the total disk space
+                                these log files should take up. The string needs to
+                                be able to be converted to float64
+                              type: string
+                            sizeThresholdMB:
+                              description: Maximum size for an individual log file
+                                before rotation. The string needs to be able to be
+                                converted to float64. Fractional values of MB are
+                                supported.
+                              type: string
+                            timeThresholdHrs:
+                              description: maximum hours for an individual log file
+                                before rotation
+                              type: integer
+                          required:
+                          - sizeThresholdMB
+                          - timeThresholdHrs
+                          type: object
                         name:
                           type: string
                       required:
@@ -173,6 +255,29 @@ spec:
                 properties:
                   authentication:
                     properties:
+                      agentCertificateSecretRef:
+                        description: 'AgentCertificateSecret is a reference to a Secret
+                          containing the certificate and the key for the automation
+                          agent The secret needs to have available: - certificate
+                          under key: "tls.crt" - private key under key: "tls.key"
+                          If additionally, tls.pem is present, then it needs to be
+                          equal to the concatenation of tls.crt and tls.key'
+                        properties:
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                              TODO: Add other useful fields. apiVersion, kind, uid?'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      agentMode:
+                        description: AgentMode contains the authentication mode used
+                          by the automation agent.
+                        enum:
+                        - SCRAM
+                        - SCRAM-SHA-256
+                        - SCRAM-SHA-1
+                        - X509
+                        type: string
                       ignoreUnknownUsers:
                         default: true
                         nullable: true
@@ -185,6 +290,7 @@ spec:
                           - SCRAM
                           - SCRAM-SHA-256
                           - SCRAM-SHA-1
+                          - X509
                           type: string
                         type: array
                     required:
@@ -428,9 +534,7 @@ spec:
                       type: string
                   required:
                   - name
-                  - passwordSecretRef
                   - roles
-                  - scramCredentialsSecretName
                   type: object
                 type: array
               version:

charts/mongodb/community-operator/templates/mongodbcommunity_cr_with_tls.yaml

@@ -50,8 +50,64 @@ spec:
   commonName: "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
   dnsNames:
     - "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
+{{- if .Values.resource.tls.useX509 }}
+# Agent X509 certs
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: agent-certs
+  namespace: {{ .Values.namespace }}
+spec:
+  commonName: mms-automation-agent
+  dnsNames:
+    - automation
+  duration: 240h0m0s
+  issuerRef:
+    name: tls-ca-issuer
+  renewBefore: 120h0m0s
+  secretName: agent-certs
+  subject:
+    countries:
+      - US
+    localities:
+      - NY
+    organizationalUnits:
+      - a-1635241837-m5yb81lfnrz
+    organizations:
+      - cluster.local-agent
+    provinces:
+      - NY
+  usages:
+    - digital signature
+    - key encipherment
+    - client auth
+{{- end }}
+{{- if .Values.resource.tls.sampleX509User }}
+# Client certs
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: x509-user-cert
+  namespace: {{ .Values.namespace }}
+spec:
+  commonName: my-x509-user
+  duration: 240h0m0s
+  issuerRef:
+    name: tls-ca-issuer
+  renewBefore: 120h0m0s
+  secretName: my-x509-user-cert
+  subject:
+    organizationalUnits:
+      - organizationalunit
+    organizations:
+      - organization
+  usages:
+    - digital signature
+    - client auth
+{{- end }}
 {{- end }}
-
 {{- if .Values.createResource }}
 # mongodb resources
 ---
@@ -74,9 +130,24 @@ spec:
         name: {{ .Values.resource.tls.caCertificateSecretRef }}
       {{- end }}
     authentication:
+      {{- if .Values.resource.tls.useX509 }}
+      modes: ["X509"]
+      {{- else }}
       modes: ["SCRAM"]
-  {{- with .Values.resource.users }}
+      {{- end }}
+  {{- if .Values.resource.tls.sampleX509User }}
   users:
-  {{- toYaml . | nindent 4 }}
+  - name: CN=my-x509-user,OU=organizationalunit,O=organization
-  {{- end }}
+    db: $external
+    roles:
+      - name: clusterAdmin
+        db: admin
+      - name: userAdminAnyDatabase
+        db: admin
+      - name: readWriteAnyDatabase
+        db: admin
+  {{- else }}
+  users:
+  {{- toYaml .Values.resource.users | nindent 4 }}
+  {{- end}}
 {{- end }}

charts/mongodb/community-operator/templates/operator.yaml

@@ -9,7 +9,7 @@ metadata:
   name: {{ .Values.operator.name }}
   namespace: {{ .Release.Namespace }}
 spec:
-  replicas: 1
+  replicas:  {{ .Values.operator.replicas }}
   selector:
     matchLabels:
       name: {{ .Values.operator.name }}

charts/mongodb/community-operator/values.yaml

@@ -2,7 +2,6 @@
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 # - name: "image-pull-secret"
-
 ## Operator
 operator:
   # Name that will be assigned to most of internal Kubernetes objects like
@@ -16,7 +15,7 @@ operator:
   deploymentName: mongodb-kubernetes-operator
 
   # Version of mongodb-kubernetes-operator
-  version: 0.8.2
+  version: 0.8.3
 
   # Uncomment this line to watch all namespaces
   # watchNamespace: "*"
@@ -30,6 +29,9 @@ operator:
       cpu: 500m
       memory: 200Mi
 
+  # replicas deployed for the operator pod. Running 1 is optimal and suggested.
+  replicas: 1
+
   # Additional environment variables
   extraEnvs: []
   # environment:
@@ -59,10 +61,10 @@ agent:
   version: 12.0.25.7724-1
 versionUpgradeHook:
   name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
-  version: 1.0.7
+  version: 1.0.8
 readinessProbe:
   name: mongodb-kubernetes-readinessprobe
-  version: 1.0.15
+  version: 1.0.17
 mongodb:
   name: mongo
   repo: docker.io
@@ -90,6 +92,8 @@ resource:
     enabled: false
 
     # Installs Cert-Manager in this cluster.
+    useX509: false
+    sampleX509User: false
     useCertManager: true
     certificateKeySecretRef: tls-certificate
     caCertificateSecretRef: tls-ca-key-pair

charts/nats/nats/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>=1.16-0'
   catalog.cattle.io/release-name: nats
 apiVersion: v2
-appVersion: 2.10.2
+appVersion: 2.10.3
 description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
   Technology.
 home: http://github.com/nats-io/k8s
@@ -18,4 +18,4 @@ maintainers:
   name: The NATS Authors
   url: https://github.com/nats-io
 name: nats
-version: 1.1.1
+version: 1.1.2

charts/nats/nats/values.yaml

@@ -308,7 +308,7 @@ config:
 container:
   image:
     repository: nats
-    tag: 2.10.2-alpine
+    tag: 2.10.3-alpine
     pullPolicy:
     registry:
 

charts/new-relic/nri-bundle/Chart.lock

@@ -1,25 +1,25 @@
 dependencies:
 - name: newrelic-infrastructure
   repository: https://newrelic.github.io/nri-kubernetes
-  version: 3.23.1
+  version: 3.23.2
 - name: nri-prometheus
   repository: https://newrelic.github.io/nri-prometheus
   version: 2.1.17
 - name: newrelic-prometheus-agent
   repository: https://newrelic.github.io/newrelic-prometheus-configurator
-  version: 1.4.1
+  version: 1.5.0
 - name: nri-metadata-injection
   repository: https://newrelic.github.io/k8s-metadata-injection
-  version: 4.10.0
+  version: 4.10.1
 - name: newrelic-k8s-metrics-adapter
   repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
-  version: 1.4.1
+  version: 1.4.2
 - name: kube-state-metrics
   repository: https://prometheus-community.github.io/helm-charts
   version: 5.12.1
 - name: nri-kube-events
   repository: https://newrelic.github.io/nri-kube-events
-  version: 3.2.4
+  version: 3.2.5
 - name: newrelic-logging
   repository: https://newrelic.github.io/helm-charts
   version: 1.18.1
@@ -31,6 +31,6 @@ dependencies:
   version: 0.1.4
 - name: newrelic-infra-operator
   repository: https://newrelic.github.io/newrelic-infra-operator
-  version: 2.3.1
+  version: 2.3.2
-digest: sha256:66c038ae61c70febfb31eccb0fba998becf0179545240ea415a1e1ae9cf7f5a7
+digest: sha256:3fb27beb39cefda6d5c78efc74f02b7ab09cf4d1a45f201cb148f7c3b476fe07
-generated: "2023-10-14T02:53:55.575862896Z"
+generated: "2023-10-17T07:55:39.874488788Z"

charts/new-relic/nri-bundle/Chart.yaml

@@ -7,7 +7,7 @@ dependencies:
 - condition: infrastructure.enabled,newrelic-infrastructure.enabled
   name: newrelic-infrastructure
   repository: file://./charts/newrelic-infrastructure
-  version: 3.23.1
+  version: 3.23.2
 - condition: prometheus.enabled,nri-prometheus.enabled
   name: nri-prometheus
   repository: file://./charts/nri-prometheus
@@ -15,15 +15,15 @@ dependencies:
 - condition: newrelic-prometheus-agent.enabled
   name: newrelic-prometheus-agent
   repository: file://./charts/newrelic-prometheus-agent
-  version: 1.4.1
+  version: 1.5.0
 - condition: webhook.enabled,nri-metadata-injection.enabled
   name: nri-metadata-injection
   repository: file://./charts/nri-metadata-injection
-  version: 4.10.0
+  version: 4.10.1
 - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
   name: newrelic-k8s-metrics-adapter
   repository: file://./charts/newrelic-k8s-metrics-adapter
-  version: 1.4.1
+  version: 1.4.2
 - condition: ksm.enabled,kube-state-metrics.enabled
   name: kube-state-metrics
   repository: file://./charts/kube-state-metrics
@@ -31,7 +31,7 @@ dependencies:
 - condition: kubeEvents.enabled,nri-kube-events.enabled
   name: nri-kube-events
   repository: file://./charts/nri-kube-events
-  version: 3.2.4
+  version: 3.2.5
 - condition: logging.enabled,newrelic-logging.enabled
   name: newrelic-logging
   repository: file://./charts/newrelic-logging
@@ -48,7 +48,7 @@ dependencies:
 - condition: newrelic-infra-operator.enabled
   name: newrelic-infra-operator
   repository: file://./charts/newrelic-infra-operator
-  version: 2.3.1
+  version: 2.3.2
 description: Groups together the individual charts for the New Relic Kubernetes solution
   for a more comfortable deployment.
 home: https://github.com/newrelic/helm-charts
@@ -89,4 +89,4 @@ sources:
 - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
 - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
 - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
-version: 5.0.40
+version: 5.0.41

charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.11.1
+appVersion: 0.11.2
 dependencies:
 - name: common-library
   repository: https://helm-charts.newrelic.com
@@ -32,4 +32,4 @@ name: newrelic-infra-operator
 sources:
 - https://github.com/newrelic/newrelic-infra-operator
 - https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator
-version: 2.3.1
+version: 2.3.2

charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 3.18.1
+appVersion: 3.18.2
 dependencies:
 - name: common-library
   repository: https://helm-charts.newrelic.com
@@ -35,4 +35,4 @@ sources:
 - https://github.com/newrelic/nri-kubernetes/
 - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
 - https://github.com/newrelic/infrastructure-agent/
-version: 3.23.1
+version: 3.23.2

charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.6.2
+appVersion: 0.6.3
 dependencies:
 - name: common-library
   repository: https://helm-charts.newrelic.com
@@ -20,4 +20,4 @@ name: newrelic-k8s-metrics-adapter
 sources:
 - https://github.com/newrelic/newrelic-k8s-metrics-adapter
 - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter
-version: 1.4.1
+version: 1.4.2

charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml

@@ -1,5 +1,5 @@
 annotations:
-  configuratorVersion: 1.7.1
+  configuratorVersion: 1.8.0
 apiVersion: v2
 appVersion: v2.37.8
 dependencies:
@@ -31,4 +31,4 @@ maintainers:
   url: https://github.com/xqi-nr
 name: newrelic-prometheus-agent
 type: application
-version: 1.4.1
+version: 1.5.0

charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 2.2.9
+appVersion: 2.2.12
 dependencies:
 - name: common-library
   repository: https://helm-charts.newrelic.com
@@ -35,4 +35,4 @@ sources:
 - https://github.com/newrelic/nri-kube-events/
 - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events
 - https://github.com/newrelic/infrastructure-agent/
-version: 3.2.4
+version: 3.2.5

charts/new-relic/nri-bundle/charts/nri-kube-events/README.md

@@ -1,6 +1,6 @@
 # nri-kube-events
 
-![Version: 3.2.4](https://img.shields.io/badge/Version-3.2.4-informational?style=flat-square) ![AppVersion: 2.2.9](https://img.shields.io/badge/AppVersion-2.2.9-informational?style=flat-square)
+![Version: 3.2.5](https://img.shields.io/badge/Version-3.2.5-informational?style=flat-square) ![AppVersion: 2.2.12](https://img.shields.io/badge/AppVersion-2.2.12-informational?style=flat-square)
 
 A Helm chart to deploy the New Relic Kube Events router
 

charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.18.0
+appVersion: 1.18.3
 dependencies:
 - name: common-library
   repository: https://helm-charts.newrelic.com
@@ -22,4 +22,4 @@ name: nri-metadata-injection
 sources:
 - https://github.com/newrelic/k8s-metadata-injection
 - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
-version: 4.10.0
+version: 4.10.1

charts/new-relic/nri-bundle/charts/nri-metadata-injection/templates/admission-webhooks/mutatingWebhookConfiguration.yaml

@@ -25,6 +25,7 @@ webhooks:
     apiVersions: ["v1"]
     resources: ["pods"]
 {{- if .Values.injectOnlyLabeledNamespaces }}
+    scope: Namespaced
   namespaceSelector:
     matchLabels:
       newrelic-metadata-injection: enabled

charts/ngrok/kubernetes-ingress-controller/CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.12.0
+
+- Update to version 0.10.0 of the ingress controller, this includes:
+  - TLSEdge support - see the [TCP and TLS Edges Guide](https://github.com/ngrok/kubernetes-ingress-controller/blob/main/docs/user-guide/tcp-tls-edges.md) for more details.
+  - A fix for renegotiating TLS backends
+
 ## 0.11.0
 
 ** Important ** This version of the controller changes the ownership model for https edge and tunnel CRs. To ease out the transition to the new ownership, make sure to run `migrate-edges.sh` and `migrate-tunnels.sh` scripts before installing the new version.

charts/ngrok/kubernetes-ingress-controller/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 2.10.1
+  version: 2.13.2
-digest: sha256:54cb57fbf004b3cf03fe382619b87c9d17469340f3d24f506a2dbec185a9455a
+digest: sha256:2672c3a43386aa82424bca0a5b774ea94e167c7c90604cd66520afde23238e37
-generated: "2023-09-08T12:48:02.907551-04:00"
+generated: "2023-10-05T10:48:29.016056701-04:00"

charts/ngrok/kubernetes-ingress-controller/Chart.yaml

@@ -3,7 +3,7 @@ annotations:
   catalog.cattle.io/display-name: ngrok Ingress Controller
   catalog.cattle.io/release-name: kubernetes-ingress-controller
 apiVersion: v2
-appVersion: 0.9.0
+appVersion: 0.10.0
 dependencies:
 - name: common
   repository: file://./charts/common
@@ -22,4 +22,4 @@ keywords:
 name: kubernetes-ingress-controller
 sources:
 - https://github.com/ngrok/kubernetes-ingress-controller
-version: 0.11.0
+version: 0.12.0

charts/ngrok/kubernetes-ingress-controller/README.md

@@ -87,4 +87,5 @@ To uninstall the chart:
 | `log.level`                          | The level to log at. One of 'debug', 'info', or 'error'.                                                              | `info`                                |
 | `log.stacktraceLevel`                | The level to report stacktrace logs one of 'info' or 'error'.                                                         | `error`                               |
 | `log.format`                         | The log format to use. One of console, json.                                                                          | `json`                                |
+| `lifecycle`                          | an object containing lifecycle configuration                                                                          | `{}`                                  |
 

charts/ngrok/kubernetes-ingress-controller/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.10.1
+appVersion: 2.13.2
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.10.1
+version: 2.13.2

charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_capabilities.tpl

@@ -172,6 +172,50 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler.
 {{- end -}}
 {{- end -}}
 
+{{/*
+Returns true if PodSecurityPolicy is supported
+*/}}
+{{- define "common.capabilities.psp.supported" -}}
+{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
+  {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if AdmissionConfiguration is supported
+*/}}
+{{- define "common.capabilities.admisionConfiguration.supported" -}}
+{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
+  {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for AdmissionConfiguration.
+*/}}
+{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiserver.config.k8s.io/v1alpha1" -}}
+{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiserver.config.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiserver.config.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for PodSecurityConfiguration.
+*/}}
+{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}}
+{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "pod-security.admission.config.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "pod-security.admission.config.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Returns true if the used Helm version is 3.3+.
 A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}"  structure.

charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_images.tpl

@@ -38,13 +38,21 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima
 
   {{- if .global }}
     {{- range .global.imagePullSecrets -}}
-      {{- $pullSecrets = append $pullSecrets . -}}
+      {{- if kindIs "map" . -}}
+        {{- $pullSecrets = append $pullSecrets .name -}}
+      {{- else -}}
+        {{- $pullSecrets = append $pullSecrets . -}}
+      {{- end }}
     {{- end -}}
   {{- end -}}
 
   {{- range .images -}}
     {{- range .pullSecrets -}}
-      {{- $pullSecrets = append $pullSecrets . -}}
+      {{- if kindIs "map" . -}}
+        {{- $pullSecrets = append $pullSecrets .name -}}
+      {{- else -}}
+        {{- $pullSecrets = append $pullSecrets . -}}
+      {{- end -}}
     {{- end -}}
   {{- end -}}
 
@@ -66,13 +74,21 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa
 
   {{- if $context.Values.global }}
     {{- range $context.Values.global.imagePullSecrets -}}
-      {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+      {{- if kindIs "map" . -}}
+        {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}}
+      {{- else -}}
+        {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+      {{- end -}}
     {{- end -}}
   {{- end -}}
 
   {{- range .images -}}
     {{- range .pullSecrets -}}
-      {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+      {{- if kindIs "map" . -}}
+        {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}}
+      {{- else -}}
+        {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+      {{- end -}}
     {{- end -}}
   {{- end -}}
 
@@ -83,3 +99,19 @@ imagePullSecrets:
     {{- end }}
   {{- end }}
 {{- end -}}
+
+{{/*
+Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion)
+{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }}
+*/}}
+{{- define "common.images.version" -}}
+{{- $imageTag := .imageRoot.tag | toString -}}
+{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}}
+{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}}
+    {{- $version := semver $imageTag -}}
+    {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}}
+{{- else -}}
+    {{- print .chart.AppVersion -}}
+{{- end -}}
+{{- end -}}
+

charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_labels.tpl

@@ -11,12 +11,19 @@ Kubernetes standard labels
 */}}
 {{- define "common.labels.standard" -}}
 {{- if and (hasKey . "customLabels") (hasKey . "context") -}}
-{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }}
+{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}}
+{{- with .context.Chart.AppVersion -}}
+{{- $_ := set $default "app.kubernetes.io/version" . -}}
+{{- end -}}
+{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }}
 {{- else -}}
 app.kubernetes.io/name: {{ include "common.names.name" . }}
 helm.sh/chart: {{ include "common.names.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Chart.AppVersion }}
+app.kubernetes.io/version: {{ . | quote }}
+{{- end -}}
 {{- end -}}
 {{- end -}}
 

charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_utils.tpl

@@ -65,3 +65,13 @@ Usage:
 {{- end -}}
 {{- printf "%s" $key -}} 
 {{- end -}}
+
+{{/*
+Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376).
+Usage:
+{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }}
+*/}}
+{{- define "common.utils.checksumTemplate" -}}
+{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}}
+{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }}
+{{- end -}}

charts/ngrok/kubernetes-ingress-controller/templates/NOTES.txt

@@ -18,7 +18,7 @@ be automatically configured on the internet using ngrok.
 One example, taken from your cluster, is the Service:
    {{ $service.metadata.name | quote }}
 
-You can make this accessible via Ngrok with the following manifest:
+You can make this accessible via ngrok with the following manifest:
 --------------------------------------------------------------------------------
 apiVersion: networking.k8s.io/v1
 kind: Ingress

charts/ngrok/kubernetes-ingress-controller/templates/controller-deployment.yaml

@@ -107,6 +107,10 @@ spec:
         volumeMounts:
         {{ toYaml .Values.extraVolumeMounts | nindent 10 }}
         {{- end }}
+        {{- if .Values.lifecycle }}
+        lifecycle:
+        {{ toYaml .Values.lifecycle | nindent 10 }}
+        {{- end }}
         livenessProbe:
           httpGet:
             path: /healthz

charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tcpedges.yaml

@@ -78,7 +78,7 @@ spec:
                   in the ngrok API/Dashboard
                 type: string
               ipRestriction:
-                description: IPRestriction is an IPRestriction to apply to this route
+                description: IPRestriction is an IPRestriction to apply to this edge
                 properties:
                   policies:
                     items:

charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tlsedges.yaml

@@ -0,0 +1,148 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.2
+  creationTimestamp: null
+  name: tlsedges.ingress.k8s.ngrok.com
+spec:
+  group: ingress.k8s.ngrok.com
+  names:
+    kind: TLSEdge
+    listKind: TLSEdgeList
+    plural: tlsedges
+    singular: tlsedge
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Domain ID
+      jsonPath: .status.id
+      name: ID
+      type: string
+    - description: Hostports
+      jsonPath: .status.hostports
+      name: Hostports
+      type: string
+    - description: Tunnel Group Backend ID
+      jsonPath: .status.backend.id
+      name: Backend ID
+      type: string
+    - description: Age
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: TLSEdge is the Schema for the tlsedges API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSEdgeSpec defines the desired state of TLSEdge
+            properties:
+              backend:
+                description: Backend is the definition for the tunnel group backend
+                  that serves traffic for this edge
+                properties:
+                  description:
+                    default: Created by kubernetes-ingress-controller
+                    description: Description is a human-readable description of the
+                      object in the ngrok API/Dashboard
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: Labels to watch for tunnels on this backend
+                    type: object
+                  metadata:
+                    default: '{"owned-by":"kubernetes-ingress-controller"}'
+                    description: Metadata is a string of arbitrary data associated
+                      with the object in the ngrok API/Dashboard
+                    type: string
+                type: object
+              description:
+                default: Created by kubernetes-ingress-controller
+                description: Description is a human-readable description of the object
+                  in the ngrok API/Dashboard
+                type: string
+              hostports:
+                description: Hostports is a list of hostports served by this edge
+                items:
+                  type: string
+                type: array
+              ipRestriction:
+                description: IPRestriction is an IPRestriction to apply to this edge
+                properties:
+                  policies:
+                    items:
+                      type: string
+                    type: array
+                type: object
+              metadata:
+                default: '{"owned-by":"kubernetes-ingress-controller"}'
+                description: Metadata is a string of arbitrary data associated with
+                  the object in the ngrok API/Dashboard
+                type: string
+              mutualTls:
+                properties:
+                  certificateAuthorities:
+                    description: List of CA IDs that will be used to validate incoming
+                      connections to the edge.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              tlsTermination:
+                properties:
+                  minVersion:
+                    description: MinVersion is the minimum TLS version to allow for
+                      connections to the edge
+                    type: string
+                  terminateAt:
+                    description: TerminateAt determines where the TLS connection should
+                      be terminated. "edge" if the ngrok edge should terminate TLS
+                      traffic, "upstream" if TLS traffic should be passed through
+                      to the upstream ngrok agent / application server for termination.
+                    type: string
+                type: object
+            type: object
+          status:
+            description: TLSEdgeStatus defines the observed state of TLSEdge
+            properties:
+              backend:
+                description: Backend stores the status of the tunnel group backend,
+                  mainly the ID of the backend
+                properties:
+                  id:
+                    description: ID is the unique identifier for this backend
+                    type: string
+                type: object
+              hostports:
+                description: Hostports served by this edge
+                items:
+                  type: string
+                type: array
+              id:
+                description: ID is the unique identifier for this edge
+                type: string
+              uri:
+                description: URI is the URI of the edge
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

charts/ngrok/kubernetes-ingress-controller/templates/rbac/role.yaml

@@ -151,6 +151,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - ingress.k8s.ngrok.com
   resources:

charts/ngrok/kubernetes-ingress-controller/templates/rbac/tlsedge_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit tlsedges.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: tlsedge-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: ngrok-ingress-controller
+    app.kubernetes.io/part-of: ngrok-ingress-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: tlsedge-editor-role
+rules:
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges/status
+  verbs:
+  - get

charts/ngrok/kubernetes-ingress-controller/templates/rbac/tlsedge_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view tlsedges.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: tlsedge-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: ngrok-ingress-controller
+    app.kubernetes.io/part-of: ngrok-ingress-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: tlsedge-viewer-role
+rules:
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ingress.k8s.ngrok.com
+  resources:
+  - tlsedges/status
+  verbs:
+  - get

charts/ngrok/kubernetes-ingress-controller/values.yaml

@@ -189,3 +189,8 @@ log:
   format: json
   level: info
   stacktraceLevel: error
+
+## @param lifecycle an object containing lifecycle configuration
+## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+##
+lifecycle: {}

charts/redpanda/redpanda/Chart.lock

@@ -6,4 +6,4 @@ dependencies:
   repository: https://charts.redpanda.com
   version: 0.1.6
 digest: sha256:4770d2dc26e5ed437977d40d20f49a1e08176579eaf464d042c94db7e1be37cf
-generated: "2023-10-14T02:49:30.448635825Z"
+generated: "2023-10-17T13:28:27.77999498Z"

charts/redpanda/redpanda/Chart.yaml

@@ -37,4 +37,4 @@ name: redpanda
 sources:
 - https://github.com/redpanda-data/helm-charts
 type: application
-version: 5.6.17
+version: 5.6.19

charts/redpanda/redpanda/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml

@@ -30,3 +30,9 @@ connectors:
   enabled: true
   logging:
     level: debug
+
+# tests to ensure this large int isn't converted to scientific notation for the rpk commands
+# in post-upgrade job.
+config:
+  cluster:
+    retention_local_target_ms_default: 21600000

charts/redpanda/redpanda/templates/post-upgrade.yaml

@@ -71,6 +71,9 @@ spec:
             set -e
             rpk cluster config import -f /etc/redpanda/bootstrap.yaml
 {{- range $key, $value := .Values.config.cluster }}
+  {{- if and (typeIs "float64" $value) (eq (floor $value) $value) }}
+    {{- $value = int64 $value }}
+  {{- end }}
   {{- if or (typeIs "bool" $value ) $value }}
             rpk cluster config set {{ $key }} {{ $value }}
   {{- end }}

charts/redpanda/redpanda/templates/tests/test-connector-via-console.yaml

@@ -19,6 +19,7 @@ limitations under the License.
 {{- $root := deepCopy . }}
 {{- $values := .Values }}
 {{ $consoleValues := dict "Values" (deepCopy .Values.console) "Release" .Release "Chart" .Subcharts.console.Chart }}
+{{ $connectorsVars := dict "Values" (deepCopy .Values.connectors) "Release" .Release "Chart" .Subcharts.connectors.Chart }}
 {{/* brokers */}}
 {{- $kafkaBrokers := list }}
 {{- range (include "seed-server-list" . | mustFromJson) }}
@@ -52,11 +53,24 @@ spec:
         - name: TLS_ENABLED
           value: {{ (include "kafka-internal-tls-enabled" . | fromJson).bool | quote }}
       command:
-        - /usr/bin/timeout
+        - /bin/bash
-        - "120"
-        - bash
         - -c
         - |
+          set -xe
+          
+          trap connectorsState ERR
+
+          connectorsState () {
+            echo check connectors expand status
+            curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors?expand=status
+            echo check connectors expand info
+            curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors?expand=info
+            echo check connector configuration
+            curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors/$CONNECTOR_NAME
+            echo check connector topics
+            curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors/$CONNECTOR_NAME/topics
+          }
+          
           {{- if .Values.auth.sasl.enabled }}
           set -e
           set +x
@@ -75,6 +89,8 @@ spec:
 
           JAAS_CONFIG_SOURCE="\"source.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${RPK_USER}\\\\"\" password=\\\\"\"${RPK_PASS}\\\\"\";\","
           JAAS_CONFIG_TARGET="\"target.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${RPK_USER}\\\\"\" password=\\\\"\"${RPK_PASS}\\\\"\";\","
+          set -x
+          set +e
           {{- end }}
 
           {{- $testTopic := printf "test-topic-%s" (randNumeric 3) }}
@@ -82,9 +98,6 @@ spec:
           rpk topic list
           echo "Test message!" | rpk topic produce {{ $testTopic }}
 
-          set -x
-          set +e
-
           SECURITY_PROTOCOL=PLAINTEXT
           if [[ -n "$RPK_SASL_MECHANISM" && $TLS_ENABLED == "true" ]]; then
             SECURITY_PROTOCOL="SASL_SSL"
@@ -138,24 +151,12 @@ spec:
           URL=http://{{ include "console.fullname" $consoleValues }}:{{ include "console.containerPort" $consoleValues }}/api/kafka-connect/clusters/connectors/connectors
           {{/* outputting to /dev/null because the output contains the user password */}}
           echo "Creating mm2 connector"
-          if curl {{ template "curl-options" . }} -H 'Content-Type: application/json' "${URL}" -d @/tmp/mm2-conf.json
+          curl {{ template "curl-options" . }} -H 'Content-Type: application/json' "${URL}" -d @/tmp/mm2-conf.json
-          then
-            echo "Result successful"
-          else
-            echo "mm2 connector can not be created!!!"
-            exit 1
-          fi
 
           rpk topic consume source.{{ $testTopic }} -n 1
 
           echo "Destroying mm2 connector"
-          if curl {{ template "curl-options" . }} -X DELETE "${URL}/${CONNECTOR_NAME}"
+          curl {{ template "curl-options" . }} -X DELETE "${URL}/${CONNECTOR_NAME}"
-          then
-            echo "Result successful"
-          else
-            echo "mm2 connector can not be destroyed!!!"
-            exit 1
-          fi
 
           rpk topic list
           rpk topic delete {{ $testTopic }} source.{{ $testTopic }} mm2-offset-syncs.test-only-redpanda.internal

charts/speedscale/speedscale-operator/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.17.0-0'
   catalog.cattle.io/release-name: speedscale-operator
 apiVersion: v1
-appVersion: 1.3.494
+appVersion: 1.3.518
 description: Stress test your APIs with real world scenarios.  Collect and replay
   traffic without scripting.
 home: https://speedscale.com
@@ -24,4 +24,4 @@ maintainers:
 - email: support@speedscale.com
   name: Speedscale Support
 name: speedscale-operator
-version: 1.3.39
+version: 1.3.40

charts/speedscale/speedscale-operator/README.md

@@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 incompatible breaking change needing manual actions.
 
-### Upgrade to 1.3.39
+### Upgrade to 1.3.40
 
 ```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.39/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.40/templates/crds/trafficreplays.yaml
 ```
 
 ### Upgrade to 1.1.0

charts/speedscale/speedscale-operator/app-readme.md

@@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 incompatible breaking change needing manual actions.
 
-### Upgrade to 1.3.39
+### Upgrade to 1.3.40
 
 ```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.39/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.40/templates/crds/trafficreplays.yaml
 ```
 
 ### Upgrade to 1.1.0

charts/speedscale/speedscale-operator/values.yaml

@@ -20,7 +20,7 @@ clusterName: "my-cluster"
 # Speedscale components image settings.
 image:
   registry: gcr.io/speedscale
-  tag: v1.3.494
+  tag: v1.3.518
   pullPolicy: Always
 
 # Log level for Speedscale components.

charts/sysdig/sysdig/CHANGELOG.md

@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.16.17
+### New Features
+* [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
+# v1.16.16
+### Chores
+* **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
 # v1.16.15
 ### New Features
 * [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))

charts/sysdig/sysdig/Chart.yaml

@@ -3,7 +3,7 @@ annotations:
   catalog.cattle.io/display-name: Sysdig
   catalog.cattle.io/release-name: sysdig
 apiVersion: v1
-appVersion: 12.16.3
+appVersion: 12.17.0
 deprecated: true
 description: Sysdig Monitor and Secure agent
 home: https://www.sysdig.com/
@@ -19,4 +19,4 @@ name: sysdig
 sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
-version: 1.16.15
+version: 1.16.17

charts/sysdig/sysdig/README.md

@@ -222,7 +222,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `nodeAnalyzer.pullSecrets`                                   | The image pull secrets for the Node Analyzer containers.     | `nil`                                                        |
 | `nodeAnalyzer.imageAnalyzer.deploy`                          | Deploys the Image Analyzer.                                  | `true    `                                                   |
 | `nodeAnalyzer.imageAnalyzer.image.repository`                | The image repository to pull the Node Image Analyzer from.   | `sysdig/node-image-analyzer`                                 |
-| `nodeAnalyzer.imageAnalyzer.image.tag`                       | The image tag to pull the Node Image Analyzer.               | `0.1.28`                                                     |
+| `nodeAnalyzer.imageAnalyzer.image.tag`                       | The image tag to pull the Node Image Analyzer.               | `0.1.29`                                                     |
 | `nodeAnalyzer.imageAnalyzer.image.digest`                    | The image digest to pull.                                    | ` `                                                          |
 | `nodeAnalyzer.imageAnalyzer.image.pullPolicy`                | The Image pull policy for the Node Image Analyzer.           | `IfNotPresent`                                               |
 | `nodeAnalyzer.imageAnalyzer.dockerSocketPath`                | The Docker socket path.                                      |                                                              |
@@ -237,7 +237,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `nodeAnalyzer.imageAnalyzer.env`                             | The extra environment variables that will be passed onto pods. | `{}`                                                         |
 | `nodeAnalyzer.hostAnalyzer.deploy`                           | Deploys the Host Analyzer.                                   | `true    `                                                   |
 | `nodeAnalyzer.hostAnalyzer.image.repository`                 | The image repository to pull the Host Analyzer from.         | `sysdig/host-analyzer`                                       |
-| `nodeAnalyzer.hostAnalyzer.image.tag`                        | The image tag to pull the Host Analyzer.                     | `0.1.16`                                                     |
+| `nodeAnalyzer.hostAnalyzer.image.tag`                        | The image tag to pull the Host Analyzer.                     | `0.1.17`                                                     |
 | `nodeAnalyzer.hostAnalyzer.image.digest`                     | The image digest to pull.                                    | ` `                                                          |
 | `nodeAnalyzer.hostAnalyzer.image.pullPolicy`                 | The Image pull policy for the Host Analyzer.                 | `IfNotPresent`                                               |
 | `nodeAnalyzer.hostAnalyzer.schedule`                         | The scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault`                                              |
@@ -323,7 +323,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `nodeImageAnalyzer.settings.httpsProxy`           | The secure proxy configuration variables.                    |                               |
 | `nodeImageAnalyzer.settings.noProxy`              | The no proxy configuration variables.                        |                               |
 | `nodeImageAnalyzer.image.repository`              | The image repository to pull the Node Image Analyzer from.   | `sysdig/node-image-analyzer`  |
-| `nodeImageAnalyzer.image.tag`                     | The image tag to pull the Node Image Analyzer.               | `0.1.28`                      |
+| `nodeImageAnalyzer.image.tag`                     | The image tag to pull the Node Image Analyzer.               | `0.1.29`                      |
 | `nodeImageAnalyzer.imagedigest`                   | The image digest to pull.                                    | ` `                           |
 | `nodeImageAnalyzer.image.pullPolicy`              | The Image pull policy for the Node Image Analyzer.           | `IfNotPresent`                |
 | `nodeImageAnalyzer.image.pullSecrets`             | Image pull secrets for the Node Image Analyzer.              | `nil`                         |

charts/sysdig/sysdig/RELEASE-NOTES.md

@@ -1,5 +1,5 @@
 # What's Changed
 
 ### New Features
-- [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
+- [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.1...sysdig-1.16.15
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.6...sysdig-1.16.17

charts/sysdig/sysdig/values.yaml

@@ -7,7 +7,7 @@ image:
   overrideValue: null
   registry: quay.io
   repository: sysdig/agent
-  tag: 12.16.3
+  tag: 12.17.0
   # Specify a imagePullPolicy
   # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -193,7 +193,7 @@ nodeImageAnalyzer:
   deploy: false
   image:
     repository: sysdig/node-image-analyzer
-    tag: 0.1.28
+    tag: 0.1.29
     digest: null
     pullPolicy: IfNotPresent
     # pullSecrets:
@@ -351,7 +351,7 @@ nodeAnalyzer:
     deploy: true
     image:
       repository: sysdig/node-image-analyzer
-      tag: 0.1.28
+      tag: 0.1.29
       digest: null
       pullPolicy: IfNotPresent
     # The Docker socket path.
@@ -393,7 +393,7 @@ nodeAnalyzer:
     deploy: true
     image:
       repository: sysdig/host-analyzer
-      tag: 0.1.16
+      tag: 0.1.17
       digest: null
       pullPolicy: IfNotPresent
     # The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”.