diff --git a/assets/argo/argo-cd-5.34.6.tgz b/assets/argo/argo-cd-5.34.6.tgz new file mode 100644 index 000000000..54db50a4e Binary files /dev/null and b/assets/argo/argo-cd-5.34.6.tgz differ diff --git a/assets/bitnami/postgresql-12.5.6.tgz b/assets/bitnami/postgresql-12.5.6.tgz new file mode 100644 index 000000000..a0008fbe2 Binary files /dev/null and b/assets/bitnami/postgresql-12.5.6.tgz differ diff --git a/assets/bitnami/spark-7.0.0.tgz b/assets/bitnami/spark-7.0.0.tgz new file mode 100644 index 000000000..79e64ee90 Binary files /dev/null and b/assets/bitnami/spark-7.0.0.tgz differ diff --git a/assets/bitnami/wordpress-16.1.9.tgz b/assets/bitnami/wordpress-16.1.9.tgz new file mode 100644 index 000000000..df0a1f12c Binary files /dev/null and b/assets/bitnami/wordpress-16.1.9.tgz differ diff --git a/assets/cert-manager/cert-manager-v1.12.1.tgz b/assets/cert-manager/cert-manager-v1.12.1.tgz new file mode 100644 index 000000000..a6e957def Binary files /dev/null and b/assets/cert-manager/cert-manager-v1.12.1.tgz differ diff --git a/assets/cockroach-labs/cockroachdb-11.0.1.tgz b/assets/cockroach-labs/cockroachdb-11.0.1.tgz new file mode 100644 index 000000000..3a9994bc0 Binary files /dev/null and b/assets/cockroach-labs/cockroachdb-11.0.1.tgz differ diff --git a/assets/codefresh/cf-runtime-1.0.7.tgz b/assets/codefresh/cf-runtime-1.0.7.tgz new file mode 100644 index 000000000..b182a73fa Binary files /dev/null and b/assets/codefresh/cf-runtime-1.0.7.tgz differ diff --git a/assets/datadog/datadog-3.30.9.tgz b/assets/datadog/datadog-3.30.9.tgz new file mode 100644 index 000000000..d75a2e37a Binary files /dev/null and b/assets/datadog/datadog-3.30.9.tgz differ diff --git a/assets/external-secrets/external-secrets-0.8.3.tgz b/assets/external-secrets/external-secrets-0.8.3.tgz new file mode 100644 index 000000000..9e523ebc7 Binary files /dev/null and b/assets/external-secrets/external-secrets-0.8.3.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.59.9.tgz b/assets/jfrog/artifactory-ha-107.59.9.tgz new file mode 100644 index 000000000..a2fb06f48 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.59.9.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.59.9.tgz b/assets/jfrog/artifactory-jcr-107.59.9.tgz new file mode 100644 index 000000000..d2efb8a19 Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.59.9.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.103.3.tgz b/assets/kubecost/cost-analyzer-1.103.3.tgz index 8d23ca8d8..4349f9d94 100644 Binary files a/assets/kubecost/cost-analyzer-1.103.3.tgz and b/assets/kubecost/cost-analyzer-1.103.3.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.103.4.tgz b/assets/kubecost/cost-analyzer-1.103.4.tgz new file mode 100644 index 000000000..76e74675b Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.103.4.tgz differ diff --git a/assets/new-relic/nri-bundle-5.0.16.tgz b/assets/new-relic/nri-bundle-5.0.16.tgz new file mode 100644 index 000000000..682f3c00a Binary files /dev/null and b/assets/new-relic/nri-bundle-5.0.16.tgz differ diff --git a/assets/openebs/openebs-3.7.0.tgz b/assets/openebs/openebs-3.7.0.tgz new file mode 100644 index 000000000..b63d94d57 Binary files /dev/null and b/assets/openebs/openebs-3.7.0.tgz differ diff --git a/assets/redpanda/redpanda-4.0.26.tgz b/assets/redpanda/redpanda-4.0.26.tgz new file mode 100644 index 000000000..91bc9edcf Binary files /dev/null and b/assets/redpanda/redpanda-4.0.26.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.3.8.tgz b/assets/speedscale/speedscale-operator-1.3.8.tgz new file mode 100644 index 000000000..1030f5571 Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.8.tgz differ diff --git a/assets/sysdig/sysdig-1.15.90.tgz b/assets/sysdig/sysdig-1.15.90.tgz new file mode 100644 index 000000000..19963bfb3 Binary files /dev/null and b/assets/sysdig/sysdig-1.15.90.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index b0995d562..58c361c5e 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: fixed - description: Allow to disable containerSecurityContext + - kind: added + description: Option to set appProtocol for Argocd server https service port artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -10,7 +10,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.7.2 +appVersion: v2.7.3 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -32,4 +32,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.34.4 +version: 5.34.6 diff --git a/charts/argo/argo-cd/templates/argocd-server/service.yaml b/charts/argo/argo-cd/templates/argocd-server/service.yaml index 5a31f0b87..b9881f882 100644 --- a/charts/argo/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/service.yaml @@ -31,6 +31,9 @@ spec: {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} {{- if eq .Values.server.service.type "LoadBalancer" }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 2906eb82b..cbe46d2e2 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -1768,6 +1768,8 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https + # -- Server service https port appProtocol. (should be upper case - i.e. HTTPS) + # servicePortHttpsAppProtocol: HTTPS # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 4a874df47..9fbbc0867 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -31,4 +31,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 12.5.5 +version: 12.5.6 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index e823285ef..fc7478081 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -98,7 +98,7 @@ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r4` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r7` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -375,7 +375,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r120` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -403,7 +403,7 @@ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r89` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r91` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | diff --git a/charts/bitnami/postgresql/templates/primary/statefulset.yaml b/charts/bitnami/postgresql/templates/primary/statefulset.yaml index 49205f958..d56d052e3 100644 --- a/charts/bitnami/postgresql/templates/primary/statefulset.yaml +++ b/charts/bitnami/postgresql/templates/primary/statefulset.yaml @@ -450,7 +450,7 @@ spec: {{- end }} {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ + mountPath: {{ .Values.primary.persistence.mountPath }}/conf/conf.d/ {{- end }} {{- if .Values.auth.usePasswordFiles }} - name: postgresql-password @@ -474,7 +474,7 @@ spec: {{- end }} {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} - name: postgresql-config - mountPath: /bitnami/postgresql/conf + mountPath: {{ .Values.primary.persistence.mountPath }}/conf {{- end }} {{- if .Values.primary.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} diff --git a/charts/bitnami/postgresql/templates/read/statefulset.yaml b/charts/bitnami/postgresql/templates/read/statefulset.yaml index cfcc9a7e4..9d280177d 100644 --- a/charts/bitnami/postgresql/templates/read/statefulset.yaml +++ b/charts/bitnami/postgresql/templates/read/statefulset.yaml @@ -369,7 +369,7 @@ spec: {{- end }} {{- if .Values.readReplicas.extendedConfiguration }} - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ + mountPath: {{ .Values.readReplicas.persistence.mountPath }}/conf/conf.d/ {{- end }} {{- if .Values.tls.enabled }} - name: postgresql-certificates diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index ef67631e1..7f8b20b7f 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.3.0-debian-11-r4 + tag: 15.3.0-debian-11-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1136,7 +1136,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r118 + tag: 11-debian-11-r120 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1231,7 +1231,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.12.0-debian-11-r89 + tag: 0.12.0-debian-11-r91 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index fcaf47d62..ddc8171e1 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.3.2 +appVersion: 3.4.0 dependencies: - name: common repository: file://./charts/common @@ -27,4 +27,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 6.6.3 +version: 7.0.0 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index 01ebd73a3..0ee96bbce 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -80,16 +80,16 @@ The command removes all the Kubernetes components associated with the chart and ### Spark parameters -| Name | Description | Value | -| ------------------- | ----------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Spark image registry | `docker.io` | -| `image.repository` | Spark image repository | `bitnami/spark` | -| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r30` | -| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `hostNetwork` | Enable HOST Network | `false` | +| Name | Description | Value | +| ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- | +| `image.registry` | Spark image registry | `docker.io` | +| `image.repository` | Spark image repository | `bitnami/spark` | +| `image.tag` | Spark image tag (immutable tags are recommended) | `3.4.0-debian-11-r0` | +| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `hostNetwork` | Enable HOST Network | `false` | ### Spark master parameters diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index 08cc1e3ee..928e71cb2 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -92,7 +92,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.3.2-debian-11-r30 + tag: 3.4.0-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 6976f11bd..c92a5d91b 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 16.1.8 +version: 16.1.9 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 69e4cd5b2..33773c8a2 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r2` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r3` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -247,7 +247,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r118` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r119` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -279,7 +279,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.3-debian-11-r9` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.3-debian-11-r10` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 84c914c37..276a4b3b2 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.2.2-debian-11-r2 + tag: 6.2.2-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -763,7 +763,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r118 + tag: 11-debian-11-r119 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -857,7 +857,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.13.3-debian-11-r9 + tag: 0.13.3-debian-11-r10 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/cert-manager/cert-manager/Chart.yaml b/charts/cert-manager/cert-manager/Chart.yaml index d78ca5ce3..0cc3b7898 100644 --- a/charts/cert-manager/cert-manager/Chart.yaml +++ b/charts/cert-manager/cert-manager/Chart.yaml @@ -9,7 +9,7 @@ annotations: catalog.cattle.io/namespace: cert-manager catalog.cattle.io/release-name: cert-manager apiVersion: v1 -appVersion: v1.12.0 +appVersion: v1.12.1 description: A Helm chart for cert-manager home: https://github.com/cert-manager/cert-manager icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png @@ -26,4 +26,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.12.0 +version: v1.12.1 diff --git a/charts/cert-manager/cert-manager/README.md b/charts/cert-manager/cert-manager/README.md index 63a30fec3..dda19bbab 100644 --- a/charts/cert-manager/cert-manager/README.md +++ b/charts/cert-manager/cert-manager/README.md @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.1/cert-manager.crds.yaml ``` To install the chart with the release name `my-release`: @@ -29,7 +29,7 @@ To install the chart with the release name `my-release`: $ helm repo add jetstack https://charts.jetstack.io ## Install the cert-manager helm chart -$ helm install my-release --namespace cert-manager --version v1.12.0 jetstack/cert-manager +$ helm install my-release --namespace cert-manager --version v1.12.1 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.1/cert-manager.crds.yaml ``` ## Configuration @@ -86,7 +86,7 @@ The following table lists the configurable parameters of the cert-manager chart | `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | | | `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` | | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v1.12.0` | +| `image.tag` | Image tag | `v1.12.1` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicaCount` | Number of cert-manager replicas | `1` | | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod | @@ -169,7 +169,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` | | `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` | | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v1.12.0` | +| `webhook.image.tag` | Webhook image tag | `v1.12.1` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | | `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` | | `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -207,12 +207,12 @@ The following table lists the configurable parameters of the cert-manager chart | `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` | | `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` | | `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` | -| `cainjector.image.tag` | cainjector image tag | `v1.12.0` | +| `cainjector.image.tag` | cainjector image tag | `v1.12.1` | | `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` | | `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) | | `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) | | `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` | -| `acmesolver.image.tag` | acmesolver image tag | `v1.12.0` | +| `acmesolver.image.tag` | acmesolver image tag | `v1.12.1` | | `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` | | `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` | | `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -228,7 +228,7 @@ The following table lists the configurable parameters of the cert-manager chart | `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` | | `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` | | `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` | -| `startupapicheck.image.tag` | startupapicheck image tag | `v1.12.0` | +| `startupapicheck.image.tag` | startupapicheck image tag | `v1.12.1` | | `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` | | `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` | | `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | | diff --git a/charts/cert-manager/cert-manager/values.yaml b/charts/cert-manager/cert-manager/values.yaml index def8de1b9..66df39a4b 100644 --- a/charts/cert-manager/cert-manager/values.yaml +++ b/charts/cert-manager/cert-manager/values.yaml @@ -69,8 +69,11 @@ podDisruptionBudget: # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) # or a percentage value (e.g. 25%) -# Comma separated list of feature gates that should be enabled on the -# controller pod & webhook pod. +# Comma separated list of feature gates that should be enabled on the controller +# Note: do not use this field to pass feature gate values into webhook +# component as this behaviour relies on a bug that will be fixed in cert-manager 1.13 +# https://github.com/cert-manager/cert-manager/pull/6093 +# Use webhook.extraArgs to pass --feature-gates flag directly instead. featureGates: "" # The maximum number of challenges that can be scheduled as 'processing' at once diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml index 6c6b2fa9b..fb92df1d0 100644 --- a/charts/cockroach-labs/cockroachdb/Chart.yaml +++ b/charts/cockroach-labs/cockroachdb/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.8-0' catalog.cattle.io/release-name: cockroachdb apiVersion: v1 -appVersion: 23.1.1 +appVersion: 23.1.2 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. home: https://www.cockroachlabs.com icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png @@ -14,4 +14,4 @@ maintainers: name: cockroachdb sources: - https://github.com/cockroachdb/cockroach -version: 11.0.0 +version: 11.0.1 diff --git a/charts/cockroach-labs/cockroachdb/README.md b/charts/cockroach-labs/cockroachdb/README.md index ffaf53ddf..2249e1711 100644 --- a/charts/cockroach-labs/cockroachdb/README.md +++ b/charts/cockroach-labs/cockroachdb/README.md @@ -229,10 +229,10 @@ kubectl get pods \ ``` ``` -my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.1 -my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.1 -my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.1 -my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.1 +my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.2 +my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.2 +my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.2 +my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.2 ``` Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: @@ -287,7 +287,7 @@ Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v21.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html). -Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v23.1.1 release notes](https://www.cockroachlabs.com/docs/releases/v23.1.1.html#backward-incompatible-changes). +Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v23.1.2 release notes](https://www.cockroachlabs.com/docs/releases/v23.1.2.html#backward-incompatible-changes). ## Configuration @@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file. | `conf.store.size` | CockroachDB storage size | `""` | | `conf.store.attrs` | CockroachDB storage attributes | `""` | | `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v23.1.1` | +| `image.tag` | Container image tag | `v23.1.2` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | | `statefulset.replicas` | StatefulSet replicas number | `3` | diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml index f37cca464..f9f53ce6f 100644 --- a/charts/cockroach-labs/cockroachdb/values.yaml +++ b/charts/cockroach-labs/cockroachdb/values.yaml @@ -1,7 +1,7 @@ # Generated file, DO NOT EDIT. Source: build/templates/values.yaml image: repository: cockroachdb/cockroach - tag: v23.1.1 + tag: v23.1.2 pullPolicy: IfNotPresent credentials: {} # registry: docker.io diff --git a/charts/codefresh/cf-runtime/Chart.yaml b/charts/codefresh/cf-runtime/Chart.yaml index 53c020ebd..ab6d5a2e0 100644 --- a/charts/codefresh/cf-runtime/Chart.yaml +++ b/charts/codefresh/cf-runtime/Chart.yaml @@ -15,4 +15,4 @@ maintainers: - name: codefresh url: https://codefresh-io.github.io/ name: cf-runtime -version: 1.0.6 +version: 1.0.7 diff --git a/charts/codefresh/cf-runtime/README.md b/charts/codefresh/cf-runtime/README.md index ee827e8bc..948902ae9 100644 --- a/charts/codefresh/cf-runtime/README.md +++ b/charts/codefresh/cf-runtime/README.md @@ -1,6 +1,6 @@ ## Codefresh Runner -![Version: 1.0.6](https://img.shields.io/badge/Version-1.0.6-informational?style=flat-square) +![Version: 1.0.7](https://img.shields.io/badge/Version-1.0.7-informational?style=flat-square) ## Prerequisites @@ -92,7 +92,7 @@ Kubernetes: `>=1.19.0-0` | re.dindDaemon.tlsverify | bool | `true` | | | re.serviceAccount | object | `{"annotations":{}}` | Set annotation on engine Service Account Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster | | runner.env | object | `{}` | Add additional env vars | -| runner.image | string | `"codefresh/venona:1.9.15"` | Set runner image | +| runner.image | string | `"codefresh/venona:1.9.16"` | Set runner image | | runner.nodeSelector | object | `{}` | Set runner node selector | | runner.resources | object | `{}` | Set runner requests and limits | | runner.tolerations | list | `[]` | Set runner tolerations | @@ -111,7 +111,7 @@ Kubernetes: `>=1.19.0-0` | storage.gcedisk.volumeType | string | `"pd-ssd"` | Set GCP volume backend type (`pd-ssd`/`pd-standard`) | | storage.local.volumeParentDir | string | `"/var/lib/codefresh/dind-volumes"` | Set volume path on the host filesystem | | storage.localVolumeMonitor.env | object | `{}` | | -| storage.localVolumeMonitor.image | string | `"codefresh/dind-volume-utils:1.29.3"` | Set `dind-lv-monitor` image | +| storage.localVolumeMonitor.image | string | `"codefresh/dind-volume-utils:1.29.4"` | Set `dind-lv-monitor` image | | storage.localVolumeMonitor.initContainer.image | string | `"alpine"` | | | storage.localVolumeMonitor.nodeSelector | object | `{}` | | | storage.localVolumeMonitor.resources | object | `{}` | | diff --git a/charts/codefresh/cf-runtime/values.yaml b/charts/codefresh/cf-runtime/values.yaml index dff6b73ca..cf544ac5e 100644 --- a/charts/codefresh/cf-runtime/values.yaml +++ b/charts/codefresh/cf-runtime/values.yaml @@ -27,7 +27,7 @@ dockerRegistry: "quay.io" # @default -- See below runner: # -- Set runner image - image: "codefresh/venona:1.9.15" + image: "codefresh/venona:1.9.16" # -- Add additional env vars env: {} # E.g. @@ -119,7 +119,7 @@ storage: # @default -- See below localVolumeMonitor: # -- Set `dind-lv-monitor` image - image: codefresh/dind-volume-utils:1.29.3 + image: codefresh/dind-volume-utils:1.29.4 initContainer: image: alpine nodeSelector: {} diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 31a8ef6b5..bb85f219a 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,13 @@ # Datadog changelog +## 3.30.9 + +* Pass its pod name to the cluster-agent. This is used by cluster agent 7.46+ to make leader election work when using host network. + +## 3.30.8 + +* Update `fips.image.tag` to `0.5.2` version + ## 3.30.7 * Fix Windows support of `agents.customAgentConfig` to avoid bind mount of a file. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 16898620d..dae1e10f1 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.30.7 +version: 3.30.9 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index 5117443b9..574867858 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.30.7](https://img.shields.io/badge/Version-3.30.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.30.9](https://img.shields.io/badge/Version-3.30.9-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -739,7 +739,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | | -| fips.image.tag | string | `"0.5.0"` | | +| fips.image.tag | string | `"0.5.2"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | | | fips.port | int | `9803` | | | fips.portRange | int | `15` | | diff --git a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml index f14726e23..568a2b473 100644 --- a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml @@ -150,6 +150,10 @@ spec: {{- end }} {{- end }} env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: DD_HEALTH_PORT {{- $healthPort := .Values.clusterAgent.healthPort }} value: {{ $healthPort | quote }} diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index 3a03052a6..ff4277999 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -1173,8 +1173,8 @@ fips: ## fips.image.name -- Define the FIPS sidecar container image name. name: fips-proxy - # agents.image.tag -- Define the FIPS sidecar container version to use. - tag: 0.5.0 + # fips.image.tag -- Define the FIPS sidecar container version to use. + tag: 0.5.2 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index 80204bfb3..3649f1504 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.8.2 +appVersion: v0.8.3 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.8.2 +version: 0.8.3 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index 93e30d898..7d17bccd8 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) External secret management for Kubernetes diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 19354ea31..bf8c7190e 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.8.2 - helm.sh/chart: external-secrets-0.8.2 + app.kubernetes.io/version: v0.8.3 + helm.sh/chart: external-secrets-0.8.3 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -33,7 +33,7 @@ should match snapshot of default values: - --service-namespace=NAMESPACE - --secret-name=RELEASE-NAME-external-secrets-webhook - --secret-namespace=NAMESPACE - image: ghcr.io/external-secrets/external-secrets:v0.8.2 + image: ghcr.io/external-secrets/external-secrets:v0.8.3 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 916c964bd..e969aded0 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.8.2 - helm.sh/chart: external-secrets-0.8.2 + app.kubernetes.io/version: v0.8.3 + helm.sh/chart: external-secrets-0.8.3 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -28,7 +28,7 @@ should match snapshot of default values: containers: - args: - --concurrent=1 - image: ghcr.io/external-secrets/external-secrets:v0.8.2 + image: ghcr.io/external-secrets/external-secrets:v0.8.3 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 7a1c3fef7..4cad17db8 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.8.2 - helm.sh/chart: external-secrets-0.8.2 + app.kubernetes.io/version: v0.8.3 + helm.sh/chart: external-secrets-0.8.3 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -34,7 +34,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.8.2 + image: ghcr.io/external-secrets/external-secrets:v0.8.3 imagePullPolicy: IfNotPresent name: webhook ports: diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index b2c77f144..348cc9787 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,6 +1,29 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file +## [107.59.9] - May 8, 2023 +* Fixed reference of `terminationGracePeriodSeconds` +* **Breaking change** +* Updated the defaults of replicaCount (Values.artifactory.primary.replicaCount and Values.artifactory.node.replicaCount) to support Cloud-Native High Availability. Refer [Cloud-Native High Availability](https://jfrog.com/help/r/jfrog-installation-setup-documentation/cloud-native-high-availability) +* Updated the values of the recommended resources - values-small, values-medium and values-large according to the Cloud-Native HA support. +* **IMPORTANT** +* In the absence of custom parameters for primary.replicaCount and node.replicaCount on your deployment, it is recommended to specify the current values explicitly to prevent any undesired changes to the deployment structure. +* Please be advised that the configuration for resources allocation (requests, limits, javaOpts, affinity rules, etc) will now be applied solely under Values.artifactory.primary when using the new defaults. +* **Upgrade** +* Upgrade from primary-members to primary-only is recommended, and can be done by deploy the chart with the new values. +* During the upgrade, members pods should be deleted and new primary pods should be created. This might trigger the creation of new PVCs. +* Added Support for Cold Artifact Storage as part of the systemYaml configuration (disabled by default) +* Added new binary provider `s3-storage-v3-archive` +* Fixed jfconnect disabling as micro-service on non-splitcontainers + +## [107.58.0] - Mar 23, 2023 +* Updated postgresql multi-arch tag version to `13.10.0-debian-11-r14` +* Removed obselete remove-lost-found initContainer` +* Added env JF_SHARED_NODE_HAENABLED under frontend when running in the container split mode + +## [107.57.0] - Mar 02, 2023 +* Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1793` + ## [107.55.0] - Feb 21, 2023 * Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1760` * Adding a custom preStop to Artifactory router for allowing graceful termination to complete diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index acbfb98dc..2f52bf190 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.55.14 +appVersion: 7.59.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.55.14 +version: 107.59.9 diff --git a/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml b/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml index 1b9bd2c40..7ab2221da 100644 --- a/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml @@ -5,10 +5,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false -# Remove extraEnvironmentVariables 7.45.x onwards - extraEnvironmentVariables: - - name: JF_JFCONNECT_ENABLED - value: "false" replicator: enabled: true ingress: diff --git a/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml b/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml index c786f1029..a4e797188 100644 --- a/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml +++ b/charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml @@ -5,10 +5,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false -# Remove extraEnvironmentVariables 7.45.x onwards - extraEnvironmentVariables: - - name: JF_JFCONNECT_ENABLED - value: "false" replicator: enabled: true ingress: diff --git a/charts/jfrog/artifactory-ha/files/binarystore.xml b/charts/jfrog/artifactory-ha/files/binarystore.xml index 4ee53fc5a..589cc2b57 100644 --- a/charts/jfrog/artifactory-ha/files/binarystore.xml +++ b/charts/jfrog/artifactory-ha/files/binarystore.xml @@ -124,7 +124,7 @@ {{- end }} -{{- if or (eq .Values.artifactory.persistence.type "aws-s3-v3") (eq .Values.artifactory.persistence.type "s3-storage-v3-direct") }} +{{- if or (eq .Values.artifactory.persistence.type "aws-s3-v3") (eq .Values.artifactory.persistence.type "s3-storage-v3-direct") (eq .Values.artifactory.persistence.type "s3-storage-v3-archive") }} {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} @@ -146,6 +146,13 @@ + {{- else if eq .Values.artifactory.persistence.type "s3-storage-v3-archive" }} + + + + + + {{- end }} {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} diff --git a/charts/jfrog/artifactory-ha/templates/NOTES.txt b/charts/jfrog/artifactory-ha/templates/NOTES.txt index ee05f5d20..277364908 100644 --- a/charts/jfrog/artifactory-ha/templates/NOTES.txt +++ b/charts/jfrog/artifactory-ha/templates/NOTES.txt @@ -122,4 +122,14 @@ jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.p {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }} {{- end }} +{{- end }} + + +{{- if ge (.Values.artifactory.node.replicaCount | int) 1 }} +***************************************** WARNING ***************************************************************************** +* Currently member node(s) are enabled, will be depreciated in upcoming releases * +* It is recommended to upgrade from primary-members to primary-only. * +* It can be done by deploying the chart ( >=107.59.x) with the new values. Also, please refer to changelog of 107.59.x chart * +* More Info: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cloud-native-high-availability * +******************************************************************************************************************************* {{- end }} \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/templates/_helpers.tpl b/charts/jfrog/artifactory-ha/templates/_helpers.tpl index 4de10e2f3..96dc48df3 100644 --- a/charts/jfrog/artifactory-ha/templates/_helpers.tpl +++ b/charts/jfrog/artifactory-ha/templates/_helpers.tpl @@ -360,6 +360,9 @@ Resolve requiredServiceTypes value */}} {{- define "artifactory-ha.router.requiredServiceTypes" -}} {{- $requiredTypes := "jfrt,jfac" -}} +{{- if not .Values.access.enabled -}} + {{- $requiredTypes = "jfrt" -}} +{{- end -}} {{- if .Values.observability.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfob" -}} {{- end -}} diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml index 209460ef1..294722e62 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -175,8 +175,6 @@ spec: {{- else }} cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; echo "Copy binarystore.xml file"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory; cp -fv /tmp/etc/artifactory/binarystore.xml {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory/binarystore.xml; @@ -511,6 +509,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name : JF_SHARED_NODE_HAENABLED + value: "true" {{- with .Values.frontend.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} @@ -884,10 +884,10 @@ spec: value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" + - name : JF_JFCONNECT_ENABLED + value: "true" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml index b12ec13e5..eb3eb9faa 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -149,37 +149,6 @@ spec: - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} name: volume {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'bash' - - '-c' - - > - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; - rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found; - rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found; - volumeMounts: - - name: volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if eq .Values.artifactory.persistence.type "file-system" }} - {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} - - name: artifactory-ha-data-{{ $sharedClaimNumber }} - mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}" - {{- end }} - - name: artifactory-ha-backup - mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" - {{- end }} - {{- end }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: "access-bootstrap-creds" image: "{{ .Values.initContainerImage }}" @@ -239,8 +208,6 @@ spec: {{- else }} cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; echo "Copy binarystore.xml file"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory; cp -fv /tmp/etc/artifactory/binarystore.xml {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory/binarystore.xml; @@ -632,6 +599,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name : JF_SHARED_NODE_HAENABLED + value: "true" {{- with .Values.frontend.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} @@ -1017,10 +986,10 @@ spec: value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" + - name : JF_JFCONNECT_ENABLED + value: "true" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} diff --git a/charts/jfrog/artifactory-ha/values-large.yaml b/charts/jfrog/artifactory-ha/values-large.yaml index ec05d2add..4a778bfa6 100644 --- a/charts/jfrog/artifactory-ha/values-large.yaml +++ b/charts/jfrog/artifactory-ha/values-large.yaml @@ -1,5 +1,6 @@ artifactory: primary: + replicaCount: 4 resources: requests: memory: "6Gi" @@ -9,16 +10,4 @@ artifactory: cpu: "8" javaOpts: xms: "6g" - xmx: "8g" - node: - replicaCount: 3 - resources: - requests: - memory: "6Gi" - cpu: "4" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "6g" - xmx: "8g" + xmx: "8g" \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/values-medium.yaml b/charts/jfrog/artifactory-ha/values-medium.yaml index 33879c00b..9f9631815 100644 --- a/charts/jfrog/artifactory-ha/values-medium.yaml +++ b/charts/jfrog/artifactory-ha/values-medium.yaml @@ -1,5 +1,6 @@ artifactory: primary: + replicaCount: 3 resources: requests: memory: "4Gi" @@ -9,16 +10,4 @@ artifactory: cpu: "6" javaOpts: xms: "4g" - xmx: "6g" - node: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "4g" - xmx: "6g" + xmx: "6g" \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/values-small.yaml b/charts/jfrog/artifactory-ha/values-small.yaml index 4babf97cb..cf917efc8 100644 --- a/charts/jfrog/artifactory-ha/values-small.yaml +++ b/charts/jfrog/artifactory-ha/values-small.yaml @@ -1,17 +1,6 @@ artifactory: primary: - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - node: - replicaCount: 1 + replicaCount: 2 resources: requests: memory: "4Gi" diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml index 11db290fe..2b45c5002 100644 --- a/charts/jfrog/artifactory-ha/values.yaml +++ b/charts/jfrog/artifactory-ha/values.yaml @@ -41,7 +41,7 @@ global: ## String to fully override artifactory-ha.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1760 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1793 installer: type: platform: @@ -147,7 +147,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.9.0-debian-11-r11 + tag: 13.10.0-debian-11-r14 postgresqlUsername: artifactory postgresqlPassword: "" postgresqlDatabase: artifactory @@ -202,7 +202,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.1.0.1760 + tag: 9.1.0.1793 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -217,7 +217,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.61.3 + tag: 7.67.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -351,6 +351,11 @@ artifactory: url: "Elasticsearch url where JFrog Insight is installed For example, http://:8082" username: "" password: "" + # Support for Cold Artifact Storage + # set 'coldStorage.enabled' to 'true' only for Artifactory instance that you are designating as the Cold instance + # Refer - https://jfrog.com/help/r/jfrog-platform-administration-documentation/setting-up-cold-artifact-storage + coldStorage: + enabled: false # This directory is intended for use with NFS eventual configuration for HA haDataDir: enabled: false @@ -627,6 +632,10 @@ artifactory: serviceRegistry: insecure: {{ .Values.router.serviceRegistry.insecure }} shared: + {{- if .Values.artifactory.coldStorage.enabled }} + jfrogColdStorage: + coldInstanceEnabled: true + {{- end }} {{- if .Values.artifactory.openMetrics.enabled }} metrics: enabled: true @@ -638,7 +647,7 @@ artifactory: consoleLog: enabled: {{ .Values.artifactory.consoleLog }} extraJavaOpts: > - -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.terminationGracePeriodSeconds 1000 }} + -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }} -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} {{- with .Values.artifactory.primary.javaOpts }} {{- if .corePoolSize }} @@ -746,6 +755,8 @@ artifactory: {{- else }} jfconnect: enabled: false + jfconnect_service: + enabled: false {{- end }} ## IMPORTANT: If overriding artifactory.internalPort: ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! @@ -829,6 +840,7 @@ artifactory: ## google-storage-v2 ## aws-s3-v3 ## s3-storage-v3-direct + ## s3-storage-v3-archive ## azure-blob ## azure-blob-storage-direct type: file-system @@ -1041,7 +1053,7 @@ artifactory: ## Set existingClaim to true or false ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0` existingClaim: false - replicaCount: 1 + replicaCount: 3 # minAvailable: 1 updateStrategy: @@ -1087,7 +1099,7 @@ artifactory: ## Set existingClaim to true or false ## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0` existingClaim: false - replicaCount: 2 + replicaCount: 0 updateStrategy: type: RollingUpdate minAvailable: 1 @@ -1189,6 +1201,7 @@ frontend: periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} access: + enabled: true ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md index 4aa07b2fe..4ebcb1a3c 100644 --- a/charts/jfrog/artifactory-jcr/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.55.14] - Aug 25, 2022 +## [107.59.9] - Aug 25, 2022 * Included event service as mandatory and remove the flag from values.yaml ## [107.41.0] - Jul 22, 2022 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index 661525957..070024ac1 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -4,11 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.55.14 +appVersion: 7.59.9 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.55.14 + version: 107.59.9 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.55.14 +version: 107.59.9 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index 1a78c72de..98f443b85 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,6 +1,20 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. +## [107.59.9] - May 8, 2023 +* Fixed reference of `terminationGracePeriodSeconds` +* Added Support for Cold Artifact Storage as part of the systemYaml configuration (disabled by default) +* Added new binary provider `s3-storage-v3-archive` +* Fixed jfconnect disabling as micro-service on non-splitcontainers + +## [107.58.0] - Mar 23, 2023 +* Updated postgresql multi-arch tag version to `13.10.0-debian-11-r14` +* Removed obselete remove-lost-found initContainer` +* Added env JF_SHARED_NODE_HAENABLED under frontend when running in the container split mode + +## [107.57.0] - Mar 02, 2023 +* Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1793` + ## [107.55.0] - Jan 31, 2023 * Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1760` * Adding a custom preStop to Artifactory router for allowing graceful termination to complete diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index 8980a5e21..20d0ba71e 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.55.14 +appVersion: 7.59.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.55.14 +version: 107.59.9 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml index 994bb0bff..52861f86e 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml @@ -4,10 +4,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false -# Remove extraEnvironmentVariables 7.45.x onwards - extraEnvironmentVariables: - - name: JF_JFCONNECT_ENABLED - value: "false" replicator: enabled: true ingress: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml index fdbdd8919..5c2e4b366 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml @@ -5,10 +5,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false - # Remove extraEnvironmentVariables 7.45.x onwards - extraEnvironmentVariables: - - name: JF_JFCONNECT_ENABLED - value: "false" replicator: enabled: true ingress: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml b/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml index 41e0dbae1..86ab6352a 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml @@ -126,7 +126,7 @@ {{- end }} -{{- if or (eq .Values.artifactory.persistence.type "aws-s3-v3") (eq .Values.artifactory.persistence.type "s3-storage-v3-direct") (eq .Values.artifactory.persistence.type "cluster-s3-storage-v3") }} +{{- if or (eq .Values.artifactory.persistence.type "aws-s3-v3") (eq .Values.artifactory.persistence.type "s3-storage-v3-direct") (eq .Values.artifactory.persistence.type "cluster-s3-storage-v3") (eq .Values.artifactory.persistence.type "s3-storage-v3-archive") }} {{- if eq .Values.artifactory.persistence.type "aws-s3-v3" }} @@ -158,13 +158,22 @@ + {{- else if eq .Values.artifactory.persistence.type "s3-storage-v3-archive" }} + + + + + + {{- end }} + {{- if or (eq .Values.artifactory.persistence.type "aws-s3-v3") (eq .Values.artifactory.persistence.type "s3-storage-v3-direct") (eq .Values.artifactory.persistence.type "cluster-s3-storage-v3") }} {{ .Values.artifactory.persistence.maxCacheSize | int64}} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- end }} {{- if eq .Values.artifactory.persistence.type "cluster-s3-storage-v3" }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl index e6fc4738e..fced68533 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl @@ -308,6 +308,9 @@ Resolve requiredServiceTypes value */}} {{- define "artifactory.router.requiredServiceTypes" -}} {{- $requiredTypes := "jfrt,jfac" -}} +{{- if not .Values.access.enabled -}} + {{- $requiredTypes = "jfrt" -}} +{{- end -}} {{- if .Values.observability.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfob" -}} {{- end -}} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml index 9f9b1c371..81f2ce61f 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml @@ -128,24 +128,6 @@ spec: - name: artifactory-volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- end }} - - name: "remove-lost-found" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - resources: -{{ toYaml .Values.initContainers.resources | indent 10 }} - command: - - 'bash' - - '-c' - - 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found {{ .Values.artifactory.persistence.mountPath }}/data/.lock' - volumeMounts: - - name: artifactory-volume - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" {{- end }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: "access-bootstrap-creds" @@ -205,8 +187,6 @@ spec: {{- else }} cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- end }} - echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found; echo "Copy binarystore.xml file"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory; cp -fv /tmp/etc/artifactory/binarystore.xml {{ .Values.artifactory.persistence.mountPath }}/etc/artifactory/binarystore.xml; @@ -594,6 +574,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + {{- if and (gt (.Values.artifactory.replicaCount | int64) 1) (eq (include "artifactory.isImageProType" .) "true") (eq (include "artifactory.isUsingDerby" .) "false") }} + - name : JF_SHARED_NODE_HAENABLED + value: "true" + {{- end }} {{- with .Values.frontend.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 8 }} {{- end }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml index 752e7f705..7f8863ef7 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override artifactory.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1760 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1793 # Init containers initContainers: resources: @@ -161,7 +161,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.1.0.1760 + tag: 9.1.0.1793 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -176,7 +176,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.61.3 + tag: 7.67.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -327,6 +327,11 @@ artifactory: url: "Elasticsearch url where JFrog Insight is installed For example, http://:8082" username: "" password: "" + # Support for Cold Artifact Storage + # set 'coldStorage.enabled' to 'true' only for Artifactory instance that you are designating as the Cold instance + # Refer - https://jfrog.com/help/r/jfrog-platform-administration-documentation/setting-up-cold-artifact-storage + coldStorage: + enabled: false # This directory is intended for use with NFS eventual configuration for HA haDataDir: enabled: false @@ -598,6 +603,10 @@ artifactory: serviceRegistry: insecure: {{ .Values.router.serviceRegistry.insecure }} shared: + {{- if .Values.artifactory.coldStorage.enabled }} + jfrogColdStorage: + coldInstanceEnabled: true + {{- end }} {{- if .Values.artifactory.openMetrics.enabled }} metrics: enabled: true @@ -609,7 +618,7 @@ artifactory: consoleLog: enabled: {{ .Values.artifactory.consoleLog }} extraJavaOpts: > - -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.terminationGracePeriodSeconds 1000 }} + -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }} -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} {{- with .Values.artifactory.javaOpts }} {{- if .corePoolSize }} @@ -711,6 +720,8 @@ artifactory: {{- else }} jfconnect: enabled: false + jfconnect_service: + enabled: false {{- end }} annotations: {} service: @@ -868,6 +879,7 @@ artifactory: ## aws-s3-v3 ## s3-storage-v3-direct ## cluster-s3-storage-v3 + ## s3-storage-v3-archive ## azure-blob ## azure-blob-storage-direct ## cluster-azure-blob-storage @@ -1059,6 +1071,7 @@ frontend: periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} access: + enabled: true ## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file. ## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates ## When security.tls is set to true, JFrog Access will act as the Certificate Authority (CA) and sign the TLS certificates used by all the different JFrog Platform nodes. @@ -1714,7 +1727,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.9.0-debian-11-r11 + tag: 13.10.0-debian-11-r14 postgresqlUsername: artifactory postgresqlPassword: "" postgresqlDatabase: artifactory diff --git a/charts/jfrog/artifactory-jcr/values.yaml b/charts/jfrog/artifactory-jcr/values.yaml index bbcb2d949..0e7abb51b 100644 --- a/charts/jfrog/artifactory-jcr/values.yaml +++ b/charts/jfrog/artifactory-jcr/values.yaml @@ -67,4 +67,4 @@ postgresql: enabled: true router: image: - tag: 7.61.3 + tag: 7.67.0 diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml index 95391dee2..073556535 100644 --- a/charts/kubecost/cost-analyzer/Chart.yaml +++ b/charts/kubecost/cost-analyzer/Chart.yaml @@ -7,7 +7,7 @@ annotations: catalog.cattle.io/featured: "2" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 -appVersion: 1.103.3 +appVersion: 1.103.4 dependencies: - condition: global.grafana.enabled name: grafana @@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni cloud costs. icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer -version: 1.103.3 +version: 1.103.4 diff --git a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml index 9409aa821..76110e15b 100644 --- a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-binding-template.yaml @@ -1,5 +1,5 @@ {{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt .Values.kubecostDeployment.queryServiceReplicas 0 }} +{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml index 4cc3c2aa4..274e50d4d 100644 --- a/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/query-service-cluster-role-template.yaml @@ -1,5 +1,5 @@ {{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt .Values.kubecostDeployment.queryServiceReplicas 0 }} +{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml index db58d4b78..f32fe7cf8 100644 --- a/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml @@ -1,5 +1,5 @@ {{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt .Values.kubecostDeployment.queryServiceReplicas 0 }} +{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml index cfd33bbcc..b03ed6836 100644 --- a/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/query-service-service-account-template.yaml @@ -1,5 +1,5 @@ {{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt .Values.kubecostDeployment.queryServiceReplicas 0 }} +{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml b/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml index 35f66eb29..b1d8db324 100644 --- a/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/query-service-service-template.yaml @@ -1,5 +1,5 @@ {{- if and (not .Values.agent) (not .Values.cloudAgent) (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) }} -{{- if gt .Values.kubecostDeployment.queryServiceReplicas 0 }} +{{- if gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0 }} kind: Service apiVersion: v1 metadata: diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock index 01b8e5d04..d33ab8456 100644 --- a/charts/new-relic/nri-bundle/Chart.lock +++ b/charts/new-relic/nri-bundle/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: newrelic-infrastructure repository: https://newrelic.github.io/nri-kubernetes - version: 3.17.0 + version: 3.18.0 - name: nri-prometheus repository: https://newrelic.github.io/nri-prometheus version: 2.1.16 @@ -19,7 +19,7 @@ dependencies: version: 4.23.0 - name: nri-kube-events repository: https://newrelic.github.io/nri-kube-events - version: 3.0.0 + version: 3.1.0 - name: newrelic-logging repository: https://newrelic.github.io/helm-charts version: 1.14.1 @@ -28,9 +28,9 @@ dependencies: version: 2.1.0 - name: pixie-operator-chart repository: https://pixie-operator-charts.storage.googleapis.com - version: 0.1.0 + version: 0.1.1 - name: newrelic-infra-operator repository: https://newrelic.github.io/newrelic-infra-operator version: 2.2.0 -digest: sha256:0a1f51c3e283d5a873e74ef4994b8569b6b85a9d46adc7514447d4ce2399146d -generated: "2023-05-16T17:44:36.052686458Z" +digest: sha256:59c20ed37a61cdadda7123c0dc810b094bf93ccff6d9401fdd38c80c0c227fc7 +generated: "2023-05-26T23:54:59.043852795Z" diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml index 17f76d7bf..08033ee71 100644 --- a/charts/new-relic/nri-bundle/Chart.yaml +++ b/charts/new-relic/nri-bundle/Chart.yaml @@ -7,7 +7,7 @@ dependencies: - condition: infrastructure.enabled,newrelic-infrastructure.enabled name: newrelic-infrastructure repository: file://./charts/newrelic-infrastructure - version: 3.17.0 + version: 3.18.0 - condition: prometheus.enabled,nri-prometheus.enabled name: nri-prometheus repository: file://./charts/nri-prometheus @@ -31,7 +31,7 @@ dependencies: - condition: kubeEvents.enabled,nri-kube-events.enabled name: nri-kube-events repository: file://./charts/nri-kube-events - version: 3.0.0 + version: 3.1.0 - condition: logging.enabled,newrelic-logging.enabled name: newrelic-logging repository: file://./charts/newrelic-logging @@ -44,7 +44,7 @@ dependencies: condition: pixie-chart.enabled name: pixie-operator-chart repository: file://./charts/pixie-operator-chart - version: 0.1.0 + version: 0.1.1 - condition: newrelic-infra-operator.enabled name: newrelic-infra-operator repository: file://./charts/newrelic-infra-operator @@ -89,4 +89,4 @@ sources: - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 5.0.15 +version: 5.0.16 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml index a58545954..dcc0e671e 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.12.0 +appVersion: 3.13.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kubernetes/ - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - https://github.com/newrelic/infrastructure-agent/ -version: 3.17.0 +version: 3.18.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml index a725a3a13..31b781fb8 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/templates/kubelet/daemonset.yaml @@ -184,6 +184,8 @@ spec: {{- if include "newrelic.common.privileged" . }} - name: dev mountPath: /dev + - name: host-containerd-socket + mountPath: /run/containerd/containerd.sock - name: host-docker-socket mountPath: /var/run/docker.sock - name: log @@ -209,6 +211,9 @@ spec: - name: dev hostPath: path: /dev + - name: host-containerd-socket + hostPath: + path: /run/containerd/containerd.sock - name: host-docker-socket hostPath: path: /var/run/docker.sock diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml index f62105f99..c61a9eb6d 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml @@ -23,14 +23,14 @@ images: forwarder: registry: "" repository: newrelic/k8s-events-forwarder - tag: 1.41.0 + tag: 1.42.1 pullPolicy: IfNotPresent # -- Image for the New Relic Infrastructure Agent plus integrations. # @default -- See `values.yaml` agent: registry: "" repository: newrelic/infrastructure-bundle - tag: 3.1.8 + tag: 3.2.2 pullPolicy: IfNotPresent # -- Image for the New Relic Kubernetes integration. # @default -- See `values.yaml` diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml index b5548d780..839ae3273 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.0.0 +appVersion: 2.1.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kube-events/ - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events - https://github.com/newrelic/infrastructure-agent/ -version: 3.0.0 +version: 3.1.0 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/templates/clusterrole.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/templates/clusterrole.yaml index c4ac118da..cbfd5d9ce 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/templates/clusterrole.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/templates/clusterrole.yaml @@ -8,16 +8,35 @@ metadata: rules: - apiGroups: - "" + resources: + - events + - namespaces + - nodes + - jobs + - persistentvolumes + - persistentvolumeclaims + - pods + - services + verbs: + - get + - watch + - list +- apiGroups: - apps resources: - - "daemonsets" - - "events" - - "namespaces" - - "nodes" - - "pods" - - "services" + - daemonsets + - deployments verbs: - - "get" - - "watch" - - "list" + - get + - watch + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - watch + - list {{- end -}} diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml index 8b112f0f2..126b87a74 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml @@ -27,7 +27,7 @@ images: agent: registry: repository: newrelic/k8s-events-forwarder - tag: 1.41.0 + tag: 1.42.1 pullPolicy: IfNotPresent # -- The secrets that are needed to pull images from a custom registry. pullSecrets: [] diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml index 7aa7e256f..b60db6c9e 100644 --- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v2 name: pixie-operator-chart type: application -version: 0.1.0 +version: 0.1.1 diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/crds/vizier_crd.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/crds/vizier_crd.yaml index c18745b41..ac46c0f5d 100644 --- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/crds/vizier_crd.yaml +++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/crds/vizier_crd.yaml @@ -162,6 +162,27 @@ spec: description: Resources is the resource requirements for a container. This field cannot be updated once the cluster is created. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/02_catalog.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/02_catalog.yaml index 6220e3563..e7f68804a 100644 --- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/02_catalog.yaml +++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/02_catalog.yaml @@ -3,6 +3,12 @@ kind: CatalogSource metadata: name: pixie-operator-index namespace: {{ .Values.olmOperatorNamespace }} + {{- if .Values.olmCatalogSource.annotations }} + annotations: {{ .Values.olmCatalogSource.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.olmCatalogSource.labels }} + labels: {{ .Values.olmCatalogSource.labels | toYaml | nindent 4 }} + {{- end }} spec: sourceType: grpc image: {{ if .Values.registry }}{{ .Values.registry }}/gcr.io-pixie-oss-pixie-prod-operator-bundle_index:0.0.1{{ else }}gcr.io/pixie-oss/pixie-prod/operator/bundle_index:0.0.1{{ end }} @@ -11,3 +17,21 @@ spec: updateStrategy: registryPoll: interval: 10m + grpcPodConfig: + tolerations: + - key: "kubernetes.io/arch" + operator: "Equal" + value: "amd64" + effect: "NoSchedule" + - key: "kubernetes.io/arch" + operator: "Equal" + value: "amd64" + effect: "NoExecute" + - key: "kubernetes.io/arch" + operator: "Equal" + value: "arm64" + effect: "NoSchedule" + - key: "kubernetes.io/arch" + operator: "Equal" + value: "arm64" + effect: "NoExecute" diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml index 5b61b205b..5f1381043 100644 --- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml +++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml @@ -19,7 +19,7 @@ spec: fieldPath: metadata.namespace - name: PL_VIZIER_NAME value: '{{ .Values.name }}' - image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.1.0 + image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.1.1 name: delete-job restartPolicy: Never serviceAccountName: pl-deleter-service-account diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/values.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/values.yaml index 925043189..d54a6856b 100644 --- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/values.yaml +++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/values.yaml @@ -15,7 +15,12 @@ olmOperatorNamespace: "px-operator" # The bundle channel which OLM should listen to for the Vizier operator bundles. # Should be "stable" for production-versions of the operator, and "test" for release candidates. olmBundleChannel: "stable" - +# Optional annotations and labels for CatalogSource. +olmCatalogSource: + # Optional custom annotations to add to deployed pods managed by CatalogSource object. + annotations: {} + # Optional custom labels to add to deployed pods managed by CatalogSource object. + labels: {} ## Vizier configuration # The name of the Vizier instance deployed to the cluster. name: "pixie" diff --git a/charts/openebs/openebs/Chart.lock b/charts/openebs/openebs/Chart.lock index 3770ff3ab..e1f5b8687 100644 --- a/charts/openebs/openebs/Chart.lock +++ b/charts/openebs/openebs/Chart.lock @@ -13,15 +13,15 @@ dependencies: version: 3.4.0 - name: zfs-localpv repository: https://openebs.github.io/zfs-localpv - version: 2.1.0 + version: 2.2.0 - name: lvm-localpv repository: https://openebs.github.io/lvm-localpv - version: 1.0.1 + version: 1.1.0 - name: nfs-provisioner repository: https://openebs.github.io/dynamic-nfs-provisioner version: 0.10.0 - name: mayastor repository: https://openebs.github.io/mayastor-extensions - version: 2.1.0 -digest: sha256:7a5581f9f69600f76a026edd6057b40b598d989b7e8f4852409ba1f285777392 -generated: "2023-04-26T18:11:53.841045084Z" + version: 2.2.0 +digest: sha256:dccfd161dbdb5a0fcbc66006cc2c9f174a0e614d11bb79d3b52ef884395e57a7 +generated: "2023-05-29T11:58:29.349483874Z" diff --git a/charts/openebs/openebs/Chart.yaml b/charts/openebs/openebs/Chart.yaml index 927e79542..d97727265 100644 --- a/charts/openebs/openebs/Chart.yaml +++ b/charts/openebs/openebs/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: OpenEBS catalog.cattle.io/release-name: openebs apiVersion: v2 -appVersion: 3.6.0 +appVersion: 3.7.0 dependencies: - condition: openebs-ndm.enabled name: openebs-ndm @@ -24,11 +24,11 @@ dependencies: - condition: zfs-localpv.enabled name: zfs-localpv repository: file://./charts/zfs-localpv - version: 2.1.0 + version: 2.2.0 - condition: lvm-localpv.enabled name: lvm-localpv repository: file://./charts/lvm-localpv - version: 1.0.1 + version: 1.1.0 - condition: nfs-provisioner.enabled name: nfs-provisioner repository: file://./charts/nfs-provisioner @@ -36,7 +36,7 @@ dependencies: - condition: mayastor.enabled name: mayastor repository: file://./charts/mayastor - version: 2.1.0 + version: 2.2.0 description: Containerized Attached Storage for Kubernetes home: http://www.openebs.io/ icon: https://raw.githubusercontent.com/cncf/artwork/HEAD/projects/openebs/icon/color/openebs-icon-color.png @@ -58,4 +58,4 @@ maintainers: name: openebs sources: - https://github.com/openebs/openebs -version: 3.6.0 +version: 3.7.0 diff --git a/charts/openebs/openebs/README.md b/charts/openebs/openebs/README.md index f73c5f1bd..1d04b4c73 100644 --- a/charts/openebs/openebs/README.md +++ b/charts/openebs/openebs/README.md @@ -148,7 +148,7 @@ The following table lists the common configurable parameters of the OpenEBS char | `mayastor.etcd.persistence.size` | Set the size of the volume(s) used by the etcd | `""` | | `mayastor.image.registry` | Set the container image registry for the mayastor containers | `"docker.io"` | | `mayastor.image.repo` | Set the container image repository for the mayastor containers | `"openebs"` | -| `mayastor.image.tag` | Set the container image tag for the mayastor containers | `"v2.1.0"` | +| `mayastor.image.tag` | Set the container image tag for the mayastor containers | `"v2.2.0"` | | `mayastor.image.pullPolicy` | Set the container ImagePullPolicy for the mayastor containers | `"Always"` | | `mayastor.csi.image.registry` | Set the container image registry for the Kubernetes CSI sidecar containers | `"registry.k8s.io"` | | `mayastor.csi.image.repo` | Set the container image repository for the Kubernetes CSI sidecar containers | `"sig-storage"` | diff --git a/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml b/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml index 557705b00..2cf72d4d9 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 -appVersion: 1.0.0 +appVersion: 1.1.0 description: CSI Driver for dynamic provisioning of LVM Persistent Local Volumes. -home: http://www.openebs.io/ +home: https://openebs.io/ icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png keywords: - cloud-native-storage @@ -20,4 +20,4 @@ maintainers: name: lvm-localpv sources: - https://github.com/openebs/lvm-localpv -version: 1.0.1 +version: 1.1.0 diff --git a/charts/openebs/openebs/charts/lvm-localpv/README.md b/charts/openebs/openebs/charts/lvm-localpv/README.md index c5f7c699f..2a26b07ab 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/README.md +++ b/charts/openebs/openebs/charts/lvm-localpv/README.md @@ -100,10 +100,10 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene | `lvmPlugin.image.registry`| Registry for openebs-lvm-plugin image| `""`| | `lvmPlugin.image.repository`| Image repository for openebs-lvm-plugin| `openebs/lvm-driver`| | `lvmPlugin.image.pullPolicy`| Image pull policy for openebs-lvm-plugin| `IfNotPresent`| -| `lvmPlugin.image.tag`| Image tag for openebs-lvm-plugin| `1.0.0`| +| `lvmPlugin.image.tag`| Image tag for openebs-lvm-plugin| `1.1.0`| | `lvmPlugin.metricsPort`| The TCP port number used for exposing lvm-metrics | `9500`| | `lvmPlugin.allowedTopologies`| The comma seperated list of allowed node topologies | `kubernetes.io/hostname,`| -| `lvmNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `k8s.gcr.io/`| +| `lvmNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `registry.k8s.io/`| | `lvmNode.driverRegistrar.image.repository`| Image repository for csi-node-driver-registrar| `sig-storage/csi-node-driver-registrar`| | `lvmNode.driverRegistrar.image.pullPolicy`| Image pull policy for csi-node-driver-registrar| `IfNotPresent`| | `lvmNode.driverRegistrar.image.tag`| Image tag for csi-node-driver-registrar| `v2.3.0`| @@ -117,19 +117,19 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene | `lvmNode.nodeSelector`| Nodeselector for lvmnode daemonset pods| `""`| | `lvmNode.tolerations` | lvmnode daemonset's pod toleration values | `""`| | `lvmNode.securityContext` | Security context for lvmnode daemonset container | `""`| -| `lvmController.resizer.image.registry`| Registry for csi-resizer image| `k8s.gcr.io/`| +| `lvmController.resizer.image.registry`| Registry for csi-resizer image| `registry.k8s.io/`| | `lvmController.resizer.image.repository`| Image repository for csi-resizer| `sig-storage/csi-resizer`| | `lvmController.resizer.image.pullPolicy`| Image pull policy for csi-resizer| `IfNotPresent`| | `lvmController.resizer.image.tag`| Image tag for csi-resizer| `v1.2.0`| -| `lvmController.snapshotter.image.registry`| Registry for csi-snapshotter image| `k8s.gcr.io/`| +| `lvmController.snapshotter.image.registry`| Registry for csi-snapshotter image| `registry.k8s.io/`| | `lvmController.snapshotter.image.repository`| Image repository for csi-snapshotter| `sig-storage/csi-snapshotter`| | `lvmController.snapshotter.image.pullPolicy`| Image pull policy for csi-snapshotter| `IfNotPresent`| | `lvmController.snapshotter.image.tag`| Image tag for csi-snapshotter| `v4.0.0`| -| `lvmController.snapshotController.image.registry`| Registry for snapshot-controller image| `k8s.gcr.io/`| +| `lvmController.snapshotController.image.registry`| Registry for snapshot-controller image| `registry.k8s.io/`| | `lvmController.snapshotController.image.repository`| Image repository for snapshot-controller| `sig-storage/snapshot-controller`| | `lvmController.snapshotController.image.pullPolicy`| Image pull policy for snapshot-controller| `IfNotPresent`| | `lvmController.snapshotController.image.tag`| Image tag for snapshot-controller| `v4.0.0`| -| `lvmController.provisioner.image.registry`| Registry for csi-provisioner image| `k8s.gcr.io/`| +| `lvmController.provisioner.image.registry`| Registry for csi-provisioner image| `registry.k8s.io/`| | `lvmController.provisioner.image.repository`| Image repository for csi-provisioner| `sig-storage/csi-provisioner`| | `lvmController.provisioner.image.pullPolicy`| Image pull policy for csi-provisioner| `IfNotPresent`| | `lvmController.provisioner.image.tag`| Image tag for csi-provisioner| `v2.3.0`| diff --git a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml index c6ed0b32a..ea1bff42a 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml @@ -131,6 +131,8 @@ spec: args : - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)" + - "--kube-api-qps={{ .Values.lvmController.kubeClientRateLimiter.qps }}" + - "--kube-api-burst={{ .Values.lvmController.kubeClientRateLimiter.burst }}" volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ diff --git a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml index 3d072b8f6..6aa3eed67 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml @@ -71,6 +71,8 @@ spec: - "--nodeid=$(OPENEBS_NODE_ID)" - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - "--plugin=$(OPENEBS_NODE_DRIVER)" + - "--kube-api-qps={{ .Values.lvmNode.kubeClientRateLimiter.qps }}" + - "--kube-api-burst={{ .Values.lvmNode.kubeClientRateLimiter.burst }}" {{- if .Values.lvmPlugin.ioLimits.enabled }} - "--setiolimits" - "--container-runtime=$(CONTAINER_RUNTIME)" diff --git a/charts/openebs/openebs/charts/lvm-localpv/values.yaml b/charts/openebs/openebs/charts/lvm-localpv/values.yaml index 04461db95..7b6582ca5 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/values.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/values.yaml @@ -2,7 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. release: - version: "1.0.0" + version: "1.1.0" imagePullSecrets: # - name: "image-pull-secret" @@ -23,8 +23,8 @@ lvmNode: name: "csi-node-driver-registrar" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-node-driver-registrar pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -54,6 +54,13 @@ lvmNode: create: true name: lvm-localpv-csi-node-critical logLevel: 5 + # Configure kubernetes client API requests rate. + kubeClientRateLimiter: + # Configure the number of queries per second. + qps: 0 + # Configure the maximum number of queries allowed after + # accounting for rolled over qps from previous seconds. + burst: 0 # lvmController contains the configurables for @@ -67,8 +74,8 @@ lvmController: name: "csi-resizer" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-resizer pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -77,8 +84,8 @@ lvmController: name: "csi-snapshotter" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-snapshotter pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -87,8 +94,8 @@ lvmController: name: "snapshot-controller" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/snapshot-controller pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -97,8 +104,8 @@ lvmController: name: "csi-provisioner" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-provisioner pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -123,6 +130,13 @@ lvmController: priorityClass: create: true name: lvm-localpv-csi-controller-critical + # Configure kubernetes client API requests rate. + kubeClientRateLimiter: + # Configure the number of queries per second. + qps: 0 + # Configure the maximum number of queries allowed after + # accounting for rolled over qps from previous seconds. + burst: 0 # lvmPlugin is the common csi container used by the # controller statefulset and node daemonset @@ -130,12 +144,12 @@ lvmPlugin: name: "openebs-lvm-plugin" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect registry: repository: openebs/lvm-driver pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: 1.0.0 + tag: 1.1.0 ioLimits: enabled: false containerRuntime: containerd diff --git a/charts/openebs/openebs/charts/mayastor/Chart.lock b/charts/openebs/openebs/charts/mayastor/Chart.lock index 8a65bac7f..2d37b2358 100644 --- a/charts/openebs/openebs/charts/mayastor/Chart.lock +++ b/charts/openebs/openebs/charts/mayastor/Chart.lock @@ -9,4 +9,4 @@ dependencies: repository: https://grafana.github.io/helm-charts version: 2.6.4 digest: sha256:3d832d0ef2dd68bda649805711ef21fd5e5fb3841c1c6b9a4200703475cf6c28 -generated: "2023-04-26T16:19:24.221513168Z" +generated: "2023-05-26T18:13:47.037582098Z" diff --git a/charts/openebs/openebs/charts/mayastor/Chart.yaml b/charts/openebs/openebs/charts/mayastor/Chart.yaml index 4ac55c6ee..b483f84da 100644 --- a/charts/openebs/openebs/charts/mayastor/Chart.yaml +++ b/charts/openebs/openebs/charts/mayastor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.1.0 +appVersion: 2.2.0 dependencies: - name: etcd repository: https://charts.bitnami.com/bitnami @@ -15,4 +15,4 @@ dependencies: description: Mayastor Helm chart for Kubernetes name: mayastor type: application -version: 2.1.0 +version: 2.2.0 diff --git a/charts/openebs/openebs/charts/mayastor/doc.yaml b/charts/openebs/openebs/charts/mayastor/doc.yaml index 474bf6db8..e081519f8 100644 --- a/charts/openebs/openebs/charts/mayastor/doc.yaml +++ b/charts/openebs/openebs/charts/mayastor/doc.yaml @@ -8,7 +8,7 @@ repository: name: mayastor chart: name: mayastor - version: 2.1.0 + version: 2.2.0 values: "-- generate from values file --" valuesExample: "-- generate from values file --" prerequisites: diff --git a/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl index 828776fc4..dad53949d 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl +++ b/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl @@ -140,4 +140,70 @@ Usage: {{- define "label_prefix" -}} {{ $product := .Files.Get "product.yaml" | fromYaml }} {{- print $product.domain -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +<<<<<<< HEAD + +{{/* +Creates the tolerations based on the global and component wise tolerations, with early eviction +Usage: +{{ include "tolerations_with_early_eviction" (dict "template" . "localTolerations" .Values.path.to.local.tolerations) }} +*/}} +{{- define "tolerations_with_early_eviction" -}} +{{- toYaml .template.Values.earlyEvictionTolerations | nindent 8 }} +{{- if .localTolerations }} + {{- toYaml .localTolerations | nindent 8 }} +{{- else if .template.Values.tolerations }} + {{- toYaml .template.Values.tolerations | nindent 8 }} +{{- end }} +{{- end }} + + +{{/* +Creates the tolerations based on the global and component wise tolerations +Usage: +{{ include "tolerations" (dict "template" . "localTolerations" .Values.path.to.local.tolerations) }} +*/}} +{{- define "tolerations" -}} +{{- if .localTolerations }} + {{- toYaml .localTolerations | nindent 8 }} +{{- else if .template.Values.tolerations }} + {{- toYaml .template.Values.tolerations | nindent 8 }} +{{- end }} +{{- end }} + +{{/* +Generates the priority class name, with the given `template` and the `localPriorityClass` +Usage: +{{ include "priority_class" (dict "template" . "localPriorityClass" .Values.path.to.local.priorityClassName) }} +*/}} +{{- define "priority_class" -}} + {{- if typeIs "string" .localPriorityClass }} + {{- if .localPriorityClass -}} + {{ printf "%s" .localPriorityClass -}} + {{- else if .template.Values.priorityClassName -}} + {{ printf "%s" .template.Values.priorityClassName -}} + {{- else -}} + {{ printf "" -}} + {{- end -}} + {{- end -}} +{{- end -}} + + +{{/* +Generates the priority class name, with the given `template` and the `localPriorityClass`, sets to mayastor default priority class +if both are empty +Usage: +{{ include "priority_class_with_default" (dict "template" . "localPriorityClass" .Values.path.to.local.priorityClassName) }} +*/}} +{{- define "priority_class_with_default" -}} + {{- if typeIs "string" .localPriorityClass }} + {{- if .localPriorityClass -}} + {{ printf "%s" .localPriorityClass -}} + {{- else if .template.Values.priorityClassName -}} + {{ printf "%s" .template.Values.priorityClassName -}} + {{- else -}} + {{ printf "%s-cluster-critical" .template.Release.Name -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml index 3e22c2ae0..05f7e8f60 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml @@ -25,11 +25,15 @@ spec: {{- include "base_pull_secrets" . }} initContainers: {{- include "base_init_core_containers" . }} - priorityClassName: {{ default "system-cluster-critical" .Values.priorityClassName }} + {{- if $pcName := include "priority_class_with_default" (dict "template" . "localPriorityClass" .Values.agents.core.priorityClassName) }} + priorityClassName: {{ $pcName }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} - tolerations: {{- toYaml .Values.earlyEvictionTolerations | nindent 8}} + {{- if $tolerations := include "tolerations_with_early_eviction" (dict "template" . "localTolerations" .Values.agents.core.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} containers: - name: agent-core resources: @@ -49,7 +53,8 @@ spec: - "--grpc-server-addr=0.0.0.0:50051" - "--pool-commitment={{ .Values.agents.core.capacity.thin.poolCommitment }}" - "--volume-commitment-initial={{ .Values.agents.core.capacity.thin.volumeCommitmentInitial }}" - - "--volume-commitment={{ .Values.agents.core.capacity.thin.volumeCommitment }}" + - "--volume-commitment={{ .Values.agents.core.capacity.thin.volumeCommitment }}"{{ if .Values.agents.core.partialRebuildWaitPeriod }} + - "--faulted-child-wait-period={{ .Values.agents.core.partialRebuildWaitPeriod }}"{{ end }} ports: - containerPort: 50051 env: diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml index a9c39c6d3..3b1d550eb 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml @@ -31,8 +31,8 @@ spec: {{- include "base_init_ha_node_containers" . }} imagePullSecrets: {{- include "base_pull_secrets" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $pcName := include "priority_class" (dict "template" . "localPriorityClass" .Values.agents.ha.node.priorityClassName) }} + priorityClassName: {{ $pcName }} {{- end }} nodeSelector: {{- if .Values.nodeSelector }} @@ -43,6 +43,9 @@ spec: {{ $key }}: {{ $val }} {{- end }} {{- end }} + {{- if $tolerations := include "tolerations" (dict "template" . "localTolerations" .Values.agents.ha.node.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} containers: - name: agent-ha-node image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-node:{{ default .Values.image.tag .Values.image.repoTags.controlPlane }}" diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml index bebfd0cc9..6e360ec23 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml @@ -24,11 +24,15 @@ spec: {{- include "base_pull_secrets" . }} initContainers: {{- include "base_init_containers" . }} - priorityClassName: {{ default "system-cluster-critical" .Values.priorityClassName }} + {{- if $pcName := include "priority_class_with_default" (dict "template" . "localPriorityClass" .Values.apis.rest.priorityClassName) }} + priorityClassName: {{ $pcName }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} - tolerations: {{- toYaml .Values.earlyEvictionTolerations | nindent 8 }} + {{- if $tolerations := include "tolerations_with_early_eviction" (dict "template" . "localTolerations" .Values.apis.rest.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} containers: - name: api-rest resources: diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml index 052823923..cc4975298 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml @@ -28,12 +28,15 @@ spec: initContainers: {{- include "jaeger_agent_init_container" . }} {{- include "rest_agent_init_container" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $pcName := include "priority_class" (dict "template" . "localPriorityClass" .Values.csi.controller.priorityClassName) }} + priorityClassName: {{ $pcName }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} + {{- if $tolerations := include "tolerations" (dict "template" . "localTolerations" .Values.csi.controller.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} containers: - name: csi-provisioner image: "{{ .Values.csi.image.registry }}/{{ .Values.csi.image.repo }}/csi-provisioner:{{ .Values.csi.image.provisionerTag }}" @@ -43,6 +46,7 @@ spec: - "--feature-gates=Topology=true" - "--strict-topology=false" - "--default-fstype=ext4" + - "--extra-create-metadata" # This is needed for volume group feature to work env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml index 31e2eb40a..71e33986d 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml @@ -31,8 +31,8 @@ spec: hostNetwork: true imagePullSecrets: {{- include "base_pull_secrets" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $pcName := include "priority_class" (dict "template" . "localPriorityClass" .Values.csi.node.priorityClassName) }} + priorityClassName: {{ $pcName }} {{- end }} nodeSelector: {{- if .Values.nodeSelector }} @@ -43,6 +43,9 @@ spec: {{ $key }}: {{ $val }} {{- end }} {{- end }} + {{- if $tolerations := include "tolerations" (dict "template" . "localTolerations" .Values.csi.node.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} # NOTE: Each container must have mem/cpu limits defined in order to # belong to Guaranteed QoS class, hence can never get evicted in case of # pressure unless they exceed those limits. limits and requests must be diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml index 64a7b0f1f..f9c3d129c 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml @@ -28,8 +28,11 @@ spec: # To resolve services in the namespace dnsPolicy: ClusterFirstWithHostNet nodeSelector: {{- .Values.io_engine.nodeSelector | toYaml | nindent 8 }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $pcName := include "priority_class" (dict "template" . "localPriorityClass" .Values.io_engine.priorityClassName) }} + priorityClassName: {{ $pcName }} + {{- end }} + {{- if $tolerations := include "tolerations" (dict "template" . "localTolerations" .Values.io_engine.tolerations) }} + tolerations: {{ $tolerations }} {{- end }} initContainers: {{- include "base_init_containers" . }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml index 996b2b89b..a04f1de36 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml @@ -23,12 +23,15 @@ spec: serviceAccount: {{ .Release.Name }}-service-account imagePullSecrets: {{- include "base_pull_secrets" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $pcName := include "priority_class" (dict "template" . "localPriorityClass" .Values.obs.callhome.priorityClassName) }} + priorityClassName: {{ $pcName }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} + {{- if $tolerations := include "tolerations" (dict "template" . "localTolerations" .Values.obs.callhome.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} containers: - name: obs-callhome image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-obs-callhome:{{ default .Values.image.tag .Values.image.repoTags.extensions }}" diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml index 53023fb5e..5dc16a06f 100644 --- a/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml @@ -25,12 +25,15 @@ spec: {{- include "base_pull_secrets" . }} initContainers: {{- include "base_init_containers" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if $pcName := include "priority_class" (dict "template" . "localPriorityClass" .Values.operators.pool.priorityClassName) }} + priorityClassName: {{ $pcName }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} + {{- if $tolerations := include "tolerations" (dict "template" . "localTolerations" .Values.operators.pool.tolerations) }} + tolerations: {{ $tolerations }} + {{- end }} containers: - name: operator-diskpool resources: diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/priority-class/priority-class.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/priority-class/priority-class.yaml new file mode 100644 index 000000000..22f390902 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/priority-class/priority-class.yaml @@ -0,0 +1,7 @@ +apiVersion: scheduling.k8s.io/v1 +description: Used for critical pods that must run in the cluster, which can be moved to another node if necessary. +kind: PriorityClass +metadata: + name: {{ .Release.Name }}-cluster-critical +preemptionPolicy: PreemptLowerPriority +value: 1000000000 diff --git a/charts/openebs/openebs/charts/mayastor/values.yaml b/charts/openebs/openebs/charts/mayastor/values.yaml index 9795f82d3..238a79902 100644 --- a/charts/openebs/openebs/charts/mayastor/values.yaml +++ b/charts/openebs/openebs/charts/mayastor/values.yaml @@ -4,7 +4,7 @@ image: # -- Image registry's namespace repo: openebs # -- Release tag for our images - tag: v2.1.0 + tag: v2.2.0 repoTags: # Note: Below image tag configuration is optional and typically should never be # used. Setting specific image tags for the different repositories proves useful @@ -25,8 +25,10 @@ image: nodeSelector: kubernetes.io/arch: amd64 -# -- Pod scheduling priority -# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +# -- Pod scheduling priority. +# Setting this value will apply to all components except the external Chart dependencies. +# If any component has `priorityClassName` set, then this value would be overridden for that component. +# For external components like etcd, jaeger or loki-stack, PriorityClass can only be set at component level. priorityClassName: "" earlyEvictionTolerations: @@ -39,6 +41,11 @@ earlyEvictionTolerations: operator: Exists tolerationSeconds: 5 +# -- Tolerations to be applied to all components except external Chart dependencies. +# If any component has tolerations set, then it would override this value. +# For external components like etcd, jaeger and loki-stack, tolerations can only be set at component level. +tolerations: [] + base: # -- Request timeout for rest & core agents default_req_timeout: 5s @@ -115,6 +122,10 @@ operators: cpu: "50m" # -- Memory requests for diskpool operator memory: "16Mi" + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global + priorityClassName: "" jaeger-operator: # Name of jaeger operator @@ -128,6 +139,8 @@ jaeger-operator: rbac: # Create a clusterRole for Jaeger clusterRole: true + tolerations: [] + priorityClassName: "" agents: core: @@ -158,6 +171,17 @@ agents: cpu: "500m" # -- Memory requests for core agents memory: "32Mi" + # -- If a faulted replica comes back online within this time period then it will be + # rebuilt using the partial rebuild capability (using a log of missed IO), hence a bit + # faster depending on the log size. Otherwise, the replica will be fully rebuilt. + # A blank value "" means internally derived value will be used. + partialRebuildWaitPeriod: "" + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global. + # If both local and global are not set, the final deployment manifest has a mayastor custom critical priority class assigned to the pod by default. + # Refer the `templates/_helpers.tpl` and `templates/mayastor/agents/core/agent-core-deployment.yaml` for more details. + priorityClassName: "" ha: enabled: true node: @@ -174,6 +198,10 @@ agents: cpu: "100m" # -- Memory requests for ha node agent memory: "64Mi" + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global + priorityClassName: "" cluster: # -- Log level for the ha cluster service logLevel: info @@ -216,6 +244,12 @@ apis: http: 30011 # NodePort associated with https port https: 30010 + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global. + # If both local and global are not set, the final deployment manifest has a mayastor custom critical priority class assigned to the pod by default. + # Refer the `templates/_helpers.tpl` and `templates/mayastor/apis/rest/api-rest-deployment.yaml` for more details. + priorityClassName: "" csi: image: @@ -246,6 +280,10 @@ csi: cpu: "16m" # -- Memory requests for csi controller memory: "64Mi" + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global + priorityClassName: "" node: logLevel: info topology: @@ -275,6 +313,10 @@ csi: kubeletDir: /var/lib/kubelet pluginMounthPath: /csi socketPath: csi.sock + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global + priorityClassName: "" io_engine: # -- Log level for the io-engine service @@ -317,6 +359,10 @@ io_engine: memory: "1Gi" # -- Hugepage size available on the nodes hugepages2Mi: "2Gi" + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global + priorityClassName: "" etcd: # Pod labels; okay to remove the openebs logging label if required @@ -403,6 +449,8 @@ etcd: # Port from where etcd endpoints are accessible from outside cluster clientPort: 31379 peerPort: "" + tolerations: [] + priorityClassName: "" loki-stack: # -- Enable loki log collection for our components @@ -476,6 +524,8 @@ loki-stack: port: 3100 # Port where REST endpoints of Loki are accessible from outside cluster nodePort: 31001 + tolerations: [] + priorityClassName: "" # promtail configuration promtail: @@ -487,6 +537,7 @@ loki-stack: enabled: true # -- Disallow promtail from running on the master node tolerations: [] + priorityClassName: "" config: # -- The Loki address to post logs to lokiAddress: http://{{ .Release.Name }}-loki:3100/loki/api/v1/push @@ -549,3 +600,7 @@ obs: cpu: "50m" # -- Memory requests for callhome memory: "16Mi" + # -- Set tolerations, overrides global + tolerations: [] + # -- Set PriorityClass, overrides global + priorityClassName: "" diff --git a/charts/openebs/openebs/charts/zfs-localpv/Chart.yaml b/charts/openebs/openebs/charts/zfs-localpv/Chart.yaml index a78d2e4e3..a171819be 100644 --- a/charts/openebs/openebs/charts/zfs-localpv/Chart.yaml +++ b/charts/openebs/openebs/charts/zfs-localpv/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 2.1.0 +appVersion: 2.2.0 description: Helm chart for CSI Driver for dynamic provisioning of ZFS Persistent Local Volumes. For instructions on how to use this helm chart, see - https://openebs.github.io/zfs-localpv/ -home: http://www.openebs.io/ +home: https://openebs.io/ icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png keywords: - cloud-native-storage @@ -21,4 +21,4 @@ maintainers: name: zfs-localpv sources: - https://github.com/openebs/zfs-localpv -version: 2.1.0 +version: 2.2.0 diff --git a/charts/openebs/openebs/charts/zfs-localpv/README.md b/charts/openebs/openebs/charts/zfs-localpv/README.md index 7bbbdcf9a..076e8e1a3 100644 --- a/charts/openebs/openebs/charts/zfs-localpv/README.md +++ b/charts/openebs/openebs/charts/zfs-localpv/README.md @@ -78,9 +78,9 @@ The following table lists the configurable parameters of the OpenEBS ZFS Localpv | `zfsPlugin.image.registry`| Registry for openebs-zfs-plugin image| `""`| | `zfsPlugin.image.repository`| Image repository for openebs-zfs-plugin| `openebs/zfs-driver`| | `zfsPlugin.image.pullPolicy`| Image pull policy for openebs-zfs-plugin| `IfNotPresent`| -| `zfsPlugin.image.tag`| Image tag for openebs-zfs-plugin| `2.1.0`| +| `zfsPlugin.image.tag`| Image tag for openebs-zfs-plugin| `2.2.0`| | `zfsNode.allowedTopologyKeys`| Custom topology keys required for provisioning| `"kubernetes.io/hostname,"`| -| `zfsNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `k8s.gcr.io/`| +| `zfsNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `registry.k8s.io/`| | `zfsNode.driverRegistrar.image.repository`| Image repository for csi-node-driver-registrar| `sig-storage/csi-node-driver-registrar`| | `zfsNode.driverRegistrar.image.pullPolicy`| Image pull policy for csi-node-driver-registrar| `IfNotPresent`| | `zfsNode.driverRegistrar.image.tag`| Image tag for csi-node-driver-registrar| `v2.3.0`| @@ -94,19 +94,19 @@ The following table lists the configurable parameters of the OpenEBS ZFS Localpv | `zfsNode.nodeSelector`| Nodeselector for zfsnode daemonset pods| `""`| | `zfsNode.tolerations` | zfsnode daemonset's pod toleration values | `""`| | `zfsNode.securityContext` | Seurity context for zfsnode daemonset container | `""`| -| `zfsController.resizer.image.registry`| Registry for csi-resizer image| `k8s.gcr.io/`| +| `zfsController.resizer.image.registry`| Registry for csi-resizer image| `registry.k8s.io/`| | `zfsController.resizer.image.repository`| Image repository for csi-resizer| `sig-storage/csi-resizer`| | `zfsController.resizer.image.pullPolicy`| Image pull policy for csi-resizer| `IfNotPresent`| | `zfsController.resizer.image.tag`| Image tag for csi-resizer| `v1.2.0`| -| `zfsController.snapshotter.image.registry`| Registry for csi-snapshotter image| `k8s.gcr.io/`| +| `zfsController.snapshotter.image.registry`| Registry for csi-snapshotter image| `registry.k8s.io/`| | `zfsController.snapshotter.image.repository`| Image repository for csi-snapshotter| `sig-storage/csi-snapshotter`| | `zfsController.snapshotter.image.pullPolicy`| Image pull policy for csi-snapshotter| `IfNotPresent`| | `zfsController.snapshotter.image.tag`| Image tag for csi-snapshotter| `v4.0.0`| -| `zfsController.snapshotController.image.registry`| Registry for snapshot-controller image| `k8s.gcr.io/`| +| `zfsController.snapshotController.image.registry`| Registry for snapshot-controller image| `registry.k8s.io/`| | `zfsController.snapshotController.image.repository`| Image repository for snapshot-controller| `sig-storage/snapshot-controller`| | `zfsController.snapshotController.image.pullPolicy`| Image pull policy for snapshot-controller| `IfNotPresent`| | `zfsController.snapshotController.image.tag`| Image tag for snapshot-controller| `v4.0.0`| -| `zfsController.provisioner.image.registry`| Registry for csi-provisioner image| `k8s.gcr.io/`| +| `zfsController.provisioner.image.registry`| Registry for csi-provisioner image| `registry.k8s.io/`| | `zfsController.provisioner.image.repository`| Image repository for csi-provisioner| `sig-storage/csi-provisioner`| | `zfsController.provisioner.image.pullPolicy`| Image pull policy for csi-provisioner| `IfNotPresent`| | `zfsController.provisioner.image.tag`| Image tag for csi-provisioner| `v3.0.0`| diff --git a/charts/openebs/openebs/charts/zfs-localpv/values.yaml b/charts/openebs/openebs/charts/zfs-localpv/values.yaml index 182fbf9d0..0445e2855 100644 --- a/charts/openebs/openebs/charts/zfs-localpv/values.yaml +++ b/charts/openebs/openebs/charts/zfs-localpv/values.yaml @@ -2,7 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. release: - version: "2.1.0" + version: "2.2.0" imagePullSecrets: # - name: "image-pull-secret" @@ -24,8 +24,8 @@ zfsNode: name: "csi-node-driver-registrar" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-node-driver-registrar pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -70,8 +70,8 @@ zfsController: name: "csi-resizer" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-resizer pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -80,8 +80,8 @@ zfsController: name: "csi-snapshotter" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-snapshotter pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -90,8 +90,8 @@ zfsController: name: "snapshot-controller" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/snapshot-controller pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -100,8 +100,8 @@ zfsController: name: "csi-provisioner" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect - registry: k8s.gcr.io/ + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect + registry: registry.k8s.io/ repository: sig-storage/csi-provisioner pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. @@ -134,12 +134,12 @@ zfsPlugin: name: "openebs-zfs-plugin" image: # Make sure that registry name end with a '/'. - # For example : k8s.gcr.io/ is a correct value here and quay.io is incorrect + # For example : registry.k8s.io/ is a correct value here and quay.io is incorrect registry: repository: openebs/zfs-driver pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: 2.1.0 + tag: 2.2.0 role: openebs-zfs diff --git a/charts/openebs/openebs/values.yaml b/charts/openebs/openebs/values.yaml index cd2eaf053..9b1458e55 100644 --- a/charts/openebs/openebs/values.yaml +++ b/charts/openebs/openebs/values.yaml @@ -404,7 +404,7 @@ mayastor: # Sample configuration, if you want to configure mayastor with custom values. # This is a small part of the full configuration. Full configuration available - # here - https://github.com/openebs/mayastor-extensions/blob/v2.1.0/chart/values.yaml + # here - https://github.com/openebs/mayastor-extensions/blob/v2.2.0/chart/values.yaml image: # -- Image registry to pull Mayastor product images @@ -412,7 +412,7 @@ mayastor: # -- Image registry's namespace repo: openebs # -- Release tag for Mayastor images - tag: v2.1.0 + tag: v2.2.0 # -- ImagePullPolicy for Mayastor images pullPolicy: IfNotPresent @@ -859,7 +859,7 @@ zfs-localpv: # registry: quay.io/ # repository: openebs/zfs-driver # pullPolicy: IfNotPresent -# tag: 2.1.0 +# tag: 2.2.0 # lvm local pv configuration goes here # ref - https://openebs.github.io/lvm-localpv @@ -880,7 +880,7 @@ lvm-localpv: # registry: quay.io/ # repository: openebs/lvm-driver # pullPolicy: IfNotPresent -# tag: 1.0.0 +# tag: 1.1.0 # openebs nfs provisioner configuration goes here # ref - https://openebs.github.io/dynamic-nfs-provisioner diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 144f5a0cb..4cd97da41 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: console repository: https://charts.redpanda.com - version: 0.5.8 -digest: sha256:927fea24d34b7b424a793d7237c506dfa0fd44e892e2a8a45e0f27985d0a8f55 -generated: "2023-04-11T20:23:36.024137-04:00" + version: 0.6.4 +digest: sha256:2d1ac97b8066aedf79fbefc8064088743a9500b6f0dc43711b47207df117d74f +generated: "2023-05-26T18:23:06.258117179Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index a9a203758..7065f2230 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -31,4 +31,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.22 +version: 4.0.26 diff --git a/charts/redpanda/redpanda/charts/console/Chart.yaml b/charts/redpanda/redpanda/charts/console/Chart.yaml index d09cd8fe4..a6e9f8639 100644 --- a/charts/redpanda/redpanda/charts/console/Chart.yaml +++ b/charts/redpanda/redpanda/charts/console/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/vectorized/console:v2.1.1 + image: docker.redpanda.com/redpandadata/console:v2.2.3 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Documentation @@ -9,7 +9,7 @@ annotations: - name: "Helm (>= 3.6.0)" url: https://helm.sh/docs/intro/install/ apiVersion: v2 -appVersion: v2.2.0 +appVersion: v2.2.4 description: Helm chart to deploy Redpanda Console. icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg maintainers: @@ -19,4 +19,4 @@ name: console sources: - https://github.com/redpanda-data/helm-charts type: application -version: 0.5.8 +version: 0.6.4 diff --git a/charts/redpanda/redpanda/charts/console/templates/deployment.yaml b/charts/redpanda/redpanda/charts/console/templates/deployment.yaml index 377a84a7b..bc0a1234f 100644 --- a/charts/redpanda/redpanda/charts/console/templates/deployment.yaml +++ b/charts/redpanda/redpanda/charts/console/templates/deployment.yaml @@ -14,10 +14,11 @@ spec: {{- include "console.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: - {{- toYaml . | nindent 8 }} - {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "console.selectorLabels" . | nindent 8 }} {{- with .Values.podLabels }}{{ toYaml . | nindent 8 }}{{ end }} @@ -256,6 +257,11 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: {{ .Values.priorityClassName }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/redpanda/redpanda/charts/console/templates/secret.yaml b/charts/redpanda/redpanda/charts/console/templates/secret.yaml index ce0d13762..701c5dbe7 100644 --- a/charts/redpanda/redpanda/charts/console/templates/secret.yaml +++ b/charts/redpanda/redpanda/charts/console/templates/secret.yaml @@ -22,7 +22,7 @@ data: kafka-schemaregistry-tls-key: {{ .Values.secret.kafka.schemaRegistryTlsKey | default "" | b64enc | quote }} # Login - login-jwt-secret: {{ randAlphaNum 32 | b64enc | quote }} + login-jwt-secret: {{ .Values.secret.login.jwtSecret | default (randAlphaNum 32) | b64enc | quote }} login-google-oauth-client-secret: {{ .Values.secret.login.google.clientSecret | default "" | b64enc | quote }} login-google-groups-service-account.json: {{ .Values.secret.login.google.groupsServiceAccount | default "" | b64enc | quote }} login-github-oauth-client-secret: {{ .Values.secret.login.github.clientSecret | default "" | b64enc | quote }} diff --git a/charts/redpanda/redpanda/charts/console/templates/tests/test-connection.yaml b/charts/redpanda/redpanda/charts/console/templates/tests/test-connection.yaml index 1283ecc02..36b266778 100644 --- a/charts/redpanda/redpanda/charts/console/templates/tests/test-connection.yaml +++ b/charts/redpanda/redpanda/charts/console/templates/tests/test-connection.yaml @@ -7,9 +7,13 @@ metadata: annotations: "helm.sh/hook": test spec: +{{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} +{{- end }} containers: - name: wget image: busybox command: ['wget'] args: ['{{ include "console.fullname" . }}:{{ .Values.service.port }}'] restartPolicy: Never + priorityClassName: {{ .Values.priorityClassName }} diff --git a/charts/redpanda/redpanda/charts/console/values.schema.json b/charts/redpanda/redpanda/charts/console/values.schema.json index c74f90ba8..ede5ff658 100644 --- a/charts/redpanda/redpanda/charts/console/values.schema.json +++ b/charts/redpanda/redpanda/charts/console/values.schema.json @@ -34,12 +34,7 @@ } }, "console": { - "type": "object", - "properties": { - "config": { - "type": "object" - } - } + "type": "object" }, "deployment": { "type": "object", @@ -214,6 +209,9 @@ "login": { "type": "object", "properties": { + "jwtSecret": { + "type": "string" + }, "github": { "type": "object" }, diff --git a/charts/redpanda/redpanda/charts/console/values.yaml b/charts/redpanda/redpanda/charts/console/values.yaml index 932c25894..9b055eca5 100644 --- a/charts/redpanda/redpanda/charts/console/values.yaml +++ b/charts/redpanda/redpanda/charts/console/values.yaml @@ -8,7 +8,7 @@ replicaCount: 1 image: registry: docker.redpanda.com # -- Docker repository from which to pull the Redpanda Docker image. - repository: vectorized/console + repository: redpandadata/console # -- The imagePullPolicy. pullPolicy: IfNotPresent # -- The Redpanda Console version. @@ -18,7 +18,10 @@ image: # @default -- `Chart.appVersion` tag: "" +# -- Pull secrets may be used to provide credentials to image repositories +# See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] + # -- Override `console.name` template. nameOverride: "" # -- Override `console.fullname` template. @@ -99,6 +102,13 @@ tolerations: [] affinity: {} +topologySpreadConstraints: {} + +# -- PriorityClassName given to Pods. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). +priorityClassName: "" + console: # -- Settings for the `Config.yaml` (required). # For a reference of configuration settings, @@ -170,6 +180,8 @@ secret: # Enterprise version secrets # - SSO secrets (Enterprise version). login: + # Configurable JWT value + jwtSecret: "" google: {} # clientSecret: # groupsServiceAccount: diff --git a/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml b/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml index fece78e6e..dd90ef1cb 100644 --- a/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml +++ b/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml @@ -18,4 +18,16 @@ auth: sasl: enabled: true secretRef: "some-users" - users: [] + users: + - name: admin + password: badpassword + mechanism: SCRAM-SHA-512 + - name: user1 + password: pass1word + mechanism: SCRAM-SHA-512 + - name: someuser + password: ABC123r + mechanism: SCRAM-SHA-512 + - name: anotherme + password: blah2784a + mechanism: SCRAM-SHA-512 diff --git a/charts/redpanda/redpanda/templates/_example-commands.tpl b/charts/redpanda/redpanda/templates/_example-commands.tpl index 30f0a6fd7..5913b068f 100644 --- a/charts/redpanda/redpanda/templates/_example-commands.tpl +++ b/charts/redpanda/redpanda/templates/_example-commands.tpl @@ -23,7 +23,7 @@ and tested in a test. {{/* tested in tests/test-kafka-sasl-status.yaml */}} {{- define "rpk-acl-user-create" -}} -{{ .rpk }} acl user create myuser --new-password changeme --mechanism {{ include "sasl-mechanism" . }} {{ include "rpk-flags-no-sasl" . }} +{{ .rpk }} acl user create myuser --new-password changeme --mechanism {{ include "sasl-mechanism" . }} {{ include "rpk-acl-user-flags" . }} {{- end -}} {{/* tested in tests/test-kafka-sasl-status.yaml */}} diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index 319e58be3..61bd1b76a 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -105,6 +105,14 @@ Generate configuration needed for rpk {{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} {{- end -}} +{{- define "admin-external-tls-enabled" -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" (include "admin-internal-tls-enabled" . | fromJson).bool .listener) (not (empty (include "admin-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "admin-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.admin.tls.cert .listener -}} +{{- end -}} + {{- define "kafka-internal-tls-enabled" -}} {{- $listener := .Values.listeners.kafka -}} {{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} @@ -351,8 +359,12 @@ than 1 core. {{- end -}} {{- end -}} -{{- define "api-urls" -}} -{{ include "redpanda.internal.domain" .}}:{{ .Values.listeners.admin.port }} +{{- define "admin-api-urls" -}} +{{ printf "${SERVICE_NAME}.%s" (include "redpanda.internal.domain" .) }}:{{.Values.listeners.admin.port }} +{{- end -}} + +{{- define "admin-api-service-url" -}} +{{ include "redpanda.internal.domain" .}}:{{.Values.listeners.admin.port }} {{- end -}} {{- define "sasl-mechanism" -}} @@ -362,7 +374,7 @@ than 1 core. {{- define "rpk-flags" -}} {{- $root := . -}} {{- $admin := list -}} - {{- $admin = concat $admin (list "--api-urls" (include "api-urls" . )) -}} + {{- $admin = concat $admin (list "--api-urls" (include "admin-api-urls" . )) -}} {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} {{- $admin = concat $admin (list "--admin-api-tls-enabled" @@ -415,6 +427,34 @@ than 1 core. {{ join " " (list $flags.brokers $flags.admin $flags.kafka)}} {{- end -}} +{{- define "rpk-flags-no-brokers-no-sasl" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ $flags.admin }} +{{- end -}} + +{{- define "rpk-acl-user-flags" }} +{{- $root := . -}} +{{- $admin := list -}} + {{- $apiUrls := list -}} + {{- range $i := untilStep 0 (.Values.statefulset.replicas|int) 1 -}} + {{- $apiUrls = concat $apiUrls (list (printf "%s-%d.%s:%d" + (include "redpanda.fullname" $root) + $i + (include "redpanda.internal.domain" $root) + (int $root.Values.listeners.admin.port))) + -}} + {{- end -}} + {{- $admin = concat $admin (list "--api-urls" (join "," $apiUrls)) -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} + {{- $admin = concat $admin (list + "--admin-api-tls-enabled" + "--admin-api-tls-truststore" + (printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.admin.tls.cert)) + -}} + {{- end -}} +{{ join " " $admin }} +{{- end -}} + {{- define "rpk-flags-no-admin-no-sasl" -}} {{- $flags := fromJson (include "rpk-flags" .) -}} {{ join " " (list $flags.brokers $flags.kafka)}} diff --git a/charts/redpanda/redpanda/templates/configmap.yaml b/charts/redpanda/redpanda/templates/configmap.yaml index 0aef9ceac..72e488c23 100644 --- a/charts/redpanda/redpanda/templates/configmap.yaml +++ b/charts/redpanda/redpanda/templates/configmap.yaml @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} +{{- $root := . }} {{- $values := .Values }} {{- /* @@ -48,7 +49,7 @@ limitations under the License. {{- end -}} {{- $users := list -}} -{{- if .Values.auth.sasl.enabled -}} +{{- if (include "sasl-enabled" . | fromJson).bool -}} {{- range $user := .Values.auth.sasl.users -}} {{- $users = append $users $user.name -}} {{- end -}} @@ -65,7 +66,8 @@ metadata: {{- end }} data: bootstrap.yaml: | - enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }} + kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }} + enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }} {{- if $users }} superusers: {{ toJson $users }} {{- end }} @@ -109,7 +111,8 @@ data: enable_rack_awareness: true {{- end }} {{- end }} - enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }} + kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }} + enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }} {{- if $users }} superusers: {{ toJson $users }} {{- end }} @@ -141,40 +144,18 @@ data: {{- /* Admin API */}} {{- $service := .Values.listeners.admin }} admin: - name: admin - address: 0.0.0.0 - port: {{ $service.port }} -{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} - admin_api_tls: - name: admin - enabled: true - cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key - require_client_auth: {{ $service.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $service.tls.cert }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} -{{- end }} -{{- /* Kafka API */}} -{{- $service = .Values.listeners.kafka }} - kafka_api: - name: internal address: 0.0.0.0 port: {{ $service.port }} -{{- range $name, $listener := .Values.listeners.kafka.external }} +{{- range $name, $listener := $service.external }} +{{- if and $listener.port $name }} - name: {{ $name }} address: 0.0.0.0 port: {{ $listener.port }} {{- end }} - kafka_api_tls: -{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} +{{- end }} + admin_api_tls: +{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} - name: internal enabled: true cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt @@ -187,11 +168,70 @@ data: {{- if $cert.caEnabled }} truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} + {{- /* This is a required field so we use the default in the redpanda debian container */}} truststore_file: /etc/ssl/certs/ca-certificates.crt {{- end }} {{- end }} {{- range $name, $listener := $service.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "admin-external-tls-enabled" $k | fromJson).bool }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "admin-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined" $certName)}} + {{- end }} + - name: {{ $name }} + enabled: true + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} +{{- end }} +{{- /* Kafka API */}} +{{- $kafkaService := .Values.listeners.kafka }} + kafka_api: + - name: internal + address: 0.0.0.0 + port: {{ $kafkaService.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $kafkaService.authenticationMethod }} + authentication_method: {{ default "sasl" $kafkaService.authenticationMethod }} + {{- end }} +{{- range $name, $listener := $kafkaService.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} + authentication_method: {{ default "sasl" $listener.authenticationMethod }} + {{- end }} +{{- end }} + kafka_api_tls: +{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.key + require_client_auth: {{ $kafkaService.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $kafkaService.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} +{{- end }} +{{- range $name, $listener := $kafkaService.external }} {{- $k := dict "Values" $values "listener" $listener }} {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }} {{- $mtls := dig "tls" "requireClientAuth" false $listener }} @@ -256,43 +296,49 @@ data: {{- end }} {{- /* Schema Registry API */}} {{- if .Values.listeners.schemaRegistry.enabled }} - {{- $service = .Values.listeners.schemaRegistry }} + {{- $schemaRegistryService := .Values.listeners.schemaRegistry }} schema_registry: schema_registry_api: - name: internal address: 0.0.0.0 - port: {{ $service.port }} - {{- range $name, $listener := $service.external }} + port: {{ $schemaRegistryService.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $schemaRegistryService.authenticationMethod }} + authentication_method: {{ default "http_basic" $schemaRegistryService.authenticationMethod }} + {{- end }} + {{- range $name, $listener := $schemaRegistryService.external }} - name: {{ $name }} address: 0.0.0.0 {{- /* when upgrading from an older version that had a missing port, fail if we cannot guess a default this should work in all cases as the older versions would have failed with multiple listeners anyway */}} - {{- if and (empty $listener.port) (ne (len $service.external) 1) }} + {{- if and (empty $listener.port) (ne (len $schemaRegistryService.external) 1) }} {{- fail "missing required port for schemaRegistry listener $listener.name" }} {{- end }} port: {{ $listener.port | default 8084 }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} + authentication_method: {{ default "http_basic" $listener.authenticationMethod }} + {{- end }} {{- end }} schema_registry_api_tls: {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }} - name: internal enabled: true - cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key - require_client_auth: {{ $service.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $service.tls.cert }} + cert_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.key + require_client_auth: {{ $schemaRegistryService.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $schemaRegistryService.tls.cert }} {{- if empty $cert }} {{- fail (printf "Certificate, '%s', used but not defined")}} {{- end }} {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + truststore_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/ca.crt {{- else }} {{- /* This is a required field so we use the default in the redpanda debian container */}} truststore_file: /etc/ssl/certs/ca-certificates.crt {{- end }} {{- end }} - {{- range $name, $listener := $service.external }} + {{- range $name, $listener := $schemaRegistryService.external }} {{- $k := dict "Values" $values "listener" $listener }} {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }} {{- $mtls := dig "tls" "requireClientAuth" false $listener }} @@ -319,36 +365,42 @@ data: {{- end }} {{- /* HTTP Proxy */}} {{- if .Values.listeners.http.enabled }} - {{- $service = .Values.listeners.http }} + {{- $HTTPService := .Values.listeners.http }} pandaproxy: pandaproxy_api: - name: internal address: 0.0.0.0 - port: {{ $service.port }} - {{- range $name, $listener := $service.external }} + port: {{ $HTTPService.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $HTTPService.authenticationMethod }} + authentication_method: {{ default "http_basic" $HTTPService.authenticationMethod }} + {{- end }} + {{- range $name, $listener := $HTTPService.external }} - name: {{ $name }} address: 0.0.0.0 port: {{ $listener.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} + authentication_method: {{ default "http_basic" $listener.authenticationMethod }} + {{- end }} {{- end }} pandaproxy_api_tls: {{- if (include "http-internal-tls-enabled" . | fromJson).bool }} - name: internal enabled: true - cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key - require_client_auth: {{ $service.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $service.tls.cert }} + cert_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.key + require_client_auth: {{ $HTTPService.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $HTTPService.tls.cert }} {{- if empty $cert }} {{- fail (printf "Certificate, '%s', used but not defined")}} {{- end }} {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + truststore_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/ca.crt {{- else }} {{- /* This is a required field so we use the default in the redpanda debian container */}} truststore_file: /etc/ssl/certs/ca-certificates.crt {{- end }} {{- end }} - {{- range $name, $listener := $service.external }} + {{- range $name, $listener := $HTTPService.external }} {{- $k := dict "Values" $values "listener" $listener }} {{- if (include "http-external-tls-enabled" $k | fromJson).bool }} {{- $mtls := dig "tls" "requireClientAuth" false $listener }} diff --git a/charts/redpanda/redpanda/templates/console/deployment.yaml b/charts/redpanda/redpanda/templates/console/deployment.yaml index 2eeb747f1..5b418d7c8 100644 --- a/charts/redpanda/redpanda/templates/console/deployment.yaml +++ b/charts/redpanda/redpanda/templates/console/deployment.yaml @@ -21,7 +21,11 @@ limitations under the License. {{ $command := list }} {{ if (include "sasl-enabled" . | fromJson).bool }} {{ $command = concat $command (list "sh" "-xc") }} - {{ $command = append $command (printf "set -e; IFS=: read -r KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM < $(find /mnt/users/* -print); KAFKA_SASL_MECHANISM=${KAFKA_SASL_MECHANISM:-%s}; export KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM; /app/console $@" ( include "sasl-mechanism" . )) }} + {{ $consoleSASLConfig := (printf "set -e; IFS=: read -r KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM < $(find /mnt/users/* -print); KAFKA_SASL_MECHANISM=${KAFKA_SASL_MECHANISM:-%s}; export KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM;" ( include "sasl-mechanism" . )) }} + {{ $consoleSASLConfig = cat $consoleSASLConfig " export KAFKA_SCHEMAREGISTRY_USERNAME=$KAFKA_SASL_USERNAME;" }} + {{ $consoleSASLConfig = cat $consoleSASLConfig " export KAFKA_SCHEMAREGISTRY_PASSWORD=$KAFKA_SASL_PASSWORD;" }} + {{ $consoleSASLConfig = cat $consoleSASLConfig " /app/console $@" }} + {{ $command = append $command $consoleSASLConfig }} {{ $command = append $command "--" }} {{ $extraVolumes = append $extraVolumes (dict "name" (printf "%s-users" (include "redpanda.fullname" .)) @@ -129,7 +133,7 @@ limitations under the License. )}} {{ $adminAPI = append $adminAPI (dict "name" "REDPANDA_ADMINAPI_URLS" - "value" (print (include "admin-http-protocol" .) "://" (include "api-urls" .)) + "value" (print (include "admin-http-protocol" .) "://" (include "admin-api-service-url" .)) )}} {{ $extraEnv := concat $kafkaTLS $schemaRegistryTLS $adminAPI}} diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index 25a097538..ed2e77938 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.post_upgrade_job.enabled }} -{{- $rpkFlags := include "rpk-flags-no-sasl" . }} +{{- $rpkFlags := include "rpk-acl-user-flags" . }} {{- $sasl := .Values.auth.sasl }} {{- $root := deepCopy . }} apiVersion: batch/v1 diff --git a/charts/redpanda/redpanda/templates/secrets.yaml b/charts/redpanda/redpanda/templates/secrets.yaml index df653056a..8ab73aaaa 100644 --- a/charts/redpanda/redpanda/templates/secrets.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -75,7 +75,7 @@ stringData: # Setup and export SASL bootstrap-user IFS=":" read -r USER_NAME PASSWORD MECHANISM < $(find /etc/secrets/users/* -print) MECHANISM=${MECHANISM:-{{- include "sasl-mechanism" . }}} - rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} || true + rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-brokers-no-sasl" $ }} || true {{- end }} preStop.sh: |- @@ -158,7 +158,7 @@ stringData: ready_result_exit_code=1 while [[ ${ready_result_exit_code} -ne 0 ]]; do - ready_result=$(rpk cluster health {{ (include "rpk-flags" . | fromJson).admin }} | grep 'Healthy:.*true' 2>&1) && ready_result_exit_code=$? + ready_result=$(rpk cluster health {{ include "rpk-acl-user-flags" . }} | grep 'Healthy:.*true' 2>&1) && ready_result_exit_code=$? sleep 2 done @@ -192,21 +192,21 @@ stringData: fi echo "Creating user ${USER_NAME}..." MECHANISM=${MECHANISM:-{{- include "sasl-mechanism" . }}} - creation_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code + creation_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ include "rpk-acl-user-flags" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code if [[ $creation_result_exit_code -ne 0 ]]; then # Check if the stderr contains "User already exists" # this error occurs when password has changed if [[ $creation_result == *"User already exists"* ]]; then echo "Update user ${USER_NAME}" # we will try to update by first deleting - deletion_result=$(rpk acl user delete ${USER_NAME} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && deletion_result_exit_code=$? || deletion_result_exit_code=$? + deletion_result=$(rpk acl user delete ${USER_NAME} {{ include "rpk-acl-user-flags" $ }} 2>&1) && deletion_result_exit_code=$? || deletion_result_exit_code=$? if [[ $deletion_result_exit_code -ne 0 ]]; then echo "deletion of user ${USER_NAME} failed: ${deletion_result}" READ_LIST_SUCCESS=1 break fi # Now we update the user - update_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && update_result_exit_code=$? || update_result_exit_code=$? # On a non-success exit code + update_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ include "rpk-acl-user-flags" $ }} 2>&1) && update_result_exit_code=$? || update_result_exit_code=$? # On a non-success exit code if [[ $update_result_exit_code -ne 0 ]]; then echo "updating user ${USER_NAME} failed: ${update_result}" READ_LIST_SUCCESS=1 @@ -230,7 +230,7 @@ stringData: if [[ -n "${USERS_LIST}" && ${READ_LIST_SUCCESS} ]]; then echo "Setting superusers configurations with users [${USERS_LIST}]" - superuser_result=$(rpk cluster config set superusers [${USERS_LIST}] {{ template "rpk-flags-no-sasl" $ }} 2>&1) && superuser_result_exit_code=$? || superuser_result_exit_code=$? + superuser_result=$(rpk cluster config set superusers [${USERS_LIST}] {{ template "rpk-acl-user-flags" $ }} 2>&1) && superuser_result_exit_code=$? || superuser_result_exit_code=$? if [[ $superuser_result_exit_code -ne 0 ]]; then echo "Setting superusers configurations failed: ${superuser_result}" else diff --git a/charts/redpanda/redpanda/templates/service.loadbalancer.yaml b/charts/redpanda/redpanda/templates/service.loadbalancer.yaml index c762e910b..6cbcc193a 100644 --- a/charts/redpanda/redpanda/templates/service.loadbalancer.yaml +++ b/charts/redpanda/redpanda/templates/service.loadbalancer.yaml @@ -29,10 +29,15 @@ metadata: {{- . | nindent 4 }} {{- end }} repdanda.com/type: "loadbalancer" -{{- with $values.external.annotations }} +{{- if (or $values.external.annotations (dig "externalDns" "enabled" false $values.external) ) }} annotations: +{{- with $values.external.annotations }} {{- toYaml . | nindent 4 }} {{- end }} +{{- if (dig "externalDns" "enabled" false $values.external) }} + {{ printf "external-dns.alpha.kubernetes.io/hostname: %s.%s" (index $values.external.addresses $replicaIndex) (tpl $values.external.domain $) }} +{{- end }} +{{- end }} spec: type: LoadBalancer {{- if not ( empty $root.Values.external.sourceRanges ) }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 394db0d88..7a360abd3 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -236,7 +236,7 @@ spec: - -c - | set -e - RESULT=$(curl --silent --fail -k {{ include "admin-tls-curl-flags" . }} "{{ include "admin-http-protocol" . }}://localhost:{{ .Values.listeners.admin.port }}/v1/status/ready") + RESULT=$(curl --silent --fail -k {{ include "admin-tls-curl-flags" . }} "{{ include "admin-http-protocol" . }}://{{ include "admin-api-urls" . }}/v1/status/ready") echo $RESULT echo $RESULT | grep ready initialDelaySeconds: {{ .Values.statefulset.startupProbe.initialDelaySeconds }} @@ -248,7 +248,7 @@ spec: command: - /bin/sh - -c - - curl --silent --fail -k {{ include "admin-tls-curl-flags" . }} "{{ include "admin-http-protocol" . }}://localhost:{{ .Values.listeners.admin.port }}/v1/status/ready" + - curl --silent --fail -k {{ include "admin-tls-curl-flags" . }} "{{ include "admin-http-protocol" . }}://{{ include "admin-api-urls" . }}/v1/status/ready" initialDelaySeconds: {{ .Values.statefulset.livenessProbe.initialDelaySeconds }} failureThreshold: {{ .Values.statefulset.livenessProbe.failureThreshold }} periodSeconds: {{ .Values.statefulset.livenessProbe.periodSeconds }} diff --git a/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml b/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml index 859a62e93..6d2be282b 100644 --- a/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml @@ -56,7 +56,7 @@ spec: -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ {{- end }} -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \ - -connect {{ include "api-urls" $root }} + -connect {{ include "admin-api-urls" $root }} {{- end }} {{- if eq $cert.secretRef.name "external-tls-secret" }} diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml index 8ae0b52d0..c36e37fb4 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml @@ -51,7 +51,7 @@ spec: - -c - | set -xe - until rpk acl user delete myuser {{ include "rpk-common-flags" . }} + until rpk acl user delete myuser {{ include "rpk-acl-user-flags" . }} do sleep 2 done sleep 3 @@ -63,7 +63,7 @@ spec: {{ include "rpk-topic-create" $rpk }} {{ include "rpk-topic-describe" $rpk }} {{ include "rpk-topic-delete" $rpk }} - rpk acl user delete myuser {{ include "rpk-common-flags" . }} + rpk acl user delete myuser {{ include "rpk-acl-user-flags" . }} volumeMounts: - name: config mountPath: /etc/redpanda diff --git a/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml b/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml index 8550c656f..8eedec246 100644 --- a/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml @@ -53,7 +53,7 @@ spec: # check that the users list did update ready_result_exit_code=1 while [[ ${ready_result_exit_code} -ne 0 ]]; do - ready_result=$(rpk acl user list {{ (include "rpk-flags" . | fromJson).admin }} | grep anotheranotherme 2>&1) && ready_result_exit_code=$? + ready_result=$(rpk acl user list {{ include "rpk-acl-user-flags" . }} | grep anotheranotherme 2>&1) && ready_result_exit_code=$? sleep 2 done diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 9de5a91c6..c35760e45 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -194,6 +194,17 @@ }, "annotations": { "type": "object" + }, + "externalDns": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + } + } } } }, @@ -904,6 +915,10 @@ "items": { "type": "integer" } + }, + "authenticationMethod": { + "type": ["string", "null"], + "pattern": "sasl|none|mtls_identity" } } } @@ -926,6 +941,10 @@ "type": "boolean" } } + }, + "authenticationMethod": { + "type": ["string", "null"], + "pattern": "sasl|none|mtls_identity" } } }, @@ -949,6 +968,10 @@ "type": "string", "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" }, + "authenticationMethod": { + "type": ["string", "null"], + "pattern": "http_basic|none" + }, "external": { "type": "object", "minProperties": 1, @@ -971,6 +994,10 @@ "items": { "type": "integer" } + }, + "authenticationMethod": { + "type": ["string", "null"], + "pattern": "http_basic|none" } } } @@ -1046,6 +1073,10 @@ "type": "string", "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" }, + "authenticationMethod": { + "type": ["string", "null"], + "pattern": "http_basic|none" + }, "external": { "type": "object", "minProperties": 1, @@ -1065,6 +1096,10 @@ "items": { "type": "integer" } + }, + "authenticationMethod": { + "type": ["string", "null"], + "pattern": "http_basic|none" } } } diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 3349a9fe2..f2dcbf2e7 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -201,6 +201,11 @@ external: # For example: # cloud.google.com/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-type: nlb + # If you enable externalDns, each LoadBalancer service instance + # will be annotated with external-dns hostname + # matchine external.addresses + external.domain + # externalDns: + # enabled: true # -- Log-level settings. logging: @@ -647,6 +652,7 @@ listeners: external: # -- Name of the external listener. default: + port: 9645 # Override the global `external.enabled` for only this listener. # enabled: true # -- The port advertised to this listener's external clients. @@ -670,6 +676,8 @@ listeners: kafka: # -- The port for internal client connections. port: 9093 + # default is "sasl" + authenticationMethod: tls: # Optional flag to override the global TLS enabled flag. # enabled: true @@ -686,6 +694,8 @@ listeners: tls: # enabled: true cert: external + # default is "sasl" + authenticationMethod: # -- RPC listener (this is never externally accessible). rpc: port: 33145 @@ -699,6 +709,8 @@ listeners: enabled: true port: 8081 kafkaEndpoint: default + # default is "http_basic" + authenticationMethod: tls: # Optional flag to override the global TLS enabled flag. # enabled: true @@ -713,11 +725,15 @@ listeners: tls: # enabled: true cert: external + # default is "http_basic" + authenticationMethod: # -- HTTP API listeners (aka PandaProxy). http: enabled: true port: 8082 kafkaEndpoint: default + # default is "http_basic" + authenticationMethod: tls: # Optional flag to override the global TLS enabled flag. # enabled: true @@ -732,6 +748,8 @@ listeners: tls: # enabled: true cert: external + # default is "http_basic" + authenticationMethod: # Expert Config # Here be dragons! diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index 1f048e56a..f639d51a1 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.3.55 +appVersion: 1.3.60 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.3.6 +version: 1.3.8 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index b1cd574f1..18fc553a6 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.6 +### Upgrade to 1.3.8 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.6/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.8/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index b1cd574f1..18fc553a6 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.6 +### Upgrade to 1.3.8 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.6/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.8/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 453f4d25d..4b7189c1d 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.3.55 + tag: v1.3.60 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 6a44dd7ff..7acdc8ab1 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.15.90 +### New Features +* **sysdig** [a1a22e4c](https://github.com/sysdiglabs/charts/commit/a1a22e4c0d439a1dc254a172e3d8fb4eaa801dd4): Update legacy engine HostAnalyzer with security updates ([#1128](https://github.com/sysdiglabs/charts/issues/1128)) + + * Security updates (May 2023) for HostAnalyzer. Fixed 1 CVE: + * CVE-2023-28840 # v1.15.89 ### New Features * **sysdig** [a6d4b61e](https://github.com/sysdiglabs/charts/commit/a6d4b61e484b9c07df3fb195a6243f37cd4c9410): Update legacy engine NIA with security updates ([#1123](https://github.com/sysdiglabs/charts/issues/1123)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index 04c72542e..502110eae 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -29,4 +29,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.15.89 +version: 1.15.90 diff --git a/charts/sysdig/sysdig/README.md b/charts/sysdig/sysdig/README.md index e9dbba339..171c23a11 100644 --- a/charts/sysdig/sysdig/README.md +++ b/charts/sysdig/sysdig/README.md @@ -169,7 +169,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | `nodeAnalyzer.imageAnalyzer.env` | Extra environment variables that will be passed onto pods | `{}` | | `nodeAnalyzer.hostAnalyzer.deploy` | Deploy the Host Analyzer | `true ` | | `nodeAnalyzer.hostAnalyzer.image.repository` | The image repository to pull the Host Analyzer from | `sysdig/host-analyzer` | -| `nodeAnalyzer.hostAnalyzer.image.tag` | The image tag to pull the Host Analyzer | `0.1.15` | +| `nodeAnalyzer.hostAnalyzer.image.tag` | The image tag to pull the Host Analyzer | `0.1.16` | | `nodeAnalyzer.hostAnalyzer.image.digest` | The image digest to pull | ` ` | | `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | The Image pull policy for the Host Analyzer | `IfNotPresent` | | `nodeAnalyzer.hostAnalyzer.schedule` | The scanning schedule specification for the host analyzer expressed as a crontab | `@dailydefault` | diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index b87cbc8c4..c5c9773a4 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,10 +1,9 @@ # What's Changed ### New Features -- **sysdig** [a6d4b61e](https://github.com/sysdiglabs/charts/commit/a6d4b61e484b9c07df3fb195a6243f37cd4c9410): Update legacy engine NIA with security updates ([#1123](https://github.com/sysdiglabs/charts/issues/1123)) +- **sysdig** [a1a22e4c](https://github.com/sysdiglabs/charts/commit/a1a22e4c0d439a1dc254a172e3d8fb4eaa801dd4): Update legacy engine HostAnalyzer with security updates ([#1128](https://github.com/sysdiglabs/charts/issues/1128)) - * Security updates (May 2023) for NodeImageAnalyzer. Fixed 2 CVEs: - * CVE-2023-30861 + * Security updates (May 2023) for HostAnalyzer. Fixed 1 CVE: * CVE-2023-28840 -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.8.10...sysdig-1.15.89 +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.8.11...sysdig-1.15.90 diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml index ef28caa05..73d164878 100644 --- a/charts/sysdig/sysdig/values.yaml +++ b/charts/sysdig/sysdig/values.yaml @@ -457,7 +457,7 @@ nodeAnalyzer: deploy: true image: repository: sysdig/host-analyzer - tag: 0.1.15 + tag: 0.1.16 digest: pullPolicy: IfNotPresent diff --git a/index.yaml b/index.yaml index c8a5a78e9..012f4fb00 100644 --- a/index.yaml +++ b/index.yaml @@ -1138,6 +1138,45 @@ entries: - assets/ambassador/ambassador-6.7.1100.tgz version: 6.7.1100 argo-cd: + - annotations: + artifacthub.io/changes: | + - kind: added + description: Option to set appProtocol for Argocd server https service port + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.7.3 + created: "2023-05-30T11:31:41.624230325Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 3f69a75282c2e4ceba2eb11928edd879339635d38c4600fbd51d00a0b30c4615 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.22.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.34.6.tgz + version: 5.34.6 - annotations: artifacthub.io/changes: | - kind: fixed @@ -3017,6 +3056,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.59.9 + created: "2023-05-30T11:31:46.582320896Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 4598b8cfc8797ccf3d8d9a331b02b8dbbcbfe6bafa4b5981bfb9e8bbc1aec12d + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.59.9.tgz + version: 107.59.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -3836,6 +3908,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.59.9 + created: "2023-05-30T11:31:46.845034567Z" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.59.9 + description: JFrog Container Registry + digest: 080b1598021fda67ef14c375d21d9f671bbbee7447a2db93a00d1838ed02a0f5 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.59.9.tgz + version: 107.59.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -6811,6 +6917,39 @@ entries: - assets/softiron/ceph-csi-rbd-1.3.1.tgz version: 1.3.1 cert-manager: + - annotations: + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E + url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: cert-manager + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/namespace: cert-manager + catalog.cattle.io/release-name: cert-manager + apiVersion: v1 + appVersion: v1.12.1 + created: "2023-05-30T11:31:43.988305876Z" + description: A Helm chart for cert-manager + digest: 3a10404b910abf3d6bab2d33dc7dbb0ff07e3bd3068a64d07cdd9602d8d55ea5 + home: https://github.com/cert-manager/cert-manager + icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png + keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: cert-manager-maintainers@googlegroups.com + name: cert-manager-maintainers + url: https://cert-manager.io + name: cert-manager + sources: + - https://github.com/cert-manager/cert-manager + urls: + - assets/cert-manager/cert-manager-v1.12.1.tgz + version: v1.12.1 - annotations: artifacthub.io/prerelease: "false" artifacthub.io/signKey: | @@ -7154,6 +7293,28 @@ entries: urls: - assets/codefresh/cf-runtime-1.7.8.tgz version: 1.7.8 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Codefresh + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: cf-runtime + apiVersion: v2 + created: "2023-05-30T11:31:44.076845582Z" + description: A Helm chart for Codefresh Runner + digest: e3a0791a8d57bfda54b818e41acb74021c7dd7797dd04987fcef8086bc7063b5 + home: https://github.com/codefresh-io/venona + icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg + keywords: + - codefresh + - runner + kubeVersion: '>=1.18-0' + maintainers: + - name: codefresh + url: https://codefresh-io.github.io/ + name: cf-runtime + urls: + - assets/codefresh/cf-runtime-1.0.7.tgz + version: 1.0.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Codefresh @@ -8027,6 +8188,27 @@ entries: - assets/cloudcasa/cloudcasa-0.1.000.tgz version: 0.1.000 cockroachdb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CockroachDB + catalog.cattle.io/kube-version: '>=1.8-0' + catalog.cattle.io/release-name: cockroachdb + apiVersion: v1 + appVersion: 23.1.2 + created: "2023-05-30T11:31:44.063786633Z" + description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. + digest: 8da65d6657c571da4c64aa108932f20e27f77033ec5f8b9fb93d96831f40d86e + home: https://www.cockroachlabs.com + icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png + maintainers: + - email: helm-charts@cockroachlabs.com + name: cockroachlabs + name: cockroachdb + sources: + - https://github.com/cockroachdb/cockroach + urls: + - assets/cockroach-labs/cockroachdb-11.0.1.tgz + version: 11.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CockroachDB @@ -9048,8 +9230,8 @@ entries: catalog.cattle.io/featured: "2" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 - appVersion: 1.103.3 - created: "2023-05-16T14:15:26.759270402Z" + appVersion: 1.103.4 + created: "2023-05-30T11:31:59.072363965Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -9065,7 +9247,38 @@ entries: version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. - digest: 984baf990ada2159bc6b489c2210f8f5fb0e5f16db07e39877a05b106beedc54 + digest: a1544084ad14ef61e8b4616726754f5e101e56d445090b671534eec56076a47e + icon: https://partner-charts.rancher.io/assets/logos/kubecost.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-1.103.4.tgz + version: 1.103.4 + - annotations: + artifacthub.io/links: | + - name: Homepage + url: https://www.kubecost.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kubecost + catalog.cattle.io/release-name: cost-analyzer + apiVersion: v2 + appVersion: 1.103.3 + created: "2023-05-30T11:31:47.581367696Z" + dependencies: + - condition: global.grafana.enabled + name: grafana + repository: file://./charts/grafana + version: ~1.17.2 + - condition: global.prometheus.enabled + name: prometheus + repository: file://./charts/prometheus + version: ~11.0.2 + - condition: global.thanos.enabled + name: thanos + repository: file://./charts/thanos + version: ~0.29.0 + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: d80138954529ba8c9335f51c8ad4ac6b924bab3f9c6e73d48c8e79cd78d596ca icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer urls: @@ -10196,6 +10409,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-05-30T11:31:44.433724335Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: bf74f4c865ceaf3ef29916e5ebd3e78535bb8788ebd612cf65bc76a55ad4572d + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.30.9.tgz + version: 3.30.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -12536,6 +12786,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.8.3 + created: "2023-05-30T11:31:44.643952023Z" + description: External secret management for Kubernetes + digest: b7b6831590159a91dad83970f3629f9cfc21fcf05f40063c2e51bed4d66f6111 + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.8.3.tgz + version: 0.8.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -26506,6 +26780,102 @@ entries: - assets/f5/nginx-service-mesh-0.2.100.tgz version: 0.2.100 nri-bundle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: New Relic + catalog.cattle.io/release-name: nri-bundle + apiVersion: v2 + created: "2023-05-30T11:31:59.379889892Z" + dependencies: + - condition: infrastructure.enabled,newrelic-infrastructure.enabled + name: newrelic-infrastructure + repository: file://./charts/newrelic-infrastructure + version: 3.18.0 + - condition: prometheus.enabled,nri-prometheus.enabled + name: nri-prometheus + repository: file://./charts/nri-prometheus + version: 2.1.16 + - condition: newrelic-prometheus-agent.enabled + name: newrelic-prometheus-agent + repository: file://./charts/newrelic-prometheus-agent + version: 1.2.0 + - condition: webhook.enabled,nri-metadata-injection.enabled + name: nri-metadata-injection + repository: file://./charts/nri-metadata-injection + version: 4.3.0 + - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled + name: newrelic-k8s-metrics-adapter + repository: file://./charts/newrelic-k8s-metrics-adapter + version: 1.2.0 + - condition: ksm.enabled,kube-state-metrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + version: 4.23.0 + - condition: kubeEvents.enabled,nri-kube-events.enabled + name: nri-kube-events + repository: file://./charts/nri-kube-events + version: 3.1.0 + - condition: logging.enabled,newrelic-logging.enabled + name: newrelic-logging + repository: file://./charts/newrelic-logging + version: 1.14.1 + - condition: newrelic-pixie.enabled + name: newrelic-pixie + repository: file://./charts/newrelic-pixie + version: 2.1.0 + - alias: pixie-chart + condition: pixie-chart.enabled + name: pixie-operator-chart + repository: file://./charts/pixie-operator-chart + version: 0.1.1 + - condition: newrelic-infra-operator.enabled + name: newrelic-infra-operator + repository: file://./charts/newrelic-infra-operator + version: 2.2.0 + description: Groups together the individual charts for the New Relic Kubernetes + solution for a more comfortable deployment. + digest: 7f2b0fae3cc12d4fe0f277c9ecac5bd264b35e200753cd654ef946c1ee121499 + home: https://github.com/newrelic/helm-charts + icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg + keywords: + - infrastructure + - newrelic + - monitoring + maintainers: + - name: nserrino + url: https://github.com/nserrino + - name: philkuz + url: https://github.com/philkuz + - name: htroisi + url: https://github.com/htroisi + - name: juanjjaramillo + url: https://github.com/juanjjaramillo + - name: svetlanabrennan + url: https://github.com/svetlanabrennan + - name: nrepai + url: https://github.com/nrepai + - name: csongnr + url: https://github.com/csongnr + - name: vuqtran88 + url: https://github.com/vuqtran88 + - name: xqi-nr + url: https://github.com/xqi-nr + name: nri-bundle + sources: + - https://github.com/newrelic/nri-bundle/ + - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle + - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure + - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus + - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent + - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection + - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter + - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie + - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator + urls: + - assets/new-relic/nri-bundle-5.0.16.tgz + version: 5.0.16 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: New Relic @@ -28275,6 +28645,71 @@ entries: - assets/ondat/ondat-operator-0.5.200.tgz version: 0.5.200 openebs: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: OpenEBS + catalog.cattle.io/release-name: openebs + apiVersion: v2 + appVersion: 3.7.0 + created: "2023-05-30T11:31:59.760255284Z" + dependencies: + - condition: openebs-ndm.enabled + name: openebs-ndm + repository: file://./charts/openebs-ndm + version: 2.1.0 + - condition: localpv-provisioner.enabled + name: localpv-provisioner + repository: file://./charts/localpv-provisioner + version: 3.4.0 + - condition: cstor.enabled + name: cstor + repository: file://./charts/cstor + version: 3.4.0 + - condition: jiva.enabled + name: jiva + repository: file://./charts/jiva + version: 3.4.0 + - condition: zfs-localpv.enabled + name: zfs-localpv + repository: file://./charts/zfs-localpv + version: 2.2.0 + - condition: lvm-localpv.enabled + name: lvm-localpv + repository: file://./charts/lvm-localpv + version: 1.1.0 + - condition: nfs-provisioner.enabled + name: nfs-provisioner + repository: file://./charts/nfs-provisioner + version: 0.10.0 + - condition: mayastor.enabled + name: mayastor + repository: file://./charts/mayastor + version: 2.2.0 + description: Containerized Attached Storage for Kubernetes + digest: 4c3b935d0e6d8bcc1298a8c41353b38ed1f02027ccdb0aa5adbac1b54d992669 + home: http://www.openebs.io/ + icon: https://raw.githubusercontent.com/cncf/artwork/HEAD/projects/openebs/icon/color/openebs-icon-color.png + keywords: + - cloud-native-storage + - block-storage + - local-storage + - iSCSI + - NVMe + - storage + - kubernetes + maintainers: + - email: kiran.mova@mayadata.io + name: kmova + - email: prateek.pandey@mayadata.io + name: prateekpandey14 + - email: shovan.maity@mayadata.io + name: shovanmaity + name: openebs + sources: + - https://github.com/openebs/openebs + urls: + - assets/openebs/openebs-3.7.0.tgz + version: 3.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: OpenEBS @@ -29260,6 +29695,44 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.3.0 + created: "2023-05-30T11:31:43.066359004Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: 9c417a4554358dc2219be5b635cfd55727863a64681aa46b9eae2d5be0b78c78 + home: https://bitnami.com + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/postgresql + urls: + - assets/bitnami/postgresql-12.5.6.tgz + version: 12.5.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -31978,6 +32451,44 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v23.1.8 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.10 + created: "2023-05-30T11:32:00.002492626Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: af15487c9f393198d4d23deb81fb9e0ccd36128901ba191c86edd2abd7d8892f + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.26.tgz + version: 4.0.26 - annotations: artifacthub.io/images: | - name: redpanda @@ -34423,6 +34934,40 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.4.0 + created: "2023-05-30T11:31:43.322396612Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: ee5b01f7aceddad10a5c3f34e286a2e027b8d20c2014e03272f6d36a36bd0ca3 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-7.0.0.tgz + version: 7.0.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -35151,6 +35696,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.3.60 + created: "2023-05-30T11:32:00.096859817Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: b84cc7ea39621cff23cca8ed650a9254d41a12490145614e536a807b56361e8c + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.3.8.tgz + version: 1.3.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -36381,6 +36957,42 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.14.1 + created: "2023-05-30T11:32:00.355731334Z" + description: Sysdig Monitor and Secure agent + digest: 88ad9689015fc5f6c195620688fc1db58b732df53c95a6c0b71916c20c56e5c3 + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: lachlan@deis.com + name: lachie83 + - email: jorge.salamero@sysdig.com + name: bencer + - email: nestor.salceda@sysdig.com + name: nestorsalceda + - email: alvaro.iradier@sysdig.com + name: airadier + - email: carlos.arilla@sysdig.com + name: carillan81 + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.15.90.tgz + version: 1.15.90 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -39921,6 +40533,53 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.2 + created: "2023-05-30T11:31:43.882255471Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: b4c935fe0adc04928aa050092d81ef861f052f65eb025da564991eecc65ac183 + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-16.1.9.tgz + version: 16.1.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress