Charts CI
``` Updated: bitnami/airflow: - 16.0.6 bitnami/kafka: - 26.0.0 bitnami/tomcat: - 10.10.10 bitnami/wordpress: - 18.0.7 clastix/kamaji: - 0.12.8 datadog/datadog: - 3.40.2 fairwinds/polaris: - 5.16.0 mongodb/community-operator: - 0.8.3 nats/nats: - 1.1.2 new-relic/nri-bundle: - 5.0.41 ngrok/kubernetes-ingress-controller: - 0.12.0 redpanda/redpanda: - 5.6.19 speedscale/speedscale-operator: - 1.3.40 sysdig/sysdig: - 1.16.17 ```pull/911/head
parent
92debb3a60
commit
6b019bf558
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -50,4 +50,4 @@ maintainers:
|
|||
name: airflow
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
|
||||
version: 16.0.5
|
||||
version: 16.0.6
|
||||
|
|
|
@ -238,7 +238,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
|
||||
| `worker.image.registry` | Airflow Worker image registry | `docker.io` |
|
||||
| `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` |
|
||||
| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` |
|
||||
| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.7.2-debian-11-r1` |
|
||||
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
|
||||
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
|
||||
|
|
|
@ -650,7 +650,7 @@ worker:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/airflow-worker
|
||||
tag: 2.7.2-debian-11-r0
|
||||
tag: 2.7.2-debian-11-r1
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
dependencies:
|
||||
- name: zookeeper
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.1.4
|
||||
version: 12.1.6
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.13.2
|
||||
digest: sha256:07d7596708cc5b839395c9034fbd54f04e1f5d7baa6e0a9c50f2076b81762d87
|
||||
generated: "2023-10-12T11:26:10.244681296Z"
|
||||
digest: sha256:92a8d2251d74b2692c483948b21d980dbef3eb43af70348da40a12503e233d11
|
||||
generated: "2023-10-16T17:41:20.404606855Z"
|
||||
|
|
|
@ -10,14 +10,14 @@ annotations:
|
|||
- name: kafka-exporter
|
||||
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r132
|
||||
- name: kafka
|
||||
image: docker.io/bitnami/kafka:3.5.1-debian-11-r72
|
||||
image: docker.io/bitnami/kafka:3.6.0-debian-11-r0
|
||||
- name: kubectl
|
||||
image: docker.io/bitnami/kubectl:1.28.2-debian-11-r16
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 3.5.1
|
||||
appVersion: 3.6.0
|
||||
dependencies:
|
||||
- condition: zookeeper.enabled
|
||||
name: zookeeper
|
||||
|
@ -45,4 +45,4 @@ maintainers:
|
|||
name: kafka
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
|
||||
version: 25.3.5
|
||||
version: 26.0.0
|
||||
|
|
|
@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | Kafka image registry | `docker.io` |
|
||||
| `image.repository` | Kafka image repository | `bitnami/kafka` |
|
||||
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r72` |
|
||||
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.6.0-debian-11-r0` |
|
||||
| `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
|
@ -2,9 +2,9 @@ annotations:
|
|||
category: Infrastructure
|
||||
images: |
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r89
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
||||
- name: zookeeper
|
||||
image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r0
|
||||
image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r1
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 3.9.1
|
||||
|
@ -26,4 +26,4 @@ maintainers:
|
|||
name: zookeeper
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
|
||||
version: 12.1.4
|
||||
version: 12.1.6
|
||||
|
|
|
@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `docker.io` |
|
||||
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r0` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r1` |
|
||||
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r89` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
|
|
|
@ -79,7 +79,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/zookeeper
|
||||
tag: 3.9.1-debian-11-r0
|
||||
tag: 3.9.1-debian-11-r1
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -663,7 +663,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 11-debian-11-r89
|
||||
tag: 11-debian-11-r90
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -80,7 +80,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/kafka
|
||||
tag: 3.5.1-debian-11-r72
|
||||
tag: 3.6.0-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -10,10 +10,10 @@ annotations:
|
|||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
||||
- name: tomcat
|
||||
image: docker.io/bitnami/tomcat:10.1.14-debian-11-r0
|
||||
image: docker.io/bitnami/tomcat:10.1.15-debian-11-r0
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 10.1.14
|
||||
appVersion: 10.1.15
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
@ -38,4 +38,4 @@ maintainers:
|
|||
name: tomcat
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/tomcat
|
||||
version: 10.10.9
|
||||
version: 10.10.10
|
||||
|
|
|
@ -81,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
|
||||
| `image.registry` | Tomcat image registry | `docker.io` |
|
||||
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.14-debian-11-r0` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.15-debian-11-r0` |
|
||||
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
|
@ -61,7 +61,7 @@ extraDeploy: []
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/tomcat
|
||||
tag: 10.1.14-debian-11-r0
|
||||
tag: 10.1.15-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -47,4 +47,4 @@ maintainers:
|
|||
name: wordpress
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
|
||||
version: 18.0.6
|
||||
version: 18.0.7
|
||||
|
|
|
@ -345,7 +345,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
### Database Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------ | --------------------------------------------------------------------------------- | ------------------- |
|
||||
| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------- |
|
||||
| `mariadb.enabled` | Deploy a MariaDB server to satisfy the applications database requirements | `true` |
|
||||
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
|
||||
| `mariadb.auth.rootPassword` | MariaDB root password | `""` |
|
||||
|
@ -366,6 +366,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `memcached.auth.enabled` | Enable Memcached authentication | `false` |
|
||||
| `memcached.auth.username` | Memcached admin user | `""` |
|
||||
| `memcached.auth.password` | Memcached admin password | `""` |
|
||||
| `memcached.auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` |
|
||||
| `memcached.service.port` | Memcached service port | `11211` |
|
||||
| `externalCache.host` | External cache server host | `localhost` |
|
||||
| `externalCache.port` | External cache server port | `11211` |
|
||||
|
|
|
@ -1174,6 +1174,9 @@ memcached:
|
|||
## @param memcached.auth.password Memcached admin password
|
||||
##
|
||||
password: ""
|
||||
## @param memcached.auth.existingPasswordSecret Existing secret with Memcached credentials (must contain a value for `memcached-password` key)
|
||||
##
|
||||
existingPasswordSecret: ""
|
||||
## Service parameters
|
||||
##
|
||||
service:
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.21.0-0'
|
||||
catalog.cattle.io/release-name: kamaji
|
||||
apiVersion: v2
|
||||
appVersion: v0.3.4
|
||||
appVersion: v0.3.5
|
||||
description: Kamaji is a Kubernetes Control Plane Manager.
|
||||
home: https://github.com/clastix/kamaji
|
||||
icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png
|
||||
|
@ -20,4 +20,4 @@ name: kamaji
|
|||
sources:
|
||||
- https://github.com/clastix/kamaji
|
||||
type: application
|
||||
version: 0.12.5
|
||||
version: 0.12.8
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kamaji
|
||||
|
||||
![Version: 0.12.5](https://img.shields.io/badge/Version-0.12.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.4](https://img.shields.io/badge/AppVersion-v0.3.4-informational?style=flat-square)
|
||||
![Version: 0.12.8](https://img.shields.io/badge/Version-0.12.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.5](https://img.shields.io/badge/AppVersion-v0.3.5-informational?style=flat-square)
|
||||
|
||||
Kamaji is a Kubernetes Control Plane Manager.
|
||||
|
||||
|
@ -100,7 +100,7 @@ Here the values you can override:
|
|||
| etcd.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
|
||||
| etcd.persistence.customAnnotations | object | `{}` | The custom annotations to add to the PVC |
|
||||
| etcd.persistence.size | string | `"10Gi"` | |
|
||||
| etcd.persistence.storageClass | string | `""` | |
|
||||
| etcd.persistence.storageClassName | string | `""` | |
|
||||
| etcd.port | int | `2379` | The client request port. |
|
||||
| etcd.serviceAccount.create | bool | `true` | Create a ServiceAccount, required to install and provision the etcd backing storage (default: true) |
|
||||
| etcd.serviceAccount.name | string | `""` | Define the ServiceAccount name to use during the setup and provision of the etcd backing storage (default: "") |
|
||||
|
|
|
@ -30,11 +30,15 @@ spec:
|
|||
- bash
|
||||
- -c
|
||||
- |-
|
||||
etcdctl member list -w table &&
|
||||
etcdctl member list -w table
|
||||
if etcdctl user get root &>/dev/null; then
|
||||
echo "User already exists, nothing to do"
|
||||
else
|
||||
etcdctl user add --no-password=true root &&
|
||||
etcdctl role add root &&
|
||||
etcdctl user grant-role root root &&
|
||||
etcdctl auth enable
|
||||
fi
|
||||
env:
|
||||
- name: ETCDCTL_ENDPOINTS
|
||||
value: https://etcd-0.{{ include "etcd.serviceName" . }}.{{ .Release.Namespace }}.svc.cluster.local:2379
|
||||
|
|
|
@ -37,13 +37,21 @@ spec:
|
|||
containers:
|
||||
- name: kubectl
|
||||
image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |-
|
||||
kubectl --namespace={{ .Release.Namespace }} delete secret --ignore-not-found=true {{ include "etcd.caSecretName" . }} {{ include "etcd.clientSecretName" . }} &&
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem &&
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
if kubectl get secret {{ include "etcd.caSecretName" . }} --namespace={{ .Release.Namespace }} &>/dev/null; then
|
||||
echo "Secret {{ include "etcd.caSecretName" . }} already exists"
|
||||
else
|
||||
echo "Creating secret {{ include "etcd.caSecretName" . }}"
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem
|
||||
fi
|
||||
if kubectl get secret {{ include "etcd.clientSecretName" . }} --namespace={{ .Release.Namespace }} &>/dev/null; then
|
||||
echo "Secret {{ include "etcd.clientSecretName" . }} already exists"
|
||||
else
|
||||
echo "Creating secret {{ include "etcd.clientSecretName" . }}"
|
||||
kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem
|
||||
fi
|
||||
volumeMounts:
|
||||
- mountPath: /certs
|
||||
name: certs
|
||||
|
|
|
@ -15,6 +15,7 @@ rules:
|
|||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- delete
|
||||
resourceNames:
|
||||
- {{ include "etcd.caSecretName" . }}
|
||||
|
|
|
@ -54,7 +54,7 @@ etcd:
|
|||
name: ""
|
||||
persistence:
|
||||
size: 10Gi
|
||||
storageClass: ""
|
||||
storageClassName: ""
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
# -- The custom annotations to add to the PVC
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
# Datadog changelog
|
||||
|
||||
## 3.40.2
|
||||
|
||||
* Gate `PodSecurityPolicy` RBAC for k8s versions which no longer support this deprecated API.
|
||||
|
||||
## 3.40.1
|
||||
|
||||
* Add support for initContainer volume mounts
|
||||
|
||||
## 3.40.0
|
||||
|
||||
* Default `Agent` and `Cluster-Agent` to `7.48.0` version.
|
||||
|
|
|
@ -19,4 +19,4 @@ name: datadog
|
|||
sources:
|
||||
- https://app.datadoghq.com/account/settings#agent/kubernetes
|
||||
- https://github.com/DataDog/datadog-agent
|
||||
version: 3.40.0
|
||||
version: 3.40.2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Datadog
|
||||
|
||||
![Version: 3.40.0](https://img.shields.io/badge/Version-3.40.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
|
||||
![Version: 3.40.2](https://img.shields.io/badge/Version-3.40.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
|
||||
|
||||
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
|
||||
|
||||
|
@ -411,6 +411,7 @@ helm install <RELEASE_NAME> \
|
|||
| agents.containers.agent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the agent container. |
|
||||
| agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers |
|
||||
| agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. |
|
||||
| agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers |
|
||||
| agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container |
|
||||
| agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict |
|
||||
| agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets |
|
||||
|
|
|
@ -53,6 +53,9 @@
|
|||
subPath: system-probe.yaml
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.agents.containers.initContainers.volumeMounts }}
|
||||
{{ toYaml .Values.agents.containers.initContainers.volumeMounts | nindent 4 }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- include "containers-common-env" . | nindent 4 }}
|
||||
{{- if and (eq (include "cluster-agent-enabled" .) "false") .Values.datadog.leaderElection }}
|
||||
|
|
|
@ -45,6 +45,9 @@
|
|||
readOnly: true
|
||||
{{- end }}
|
||||
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
|
||||
{{- if .Values.agents.containers.initContainers.volumeMounts }}
|
||||
{{ toYaml .Values.agents.containers.initContainers.volumeMounts | nindent 4 }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- include "containers-common-env" . | nindent 4 }}
|
||||
resources:
|
||||
|
|
|
@ -249,7 +249,7 @@ rules:
|
|||
- namespaces
|
||||
verbs:
|
||||
- list
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
||||
- apiGroups:
|
||||
- "policy"
|
||||
resources:
|
||||
|
@ -274,7 +274,7 @@ rules:
|
|||
- list
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
|
|
|
@ -98,7 +98,7 @@ rules:
|
|||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
|
||||
{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
|
|
|
@ -1576,6 +1576,8 @@ agents:
|
|||
# memory: 200Mi
|
||||
# agents.containers.initContainers.securityContext -- Allows you to overwrite the default container SecurityContext for the init containers.
|
||||
securityContext: {}
|
||||
# agents.containers.initContainers.volumeMounts -- Specify additional volumes to mount for the init containers
|
||||
volumeMounts: []
|
||||
|
||||
# agents.volumes -- Specify additional volumes to mount in the dd-agent container
|
||||
volumes: []
|
||||
|
|
|
@ -5,6 +5,9 @@ All notable changes to this Helm chart will be documented in this file.
|
|||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
||||
and this chart adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 5.16.0
|
||||
* Added default PDBs for both the webhook and the dashboard
|
||||
|
||||
## 5.15.0
|
||||
|
||||
* Support `string` type of `config` value
|
||||
|
|
|
@ -12,4 +12,4 @@ maintainers:
|
|||
- email: robertb@fairwinds.com
|
||||
name: rbren
|
||||
name: polaris
|
||||
version: 5.15.0
|
||||
version: 5.16.0
|
||||
|
|
|
@ -75,6 +75,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
|
|||
| dashboard.disallowConfigExemptions | bool | `false` | Disallow exemptions that are configured in the config file |
|
||||
| dashboard.disallowAnnotationExemptions | bool | `false` | Disallow exemptions that are configured via annotations |
|
||||
| dashboard.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | securityContext to apply to the dashboard container |
|
||||
| dashboard.pdb.enable | bool | `true` | If true, enables a PDB for the dashboard |
|
||||
| webhook.enable | bool | `false` | Whether to run the webhook |
|
||||
| webhook.validate | bool | `true` | Enables the Validating Webhook, to reject resources with issues |
|
||||
| webhook.mutate | bool | `false` | Enables the Mutating Webhook, to modify resources with issues |
|
||||
|
@ -103,6 +104,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
|
|||
| webhook.disallowAnnotationExemptions | bool | `false` | Disallow exemptions that are configured via annotations |
|
||||
| webhook.mutatingConfigurationAnnotations | object | `{}` | |
|
||||
| webhook.validatingConfigurationAnnotations | object | `{}` | |
|
||||
| webhook.pdb.enable | bool | `true` | If true, enables a PDB for the webhook |
|
||||
| audit.enable | bool | `false` | Runs a one-time audit. This is used internally at Fairwinds, and may not be useful for others. |
|
||||
| audit.cleanup | bool | `false` | Whether to delete the namespace once the audit is finished. |
|
||||
| audit.outputURL | string | `""` | A URL which will receive a POST request with audit results. |
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
{{- if .Values.dashboard.pdb }}
|
||||
{{- if and .Values.dashboard.enable .Values.dashboard.pdb.enable -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "polaris.fullname" . }}-dashboard
|
||||
{{- if .Values.templateOnly }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "polaris.labels" . | nindent 4 }}
|
||||
component: dashboard
|
||||
spec:
|
||||
maxUnavailable: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "polaris.selectors" . | nindent 6 }}
|
||||
component: dashboard
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- if .Values.webhook.pdb }}
|
||||
{{- if and .Values.webhook.enable .Values.webhook.pdb.enable -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "polaris.fullname" . }}-webhook
|
||||
{{- if .Values.templateOnly }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "polaris.labels" . | nindent 4 }}
|
||||
component: webhook
|
||||
spec:
|
||||
maxUnavailable: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "polaris.selectors" . | nindent 6 }}
|
||||
component: webhook
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -129,6 +129,9 @@ dashboard:
|
|||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
pdb:
|
||||
# -- If true, enables a PDB for the dashboard
|
||||
enable: true
|
||||
|
||||
webhook:
|
||||
# webhook.enable -- Whether to run the webhook
|
||||
|
@ -244,6 +247,9 @@ webhook:
|
|||
disallowAnnotationExemptions: false
|
||||
mutatingConfigurationAnnotations: {}
|
||||
validatingConfigurationAnnotations: {}
|
||||
pdb:
|
||||
# -- If true, enables a PDB for the webhook
|
||||
enable: true
|
||||
|
||||
audit:
|
||||
# audit.enable -- Runs a one-time audit. This is used internally at Fairwinds, and may not be useful for others.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: community-operator-crds
|
||||
repository: https://mongodb.github.io/helm-charts
|
||||
version: 0.8.2
|
||||
digest: sha256:ddb4acc5ed25e7bd4751ae01be4326c7fdb37b6a3136cc21724af2fe0a5539b7
|
||||
generated: "2023-08-14T14:30:36.87801532Z"
|
||||
version: 0.8.3
|
||||
digest: sha256:d2b27b3bb494d226e7af474e0441caab70859066e41186c0348d3d9b42006773
|
||||
generated: "2023-10-17T14:45:13.566377748Z"
|
||||
|
|
|
@ -4,12 +4,12 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.16-0'
|
||||
catalog.cattle.io/release-name: community-operator
|
||||
apiVersion: v2
|
||||
appVersion: 0.8.2
|
||||
appVersion: 0.8.3
|
||||
dependencies:
|
||||
- condition: community-operator-crds.enabled
|
||||
name: community-operator-crds
|
||||
repository: file://./charts/community-operator-crds
|
||||
version: 0.8.2
|
||||
version: 0.8.3
|
||||
description: MongoDB Kubernetes Community Operator
|
||||
home: https://github.com/mongodb/mongodb-kubernetes-operator
|
||||
icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
|
||||
|
@ -23,4 +23,4 @@ maintainers:
|
|||
name: MongoDB
|
||||
name: community-operator
|
||||
type: application
|
||||
version: 0.8.2
|
||||
version: 0.8.3
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 0.8.2
|
||||
appVersion: 0.8.3
|
||||
description: MongoDB Kubernetes Community Operator - CRDs
|
||||
home: https://github.com/mongodb/mongodb-kubernetes-operator
|
||||
icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
|
||||
|
@ -13,4 +13,4 @@ maintainers:
|
|||
name: MongoDB
|
||||
name: community-operator-crds
|
||||
type: application
|
||||
version: 0.8.2
|
||||
version: 0.8.3
|
||||
|
|
|
@ -69,10 +69,58 @@ spec:
|
|||
description: AgentConfiguration sets options for the MongoDB automation
|
||||
agent
|
||||
properties:
|
||||
logFile:
|
||||
type: string
|
||||
logLevel:
|
||||
type: string
|
||||
logRotate:
|
||||
description: LogRotate if enabled, will enable LogRotate for all
|
||||
processes.
|
||||
properties:
|
||||
includeAuditLogsWithMongoDBLogs:
|
||||
description: set to 'true' to have the Automation Agent rotate
|
||||
the audit files along with mongodb log files
|
||||
type: boolean
|
||||
numTotal:
|
||||
description: maximum number of log files to have total
|
||||
type: integer
|
||||
numUncompressed:
|
||||
description: maximum number of log files to leave uncompressed
|
||||
type: integer
|
||||
percentOfDiskspace:
|
||||
description: Maximum percentage of the total disk space these
|
||||
log files should take up. The string needs to be able to
|
||||
be converted to float64
|
||||
type: string
|
||||
sizeThresholdMB:
|
||||
description: Maximum size for an individual log file before
|
||||
rotation. The string needs to be able to be converted to
|
||||
float64. Fractional values of MB are supported.
|
||||
type: string
|
||||
timeThresholdHrs:
|
||||
description: maximum hours for an individual log file before
|
||||
rotation
|
||||
type: integer
|
||||
required:
|
||||
- sizeThresholdMB
|
||||
- timeThresholdHrs
|
||||
type: object
|
||||
maxLogFileDurationHours:
|
||||
type: integer
|
||||
systemLog:
|
||||
description: SystemLog configures system log of mongod
|
||||
properties:
|
||||
destination:
|
||||
type: string
|
||||
logAppend:
|
||||
type: boolean
|
||||
path:
|
||||
type: string
|
||||
required:
|
||||
- destination
|
||||
- logAppend
|
||||
- path
|
||||
type: object
|
||||
type: object
|
||||
arbiters:
|
||||
description: 'Arbiters is the number of arbiters to add to the Replica
|
||||
|
@ -91,6 +139,40 @@ spec:
|
|||
properties:
|
||||
disabled:
|
||||
type: boolean
|
||||
logRotate:
|
||||
description: CrdLogRotate is the crd definition of LogRotate
|
||||
including fields in strings while the agent supports them
|
||||
as float64
|
||||
properties:
|
||||
includeAuditLogsWithMongoDBLogs:
|
||||
description: set to 'true' to have the Automation Agent
|
||||
rotate the audit files along with mongodb log files
|
||||
type: boolean
|
||||
numTotal:
|
||||
description: maximum number of log files to have total
|
||||
type: integer
|
||||
numUncompressed:
|
||||
description: maximum number of log files to leave uncompressed
|
||||
type: integer
|
||||
percentOfDiskspace:
|
||||
description: Maximum percentage of the total disk space
|
||||
these log files should take up. The string needs to
|
||||
be able to be converted to float64
|
||||
type: string
|
||||
sizeThresholdMB:
|
||||
description: Maximum size for an individual log file
|
||||
before rotation. The string needs to be able to be
|
||||
converted to float64. Fractional values of MB are
|
||||
supported.
|
||||
type: string
|
||||
timeThresholdHrs:
|
||||
description: maximum hours for an individual log file
|
||||
before rotation
|
||||
type: integer
|
||||
required:
|
||||
- sizeThresholdMB
|
||||
- timeThresholdHrs
|
||||
type: object
|
||||
name:
|
||||
type: string
|
||||
required:
|
||||
|
@ -173,6 +255,29 @@ spec:
|
|||
properties:
|
||||
authentication:
|
||||
properties:
|
||||
agentCertificateSecretRef:
|
||||
description: 'AgentCertificateSecret is a reference to a Secret
|
||||
containing the certificate and the key for the automation
|
||||
agent The secret needs to have available: - certificate
|
||||
under key: "tls.crt" - private key under key: "tls.key"
|
||||
If additionally, tls.pem is present, then it needs to be
|
||||
equal to the concatenation of tls.crt and tls.key'
|
||||
properties:
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
agentMode:
|
||||
description: AgentMode contains the authentication mode used
|
||||
by the automation agent.
|
||||
enum:
|
||||
- SCRAM
|
||||
- SCRAM-SHA-256
|
||||
- SCRAM-SHA-1
|
||||
- X509
|
||||
type: string
|
||||
ignoreUnknownUsers:
|
||||
default: true
|
||||
nullable: true
|
||||
|
@ -185,6 +290,7 @@ spec:
|
|||
- SCRAM
|
||||
- SCRAM-SHA-256
|
||||
- SCRAM-SHA-1
|
||||
- X509
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
|
@ -428,9 +534,7 @@ spec:
|
|||
type: string
|
||||
required:
|
||||
- name
|
||||
- passwordSecretRef
|
||||
- roles
|
||||
- scramCredentialsSecretName
|
||||
type: object
|
||||
type: array
|
||||
version:
|
||||
|
|
|
@ -50,8 +50,64 @@ spec:
|
|||
commonName: "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
|
||||
dnsNames:
|
||||
- "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
|
||||
{{- if .Values.resource.tls.useX509 }}
|
||||
# Agent X509 certs
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: agent-certs
|
||||
namespace: {{ .Values.namespace }}
|
||||
spec:
|
||||
commonName: mms-automation-agent
|
||||
dnsNames:
|
||||
- automation
|
||||
duration: 240h0m0s
|
||||
issuerRef:
|
||||
name: tls-ca-issuer
|
||||
renewBefore: 120h0m0s
|
||||
secretName: agent-certs
|
||||
subject:
|
||||
countries:
|
||||
- US
|
||||
localities:
|
||||
- NY
|
||||
organizationalUnits:
|
||||
- a-1635241837-m5yb81lfnrz
|
||||
organizations:
|
||||
- cluster.local-agent
|
||||
provinces:
|
||||
- NY
|
||||
usages:
|
||||
- digital signature
|
||||
- key encipherment
|
||||
- client auth
|
||||
{{- end }}
|
||||
{{- if .Values.resource.tls.sampleX509User }}
|
||||
# Client certs
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: x509-user-cert
|
||||
namespace: {{ .Values.namespace }}
|
||||
spec:
|
||||
commonName: my-x509-user
|
||||
duration: 240h0m0s
|
||||
issuerRef:
|
||||
name: tls-ca-issuer
|
||||
renewBefore: 120h0m0s
|
||||
secretName: my-x509-user-cert
|
||||
subject:
|
||||
organizationalUnits:
|
||||
- organizationalunit
|
||||
organizations:
|
||||
- organization
|
||||
usages:
|
||||
- digital signature
|
||||
- client auth
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.createResource }}
|
||||
# mongodb resources
|
||||
---
|
||||
|
@ -74,9 +130,24 @@ spec:
|
|||
name: {{ .Values.resource.tls.caCertificateSecretRef }}
|
||||
{{- end }}
|
||||
authentication:
|
||||
{{- if .Values.resource.tls.useX509 }}
|
||||
modes: ["X509"]
|
||||
{{- else }}
|
||||
modes: ["SCRAM"]
|
||||
{{- with .Values.resource.users }}
|
||||
{{- end }}
|
||||
{{- if .Values.resource.tls.sampleX509User }}
|
||||
users:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
- name: CN=my-x509-user,OU=organizationalunit,O=organization
|
||||
db: $external
|
||||
roles:
|
||||
- name: clusterAdmin
|
||||
db: admin
|
||||
- name: userAdminAnyDatabase
|
||||
db: admin
|
||||
- name: readWriteAnyDatabase
|
||||
db: admin
|
||||
{{- else }}
|
||||
users:
|
||||
{{- toYaml .Values.resource.users | nindent 4 }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
|
|
|
@ -9,7 +9,7 @@ metadata:
|
|||
name: {{ .Values.operator.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: 1
|
||||
replicas: {{ .Values.operator.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
name: {{ .Values.operator.name }}
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
## Operator
|
||||
operator:
|
||||
# Name that will be assigned to most of internal Kubernetes objects like
|
||||
|
@ -16,7 +15,7 @@ operator:
|
|||
deploymentName: mongodb-kubernetes-operator
|
||||
|
||||
# Version of mongodb-kubernetes-operator
|
||||
version: 0.8.2
|
||||
version: 0.8.3
|
||||
|
||||
# Uncomment this line to watch all namespaces
|
||||
# watchNamespace: "*"
|
||||
|
@ -30,6 +29,9 @@ operator:
|
|||
cpu: 500m
|
||||
memory: 200Mi
|
||||
|
||||
# replicas deployed for the operator pod. Running 1 is optimal and suggested.
|
||||
replicas: 1
|
||||
|
||||
# Additional environment variables
|
||||
extraEnvs: []
|
||||
# environment:
|
||||
|
@ -59,10 +61,10 @@ agent:
|
|||
version: 12.0.25.7724-1
|
||||
versionUpgradeHook:
|
||||
name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
|
||||
version: 1.0.7
|
||||
version: 1.0.8
|
||||
readinessProbe:
|
||||
name: mongodb-kubernetes-readinessprobe
|
||||
version: 1.0.15
|
||||
version: 1.0.17
|
||||
mongodb:
|
||||
name: mongo
|
||||
repo: docker.io
|
||||
|
@ -90,6 +92,8 @@ resource:
|
|||
enabled: false
|
||||
|
||||
# Installs Cert-Manager in this cluster.
|
||||
useX509: false
|
||||
sampleX509User: false
|
||||
useCertManager: true
|
||||
certificateKeySecretRef: tls-certificate
|
||||
caCertificateSecretRef: tls-ca-key-pair
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.16-0'
|
||||
catalog.cattle.io/release-name: nats
|
||||
apiVersion: v2
|
||||
appVersion: 2.10.2
|
||||
appVersion: 2.10.3
|
||||
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
|
||||
Technology.
|
||||
home: http://github.com/nats-io/k8s
|
||||
|
@ -18,4 +18,4 @@ maintainers:
|
|||
name: The NATS Authors
|
||||
url: https://github.com/nats-io
|
||||
name: nats
|
||||
version: 1.1.1
|
||||
version: 1.1.2
|
||||
|
|
|
@ -308,7 +308,7 @@ config:
|
|||
container:
|
||||
image:
|
||||
repository: nats
|
||||
tag: 2.10.2-alpine
|
||||
tag: 2.10.3-alpine
|
||||
pullPolicy:
|
||||
registry:
|
||||
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
dependencies:
|
||||
- name: newrelic-infrastructure
|
||||
repository: https://newrelic.github.io/nri-kubernetes
|
||||
version: 3.23.1
|
||||
version: 3.23.2
|
||||
- name: nri-prometheus
|
||||
repository: https://newrelic.github.io/nri-prometheus
|
||||
version: 2.1.17
|
||||
- name: newrelic-prometheus-agent
|
||||
repository: https://newrelic.github.io/newrelic-prometheus-configurator
|
||||
version: 1.4.1
|
||||
version: 1.5.0
|
||||
- name: nri-metadata-injection
|
||||
repository: https://newrelic.github.io/k8s-metadata-injection
|
||||
version: 4.10.0
|
||||
version: 4.10.1
|
||||
- name: newrelic-k8s-metrics-adapter
|
||||
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
|
||||
version: 1.4.1
|
||||
version: 1.4.2
|
||||
- name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 5.12.1
|
||||
- name: nri-kube-events
|
||||
repository: https://newrelic.github.io/nri-kube-events
|
||||
version: 3.2.4
|
||||
version: 3.2.5
|
||||
- name: newrelic-logging
|
||||
repository: https://newrelic.github.io/helm-charts
|
||||
version: 1.18.1
|
||||
|
@ -31,6 +31,6 @@ dependencies:
|
|||
version: 0.1.4
|
||||
- name: newrelic-infra-operator
|
||||
repository: https://newrelic.github.io/newrelic-infra-operator
|
||||
version: 2.3.1
|
||||
digest: sha256:66c038ae61c70febfb31eccb0fba998becf0179545240ea415a1e1ae9cf7f5a7
|
||||
generated: "2023-10-14T02:53:55.575862896Z"
|
||||
version: 2.3.2
|
||||
digest: sha256:3fb27beb39cefda6d5c78efc74f02b7ab09cf4d1a45f201cb148f7c3b476fe07
|
||||
generated: "2023-10-17T07:55:39.874488788Z"
|
||||
|
|
|
@ -7,7 +7,7 @@ dependencies:
|
|||
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
|
||||
name: newrelic-infrastructure
|
||||
repository: file://./charts/newrelic-infrastructure
|
||||
version: 3.23.1
|
||||
version: 3.23.2
|
||||
- condition: prometheus.enabled,nri-prometheus.enabled
|
||||
name: nri-prometheus
|
||||
repository: file://./charts/nri-prometheus
|
||||
|
@ -15,15 +15,15 @@ dependencies:
|
|||
- condition: newrelic-prometheus-agent.enabled
|
||||
name: newrelic-prometheus-agent
|
||||
repository: file://./charts/newrelic-prometheus-agent
|
||||
version: 1.4.1
|
||||
version: 1.5.0
|
||||
- condition: webhook.enabled,nri-metadata-injection.enabled
|
||||
name: nri-metadata-injection
|
||||
repository: file://./charts/nri-metadata-injection
|
||||
version: 4.10.0
|
||||
version: 4.10.1
|
||||
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
|
||||
name: newrelic-k8s-metrics-adapter
|
||||
repository: file://./charts/newrelic-k8s-metrics-adapter
|
||||
version: 1.4.1
|
||||
version: 1.4.2
|
||||
- condition: ksm.enabled,kube-state-metrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: file://./charts/kube-state-metrics
|
||||
|
@ -31,7 +31,7 @@ dependencies:
|
|||
- condition: kubeEvents.enabled,nri-kube-events.enabled
|
||||
name: nri-kube-events
|
||||
repository: file://./charts/nri-kube-events
|
||||
version: 3.2.4
|
||||
version: 3.2.5
|
||||
- condition: logging.enabled,newrelic-logging.enabled
|
||||
name: newrelic-logging
|
||||
repository: file://./charts/newrelic-logging
|
||||
|
@ -48,7 +48,7 @@ dependencies:
|
|||
- condition: newrelic-infra-operator.enabled
|
||||
name: newrelic-infra-operator
|
||||
repository: file://./charts/newrelic-infra-operator
|
||||
version: 2.3.1
|
||||
version: 2.3.2
|
||||
description: Groups together the individual charts for the New Relic Kubernetes solution
|
||||
for a more comfortable deployment.
|
||||
home: https://github.com/newrelic/helm-charts
|
||||
|
@ -89,4 +89,4 @@ sources:
|
|||
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
|
||||
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
|
||||
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
|
||||
version: 5.0.40
|
||||
version: 5.0.41
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 0.11.1
|
||||
appVersion: 0.11.2
|
||||
dependencies:
|
||||
- name: common-library
|
||||
repository: https://helm-charts.newrelic.com
|
||||
|
@ -32,4 +32,4 @@ name: newrelic-infra-operator
|
|||
sources:
|
||||
- https://github.com/newrelic/newrelic-infra-operator
|
||||
- https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator
|
||||
version: 2.3.1
|
||||
version: 2.3.2
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 3.18.1
|
||||
appVersion: 3.18.2
|
||||
dependencies:
|
||||
- name: common-library
|
||||
repository: https://helm-charts.newrelic.com
|
||||
|
@ -35,4 +35,4 @@ sources:
|
|||
- https://github.com/newrelic/nri-kubernetes/
|
||||
- https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
|
||||
- https://github.com/newrelic/infrastructure-agent/
|
||||
version: 3.23.1
|
||||
version: 3.23.2
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 0.6.2
|
||||
appVersion: 0.6.3
|
||||
dependencies:
|
||||
- name: common-library
|
||||
repository: https://helm-charts.newrelic.com
|
||||
|
@ -20,4 +20,4 @@ name: newrelic-k8s-metrics-adapter
|
|||
sources:
|
||||
- https://github.com/newrelic/newrelic-k8s-metrics-adapter
|
||||
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter
|
||||
version: 1.4.1
|
||||
version: 1.4.2
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
annotations:
|
||||
configuratorVersion: 1.7.1
|
||||
configuratorVersion: 1.8.0
|
||||
apiVersion: v2
|
||||
appVersion: v2.37.8
|
||||
dependencies:
|
||||
|
@ -31,4 +31,4 @@ maintainers:
|
|||
url: https://github.com/xqi-nr
|
||||
name: newrelic-prometheus-agent
|
||||
type: application
|
||||
version: 1.4.1
|
||||
version: 1.5.0
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 2.2.9
|
||||
appVersion: 2.2.12
|
||||
dependencies:
|
||||
- name: common-library
|
||||
repository: https://helm-charts.newrelic.com
|
||||
|
@ -35,4 +35,4 @@ sources:
|
|||
- https://github.com/newrelic/nri-kube-events/
|
||||
- https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events
|
||||
- https://github.com/newrelic/infrastructure-agent/
|
||||
version: 3.2.4
|
||||
version: 3.2.5
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# nri-kube-events
|
||||
|
||||
![Version: 3.2.4](https://img.shields.io/badge/Version-3.2.4-informational?style=flat-square) ![AppVersion: 2.2.9](https://img.shields.io/badge/AppVersion-2.2.9-informational?style=flat-square)
|
||||
![Version: 3.2.5](https://img.shields.io/badge/Version-3.2.5-informational?style=flat-square) ![AppVersion: 2.2.12](https://img.shields.io/badge/AppVersion-2.2.12-informational?style=flat-square)
|
||||
|
||||
A Helm chart to deploy the New Relic Kube Events router
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 1.18.0
|
||||
appVersion: 1.18.3
|
||||
dependencies:
|
||||
- name: common-library
|
||||
repository: https://helm-charts.newrelic.com
|
||||
|
@ -22,4 +22,4 @@ name: nri-metadata-injection
|
|||
sources:
|
||||
- https://github.com/newrelic/k8s-metadata-injection
|
||||
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
|
||||
version: 4.10.0
|
||||
version: 4.10.1
|
||||
|
|
|
@ -25,6 +25,7 @@ webhooks:
|
|||
apiVersions: ["v1"]
|
||||
resources: ["pods"]
|
||||
{{- if .Values.injectOnlyLabeledNamespaces }}
|
||||
scope: Namespaced
|
||||
namespaceSelector:
|
||||
matchLabels:
|
||||
newrelic-metadata-injection: enabled
|
||||
|
|
|
@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 0.12.0
|
||||
|
||||
- Update to version 0.10.0 of the ingress controller, this includes:
|
||||
- TLSEdge support - see the [TCP and TLS Edges Guide](https://github.com/ngrok/kubernetes-ingress-controller/blob/main/docs/user-guide/tcp-tls-edges.md) for more details.
|
||||
- A fix for renegotiating TLS backends
|
||||
|
||||
## 0.11.0
|
||||
|
||||
** Important ** This version of the controller changes the ownership model for https edge and tunnel CRs. To ease out the transition to the new ownership, make sure to run `migrate-edges.sh` and `migrate-tunnels.sh` scripts before installing the new version.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.10.1
|
||||
digest: sha256:54cb57fbf004b3cf03fe382619b87c9d17469340f3d24f506a2dbec185a9455a
|
||||
generated: "2023-09-08T12:48:02.907551-04:00"
|
||||
version: 2.13.2
|
||||
digest: sha256:2672c3a43386aa82424bca0a5b774ea94e167c7c90604cd66520afde23238e37
|
||||
generated: "2023-10-05T10:48:29.016056701-04:00"
|
||||
|
|
|
@ -3,7 +3,7 @@ annotations:
|
|||
catalog.cattle.io/display-name: ngrok Ingress Controller
|
||||
catalog.cattle.io/release-name: kubernetes-ingress-controller
|
||||
apiVersion: v2
|
||||
appVersion: 0.9.0
|
||||
appVersion: 0.10.0
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
@ -22,4 +22,4 @@ keywords:
|
|||
name: kubernetes-ingress-controller
|
||||
sources:
|
||||
- https://github.com/ngrok/kubernetes-ingress-controller
|
||||
version: 0.11.0
|
||||
version: 0.12.0
|
||||
|
|
|
@ -87,4 +87,5 @@ To uninstall the chart:
|
|||
| `log.level` | The level to log at. One of 'debug', 'info', or 'error'. | `info` |
|
||||
| `log.stacktraceLevel` | The level to report stacktrace logs one of 'info' or 'error'. | `error` |
|
||||
| `log.format` | The log format to use. One of console, json. | `json` |
|
||||
| `lifecycle` | an object containing lifecycle configuration | `{}` |
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.10.1
|
||||
appVersion: 2.13.2
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.10.1
|
||||
version: 2.13.2
|
||||
|
|
|
@ -172,6 +172,50 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler.
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns true if PodSecurityPolicy is supported
|
||||
*/}}
|
||||
{{- define "common.capabilities.psp.supported" -}}
|
||||
{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns true if AdmissionConfiguration is supported
|
||||
*/}}
|
||||
{{- define "common.capabilities.admisionConfiguration.supported" -}}
|
||||
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for AdmissionConfiguration.
|
||||
*/}}
|
||||
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
|
||||
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
|
||||
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "apiserver.config.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "apiserver.config.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for PodSecurityConfiguration.
|
||||
*/}}
|
||||
{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}}
|
||||
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}}
|
||||
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "pod-security.admission.config.k8s.io/v1beta1" -}}
|
||||
{{- else -}}
|
||||
{{- print "pod-security.admission.config.k8s.io/v1" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Returns true if the used Helm version is 3.3+.
|
||||
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
|
||||
|
|
|
@ -38,15 +38,23 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima
|
|||
|
||||
{{- if .global }}
|
||||
{{- range .global.imagePullSecrets -}}
|
||||
{{- if kindIs "map" . -}}
|
||||
{{- $pullSecrets = append $pullSecrets .name -}}
|
||||
{{- else -}}
|
||||
{{- $pullSecrets = append $pullSecrets . -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .images -}}
|
||||
{{- range .pullSecrets -}}
|
||||
{{- if kindIs "map" . -}}
|
||||
{{- $pullSecrets = append $pullSecrets .name -}}
|
||||
{{- else -}}
|
||||
{{- $pullSecrets = append $pullSecrets . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if (not (empty $pullSecrets)) }}
|
||||
imagePullSecrets:
|
||||
|
@ -66,15 +74,23 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa
|
|||
|
||||
{{- if $context.Values.global }}
|
||||
{{- range $context.Values.global.imagePullSecrets -}}
|
||||
{{- if kindIs "map" . -}}
|
||||
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}}
|
||||
{{- else -}}
|
||||
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .images -}}
|
||||
{{- range .pullSecrets -}}
|
||||
{{- if kindIs "map" . -}}
|
||||
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}}
|
||||
{{- else -}}
|
||||
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if (not (empty $pullSecrets)) }}
|
||||
imagePullSecrets:
|
||||
|
@ -83,3 +99,19 @@ imagePullSecrets:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion)
|
||||
{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }}
|
||||
*/}}
|
||||
{{- define "common.images.version" -}}
|
||||
{{- $imageTag := .imageRoot.tag | toString -}}
|
||||
{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}}
|
||||
{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}}
|
||||
{{- $version := semver $imageTag -}}
|
||||
{{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}}
|
||||
{{- else -}}
|
||||
{{- print .chart.AppVersion -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
|
|
@ -11,12 +11,19 @@ Kubernetes standard labels
|
|||
*/}}
|
||||
{{- define "common.labels.standard" -}}
|
||||
{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
|
||||
{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }}
|
||||
{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}}
|
||||
{{- with .context.Chart.AppVersion -}}
|
||||
{{- $_ := set $default "app.kubernetes.io/version" . -}}
|
||||
{{- end -}}
|
||||
{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }}
|
||||
{{- else -}}
|
||||
app.kubernetes.io/name: {{ include "common.names.name" . }}
|
||||
helm.sh/chart: {{ include "common.names.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
|
|
@ -65,3 +65,13 @@ Usage:
|
|||
{{- end -}}
|
||||
{{- printf "%s" $key -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376).
|
||||
Usage:
|
||||
{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }}
|
||||
*/}}
|
||||
{{- define "common.utils.checksumTemplate" -}}
|
||||
{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}}
|
||||
{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }}
|
||||
{{- end -}}
|
||||
|
|
|
@ -18,7 +18,7 @@ be automatically configured on the internet using ngrok.
|
|||
One example, taken from your cluster, is the Service:
|
||||
{{ $service.metadata.name | quote }}
|
||||
|
||||
You can make this accessible via Ngrok with the following manifest:
|
||||
You can make this accessible via ngrok with the following manifest:
|
||||
--------------------------------------------------------------------------------
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
|
|
|
@ -107,6 +107,10 @@ spec:
|
|||
volumeMounts:
|
||||
{{ toYaml .Values.extraVolumeMounts | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.lifecycle }}
|
||||
lifecycle:
|
||||
{{ toYaml .Values.lifecycle | nindent 10 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
|
|
|
@ -78,7 +78,7 @@ spec:
|
|||
in the ngrok API/Dashboard
|
||||
type: string
|
||||
ipRestriction:
|
||||
description: IPRestriction is an IPRestriction to apply to this route
|
||||
description: IPRestriction is an IPRestriction to apply to this edge
|
||||
properties:
|
||||
policies:
|
||||
items:
|
||||
|
|
|
@ -0,0 +1,148 @@
|
|||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
creationTimestamp: null
|
||||
name: tlsedges.ingress.k8s.ngrok.com
|
||||
spec:
|
||||
group: ingress.k8s.ngrok.com
|
||||
names:
|
||||
kind: TLSEdge
|
||||
listKind: TLSEdgeList
|
||||
plural: tlsedges
|
||||
singular: tlsedge
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- description: Domain ID
|
||||
jsonPath: .status.id
|
||||
name: ID
|
||||
type: string
|
||||
- description: Hostports
|
||||
jsonPath: .status.hostports
|
||||
name: Hostports
|
||||
type: string
|
||||
- description: Tunnel Group Backend ID
|
||||
jsonPath: .status.backend.id
|
||||
name: Backend ID
|
||||
type: string
|
||||
- description: Age
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TLSEdge is the Schema for the tlsedges API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSEdgeSpec defines the desired state of TLSEdge
|
||||
properties:
|
||||
backend:
|
||||
description: Backend is the definition for the tunnel group backend
|
||||
that serves traffic for this edge
|
||||
properties:
|
||||
description:
|
||||
default: Created by kubernetes-ingress-controller
|
||||
description: Description is a human-readable description of the
|
||||
object in the ngrok API/Dashboard
|
||||
type: string
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Labels to watch for tunnels on this backend
|
||||
type: object
|
||||
metadata:
|
||||
default: '{"owned-by":"kubernetes-ingress-controller"}'
|
||||
description: Metadata is a string of arbitrary data associated
|
||||
with the object in the ngrok API/Dashboard
|
||||
type: string
|
||||
type: object
|
||||
description:
|
||||
default: Created by kubernetes-ingress-controller
|
||||
description: Description is a human-readable description of the object
|
||||
in the ngrok API/Dashboard
|
||||
type: string
|
||||
hostports:
|
||||
description: Hostports is a list of hostports served by this edge
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ipRestriction:
|
||||
description: IPRestriction is an IPRestriction to apply to this edge
|
||||
properties:
|
||||
policies:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
metadata:
|
||||
default: '{"owned-by":"kubernetes-ingress-controller"}'
|
||||
description: Metadata is a string of arbitrary data associated with
|
||||
the object in the ngrok API/Dashboard
|
||||
type: string
|
||||
mutualTls:
|
||||
properties:
|
||||
certificateAuthorities:
|
||||
description: List of CA IDs that will be used to validate incoming
|
||||
connections to the edge.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
tlsTermination:
|
||||
properties:
|
||||
minVersion:
|
||||
description: MinVersion is the minimum TLS version to allow for
|
||||
connections to the edge
|
||||
type: string
|
||||
terminateAt:
|
||||
description: TerminateAt determines where the TLS connection should
|
||||
be terminated. "edge" if the ngrok edge should terminate TLS
|
||||
traffic, "upstream" if TLS traffic should be passed through
|
||||
to the upstream ngrok agent / application server for termination.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
description: TLSEdgeStatus defines the observed state of TLSEdge
|
||||
properties:
|
||||
backend:
|
||||
description: Backend stores the status of the tunnel group backend,
|
||||
mainly the ID of the backend
|
||||
properties:
|
||||
id:
|
||||
description: ID is the unique identifier for this backend
|
||||
type: string
|
||||
type: object
|
||||
hostports:
|
||||
description: Hostports served by this edge
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
id:
|
||||
description: ID is the unique identifier for this edge
|
||||
type: string
|
||||
uri:
|
||||
description: URI is the URI of the edge
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
|
@ -151,6 +151,32 @@ rules:
|
|||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# permissions for end users to edit tlsedges.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: clusterrole
|
||||
app.kubernetes.io/instance: tlsedge-editor-role
|
||||
app.kubernetes.io/component: rbac
|
||||
app.kubernetes.io/created-by: ngrok-ingress-controller
|
||||
app.kubernetes.io/part-of: ngrok-ingress-controller
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
name: tlsedge-editor-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges/status
|
||||
verbs:
|
||||
- get
|
|
@ -0,0 +1,27 @@
|
|||
# permissions for end users to view tlsedges.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: clusterrole
|
||||
app.kubernetes.io/instance: tlsedge-viewer-role
|
||||
app.kubernetes.io/component: rbac
|
||||
app.kubernetes.io/created-by: ngrok-ingress-controller
|
||||
app.kubernetes.io/part-of: ngrok-ingress-controller
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
name: tlsedge-viewer-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ingress.k8s.ngrok.com
|
||||
resources:
|
||||
- tlsedges/status
|
||||
verbs:
|
||||
- get
|
|
@ -189,3 +189,8 @@ log:
|
|||
format: json
|
||||
level: info
|
||||
stacktraceLevel: error
|
||||
|
||||
## @param lifecycle an object containing lifecycle configuration
|
||||
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
|
||||
##
|
||||
lifecycle: {}
|
|
@ -6,4 +6,4 @@ dependencies:
|
|||
repository: https://charts.redpanda.com
|
||||
version: 0.1.6
|
||||
digest: sha256:4770d2dc26e5ed437977d40d20f49a1e08176579eaf464d042c94db7e1be37cf
|
||||
generated: "2023-10-14T02:49:30.448635825Z"
|
||||
generated: "2023-10-17T13:28:27.77999498Z"
|
||||
|
|
|
@ -37,4 +37,4 @@ name: redpanda
|
|||
sources:
|
||||
- https://github.com/redpanda-data/helm-charts
|
||||
type: application
|
||||
version: 5.6.17
|
||||
version: 5.6.19
|
||||
|
|
|
@ -30,3 +30,9 @@ connectors:
|
|||
enabled: true
|
||||
logging:
|
||||
level: debug
|
||||
|
||||
# tests to ensure this large int isn't converted to scientific notation for the rpk commands
|
||||
# in post-upgrade job.
|
||||
config:
|
||||
cluster:
|
||||
retention_local_target_ms_default: 21600000
|
||||
|
|
|
@ -71,6 +71,9 @@ spec:
|
|||
set -e
|
||||
rpk cluster config import -f /etc/redpanda/bootstrap.yaml
|
||||
{{- range $key, $value := .Values.config.cluster }}
|
||||
{{- if and (typeIs "float64" $value) (eq (floor $value) $value) }}
|
||||
{{- $value = int64 $value }}
|
||||
{{- end }}
|
||||
{{- if or (typeIs "bool" $value ) $value }}
|
||||
rpk cluster config set {{ $key }} {{ $value }}
|
||||
{{- end }}
|
||||
|
|
|
@ -19,6 +19,7 @@ limitations under the License.
|
|||
{{- $root := deepCopy . }}
|
||||
{{- $values := .Values }}
|
||||
{{ $consoleValues := dict "Values" (deepCopy .Values.console) "Release" .Release "Chart" .Subcharts.console.Chart }}
|
||||
{{ $connectorsVars := dict "Values" (deepCopy .Values.connectors) "Release" .Release "Chart" .Subcharts.connectors.Chart }}
|
||||
{{/* brokers */}}
|
||||
{{- $kafkaBrokers := list }}
|
||||
{{- range (include "seed-server-list" . | mustFromJson) }}
|
||||
|
@ -52,11 +53,24 @@ spec:
|
|||
- name: TLS_ENABLED
|
||||
value: {{ (include "kafka-internal-tls-enabled" . | fromJson).bool | quote }}
|
||||
command:
|
||||
- /usr/bin/timeout
|
||||
- "120"
|
||||
- bash
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -xe
|
||||
|
||||
trap connectorsState ERR
|
||||
|
||||
connectorsState () {
|
||||
echo check connectors expand status
|
||||
curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors?expand=status
|
||||
echo check connectors expand info
|
||||
curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors?expand=info
|
||||
echo check connector configuration
|
||||
curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors/$CONNECTOR_NAME
|
||||
echo check connector topics
|
||||
curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsVars }}:{{ (deepCopy .Values.connectors).connectors.restPort }}/connectors/$CONNECTOR_NAME/topics
|
||||
}
|
||||
|
||||
{{- if .Values.auth.sasl.enabled }}
|
||||
set -e
|
||||
set +x
|
||||
|
@ -75,6 +89,8 @@ spec:
|
|||
|
||||
JAAS_CONFIG_SOURCE="\"source.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${RPK_USER}\\\\"\" password=\\\\"\"${RPK_PASS}\\\\"\";\","
|
||||
JAAS_CONFIG_TARGET="\"target.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${RPK_USER}\\\\"\" password=\\\\"\"${RPK_PASS}\\\\"\";\","
|
||||
set -x
|
||||
set +e
|
||||
{{- end }}
|
||||
|
||||
{{- $testTopic := printf "test-topic-%s" (randNumeric 3) }}
|
||||
|
@ -82,9 +98,6 @@ spec:
|
|||
rpk topic list
|
||||
echo "Test message!" | rpk topic produce {{ $testTopic }}
|
||||
|
||||
set -x
|
||||
set +e
|
||||
|
||||
SECURITY_PROTOCOL=PLAINTEXT
|
||||
if [[ -n "$RPK_SASL_MECHANISM" && $TLS_ENABLED == "true" ]]; then
|
||||
SECURITY_PROTOCOL="SASL_SSL"
|
||||
|
@ -138,24 +151,12 @@ spec:
|
|||
URL=http://{{ include "console.fullname" $consoleValues }}:{{ include "console.containerPort" $consoleValues }}/api/kafka-connect/clusters/connectors/connectors
|
||||
{{/* outputting to /dev/null because the output contains the user password */}}
|
||||
echo "Creating mm2 connector"
|
||||
if curl {{ template "curl-options" . }} -H 'Content-Type: application/json' "${URL}" -d @/tmp/mm2-conf.json
|
||||
then
|
||||
echo "Result successful"
|
||||
else
|
||||
echo "mm2 connector can not be created!!!"
|
||||
exit 1
|
||||
fi
|
||||
curl {{ template "curl-options" . }} -H 'Content-Type: application/json' "${URL}" -d @/tmp/mm2-conf.json
|
||||
|
||||
rpk topic consume source.{{ $testTopic }} -n 1
|
||||
|
||||
echo "Destroying mm2 connector"
|
||||
if curl {{ template "curl-options" . }} -X DELETE "${URL}/${CONNECTOR_NAME}"
|
||||
then
|
||||
echo "Result successful"
|
||||
else
|
||||
echo "mm2 connector can not be destroyed!!!"
|
||||
exit 1
|
||||
fi
|
||||
curl {{ template "curl-options" . }} -X DELETE "${URL}/${CONNECTOR_NAME}"
|
||||
|
||||
rpk topic list
|
||||
rpk topic delete {{ $testTopic }} source.{{ $testTopic }} mm2-offset-syncs.test-only-redpanda.internal
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>= 1.17.0-0'
|
||||
catalog.cattle.io/release-name: speedscale-operator
|
||||
apiVersion: v1
|
||||
appVersion: 1.3.494
|
||||
appVersion: 1.3.518
|
||||
description: Stress test your APIs with real world scenarios. Collect and replay
|
||||
traffic without scripting.
|
||||
home: https://speedscale.com
|
||||
|
@ -24,4 +24,4 @@ maintainers:
|
|||
- email: support@speedscale.com
|
||||
name: Speedscale Support
|
||||
name: speedscale-operator
|
||||
version: 1.3.39
|
||||
version: 1.3.40
|
||||
|
|
|
@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
|
|||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
|
||||
incompatible breaking change needing manual actions.
|
||||
|
||||
### Upgrade to 1.3.39
|
||||
### Upgrade to 1.3.40
|
||||
|
||||
```bash
|
||||
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.39/templates/crds/trafficreplays.yaml
|
||||
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.40/templates/crds/trafficreplays.yaml
|
||||
```
|
||||
|
||||
### Upgrade to 1.1.0
|
||||
|
|
|
@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
|
|||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
|
||||
incompatible breaking change needing manual actions.
|
||||
|
||||
### Upgrade to 1.3.39
|
||||
### Upgrade to 1.3.40
|
||||
|
||||
```bash
|
||||
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.39/templates/crds/trafficreplays.yaml
|
||||
kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.40/templates/crds/trafficreplays.yaml
|
||||
```
|
||||
|
||||
### Upgrade to 1.1.0
|
||||
|
|
|
@ -20,7 +20,7 @@ clusterName: "my-cluster"
|
|||
# Speedscale components image settings.
|
||||
image:
|
||||
registry: gcr.io/speedscale
|
||||
tag: v1.3.494
|
||||
tag: v1.3.518
|
||||
pullPolicy: Always
|
||||
|
||||
# Log level for Speedscale components.
|
||||
|
|
|
@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
|
|||
exclusively to fix incorrect entries and not to add new ones.
|
||||
|
||||
## Change Log
|
||||
# v1.16.17
|
||||
### New Features
|
||||
* [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
|
||||
# v1.16.16
|
||||
### Chores
|
||||
* **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
|
||||
# v1.16.15
|
||||
### New Features
|
||||
* [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
|
||||
|
|
|
@ -3,7 +3,7 @@ annotations:
|
|||
catalog.cattle.io/display-name: Sysdig
|
||||
catalog.cattle.io/release-name: sysdig
|
||||
apiVersion: v1
|
||||
appVersion: 12.16.3
|
||||
appVersion: 12.17.0
|
||||
deprecated: true
|
||||
description: Sysdig Monitor and Secure agent
|
||||
home: https://www.sysdig.com/
|
||||
|
@ -19,4 +19,4 @@ name: sysdig
|
|||
sources:
|
||||
- https://app.sysdigcloud.com/#/settings/user
|
||||
- https://github.com/draios/sysdig
|
||||
version: 1.16.15
|
||||
version: 1.16.17
|
||||
|
|
|
@ -222,7 +222,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
|
|||
| `nodeAnalyzer.pullSecrets` | The image pull secrets for the Node Analyzer containers. | `nil` |
|
||||
| `nodeAnalyzer.imageAnalyzer.deploy` | Deploys the Image Analyzer. | `true ` |
|
||||
| `nodeAnalyzer.imageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
|
||||
| `nodeAnalyzer.imageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.28` |
|
||||
| `nodeAnalyzer.imageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.29` |
|
||||
| `nodeAnalyzer.imageAnalyzer.image.digest` | The image digest to pull. | ` ` |
|
||||
| `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer. | `IfNotPresent` |
|
||||
| `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | The Docker socket path. | |
|
||||
|
@ -237,7 +237,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
|
|||
| `nodeAnalyzer.imageAnalyzer.env` | The extra environment variables that will be passed onto pods. | `{}` |
|
||||
| `nodeAnalyzer.hostAnalyzer.deploy` | Deploys the Host Analyzer. | `true ` |
|
||||
| `nodeAnalyzer.hostAnalyzer.image.repository` | The image repository to pull the Host Analyzer from. | `sysdig/host-analyzer` |
|
||||
| `nodeAnalyzer.hostAnalyzer.image.tag` | The image tag to pull the Host Analyzer. | `0.1.16` |
|
||||
| `nodeAnalyzer.hostAnalyzer.image.tag` | The image tag to pull the Host Analyzer. | `0.1.17` |
|
||||
| `nodeAnalyzer.hostAnalyzer.image.digest` | The image digest to pull. | ` ` |
|
||||
| `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | The Image pull policy for the Host Analyzer. | `IfNotPresent` |
|
||||
| `nodeAnalyzer.hostAnalyzer.schedule` | The scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` |
|
||||
|
@ -323,7 +323,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
|
|||
| `nodeImageAnalyzer.settings.httpsProxy` | The secure proxy configuration variables. | |
|
||||
| `nodeImageAnalyzer.settings.noProxy` | The no proxy configuration variables. | |
|
||||
| `nodeImageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
|
||||
| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.28` |
|
||||
| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.29` |
|
||||
| `nodeImageAnalyzer.imagedigest` | The image digest to pull. | ` ` |
|
||||
| `nodeImageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer. | `IfNotPresent` |
|
||||
| `nodeImageAnalyzer.image.pullSecrets` | Image pull secrets for the Node Image Analyzer. | `nil` |
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# What's Changed
|
||||
|
||||
### New Features
|
||||
- [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
|
||||
#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.1...sysdig-1.16.15
|
||||
- [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
|
||||
#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.6...sysdig-1.16.17
|
||||
|
|
|
@ -7,7 +7,7 @@ image:
|
|||
overrideValue: null
|
||||
registry: quay.io
|
||||
repository: sysdig/agent
|
||||
tag: 12.16.3
|
||||
tag: 12.17.0
|
||||
# Specify a imagePullPolicy
|
||||
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
|
@ -193,7 +193,7 @@ nodeImageAnalyzer:
|
|||
deploy: false
|
||||
image:
|
||||
repository: sysdig/node-image-analyzer
|
||||
tag: 0.1.28
|
||||
tag: 0.1.29
|
||||
digest: null
|
||||
pullPolicy: IfNotPresent
|
||||
# pullSecrets:
|
||||
|
@ -351,7 +351,7 @@ nodeAnalyzer:
|
|||
deploy: true
|
||||
image:
|
||||
repository: sysdig/node-image-analyzer
|
||||
tag: 0.1.28
|
||||
tag: 0.1.29
|
||||
digest: null
|
||||
pullPolicy: IfNotPresent
|
||||
# The Docker socket path.
|
||||
|
@ -393,7 +393,7 @@ nodeAnalyzer:
|
|||
deploy: true
|
||||
image:
|
||||
repository: sysdig/host-analyzer
|
||||
tag: 0.1.16
|
||||
tag: 0.1.17
|
||||
digest: null
|
||||
pullPolicy: IfNotPresent
|
||||
# The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”.
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue