diff --git a/assets/aquarist-labs/s3gw-0.12.0.tgz b/assets/aquarist-labs/s3gw-0.12.0.tgz new file mode 100644 index 000000000..db81e7144 Binary files /dev/null and b/assets/aquarist-labs/s3gw-0.12.0.tgz differ diff --git a/assets/argo/argo-cd-5.22.1.tgz b/assets/argo/argo-cd-5.22.1.tgz new file mode 100644 index 000000000..f840e3c9e Binary files /dev/null and b/assets/argo/argo-cd-5.22.1.tgz differ diff --git a/assets/bitnami/airflow-14.0.12.tgz b/assets/bitnami/airflow-14.0.12.tgz new file mode 100644 index 000000000..75164be0a Binary files /dev/null and b/assets/bitnami/airflow-14.0.12.tgz differ diff --git a/assets/bitnami/cassandra-10.0.3.tgz b/assets/bitnami/cassandra-10.0.3.tgz new file mode 100644 index 000000000..60fd4f7a8 Binary files /dev/null and b/assets/bitnami/cassandra-10.0.3.tgz differ diff --git a/assets/bitnami/kafka-21.0.1.tgz b/assets/bitnami/kafka-21.0.1.tgz new file mode 100644 index 000000000..63af485bc Binary files /dev/null and b/assets/bitnami/kafka-21.0.1.tgz differ diff --git a/assets/bitnami/mariadb-11.5.0.tgz b/assets/bitnami/mariadb-11.5.0.tgz new file mode 100644 index 000000000..a1b8299ae Binary files /dev/null and b/assets/bitnami/mariadb-11.5.0.tgz differ diff --git a/assets/bitnami/mysql-9.5.0.tgz b/assets/bitnami/mysql-9.5.0.tgz new file mode 100644 index 000000000..e354824c4 Binary files /dev/null and b/assets/bitnami/mysql-9.5.0.tgz differ diff --git a/assets/bitnami/postgresql-12.2.1.tgz b/assets/bitnami/postgresql-12.2.1.tgz new file mode 100644 index 000000000..012c1e166 Binary files /dev/null and b/assets/bitnami/postgresql-12.2.1.tgz differ diff --git a/assets/bitnami/redis-17.8.0.tgz b/assets/bitnami/redis-17.8.0.tgz new file mode 100644 index 000000000..4e713e7ec Binary files /dev/null and b/assets/bitnami/redis-17.8.0.tgz differ diff --git a/assets/bitnami/spark-6.3.17.tgz b/assets/bitnami/spark-6.3.17.tgz new file mode 100644 index 000000000..0713581c6 Binary files /dev/null and b/assets/bitnami/spark-6.3.17.tgz differ diff --git a/assets/bitnami/tomcat-10.5.16.tgz b/assets/bitnami/tomcat-10.5.16.tgz new file mode 100644 index 000000000..c6f2bd2d4 Binary files /dev/null and b/assets/bitnami/tomcat-10.5.16.tgz differ diff --git a/assets/bitnami/wordpress-15.2.45.tgz b/assets/bitnami/wordpress-15.2.45.tgz new file mode 100644 index 000000000..21743ca4e Binary files /dev/null and b/assets/bitnami/wordpress-15.2.45.tgz differ diff --git a/assets/bitnami/zookeeper-11.1.3.tgz b/assets/bitnami/zookeeper-11.1.3.tgz new file mode 100644 index 000000000..5585bf1f9 Binary files /dev/null and b/assets/bitnami/zookeeper-11.1.3.tgz differ diff --git a/assets/clastix/kamaji-0.11.2.tgz b/assets/clastix/kamaji-0.11.2.tgz new file mode 100644 index 000000000..e7e2226ba Binary files /dev/null and b/assets/clastix/kamaji-0.11.2.tgz differ diff --git a/assets/cockroach-labs/cockroachdb-10.0.5.tgz b/assets/cockroach-labs/cockroachdb-10.0.5.tgz new file mode 100644 index 000000000..43616b8a9 Binary files /dev/null and b/assets/cockroach-labs/cockroachdb-10.0.5.tgz differ diff --git a/assets/crowdstrike/falcon-sensor-1.18.4.tgz b/assets/crowdstrike/falcon-sensor-1.18.4.tgz new file mode 100644 index 000000000..56076ca5c Binary files /dev/null and b/assets/crowdstrike/falcon-sensor-1.18.4.tgz differ diff --git a/assets/datadog/datadog-3.10.9.tgz b/assets/datadog/datadog-3.10.9.tgz new file mode 100644 index 000000000..e188807e2 Binary files /dev/null and b/assets/datadog/datadog-3.10.9.tgz differ diff --git a/assets/gluu/gluu-5.0.11.tgz b/assets/gluu/gluu-5.0.11.tgz new file mode 100644 index 000000000..ec3f2fde6 Binary files /dev/null and b/assets/gluu/gluu-5.0.11.tgz differ diff --git a/assets/jaeger/jaeger-operator-2.40.0.tgz b/assets/jaeger/jaeger-operator-2.40.0.tgz new file mode 100644 index 000000000..86c2a5cf5 Binary files /dev/null and b/assets/jaeger/jaeger-operator-2.40.0.tgz differ diff --git a/assets/metallb/metallb-0.13.9.tgz b/assets/metallb/metallb-0.13.9.tgz new file mode 100644 index 000000000..741788b24 Binary files /dev/null and b/assets/metallb/metallb-0.13.9.tgz differ diff --git a/assets/nats/nats-0.19.11.tgz b/assets/nats/nats-0.19.11.tgz new file mode 100644 index 000000000..9dde12963 Binary files /dev/null and b/assets/nats/nats-0.19.11.tgz differ diff --git a/assets/pixie/pixie-operator-chart-0.0.3801.tgz b/assets/pixie/pixie-operator-chart-0.0.3801.tgz new file mode 100644 index 000000000..a0adc6c7d Binary files /dev/null and b/assets/pixie/pixie-operator-chart-0.0.3801.tgz differ diff --git a/assets/redpanda/redpanda-2.10.6.tgz b/assets/redpanda/redpanda-2.10.6.tgz new file mode 100644 index 000000000..5d59fdbbd Binary files /dev/null and b/assets/redpanda/redpanda-2.10.6.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.2.23.tgz b/assets/speedscale/speedscale-operator-1.2.23.tgz new file mode 100644 index 000000000..12c24d6fc Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.2.23.tgz differ diff --git a/assets/sysdig/sysdig-1.15.74.tgz b/assets/sysdig/sysdig-1.15.74.tgz new file mode 100644 index 000000000..2aa5b1a7b Binary files /dev/null and b/assets/sysdig/sysdig-1.15.74.tgz differ diff --git a/charts/aquarist-labs/s3gw/Chart.yaml b/charts/aquarist-labs/s3gw/Chart.yaml index 9b5b5f8ed..a2e602a93 100644 --- a/charts/aquarist-labs/s3gw/Chart.yaml +++ b/charts/aquarist-labs/s3gw/Chart.yaml @@ -26,4 +26,4 @@ sources: - https://github.com/aquarist-labs/s3gw - https://github.com/aquarist-labs/ceph type: application -version: 0.11.0 +version: 0.12.0 diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index 56167b0e1..9b6d08712 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,13 +1,13 @@ annotations: artifacthub.io/changes: | - - kind: added - description: Allow dnsConfig pod configuration + - kind: changed + description: Grouped component templates together catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Argo CD catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.6.1 +appVersion: v2.6.2 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -29,4 +29,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.21.0 +version: 5.22.1 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index fe1252106..2533c1802 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.21.0 + +This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + ### 5.19.0 This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. @@ -381,6 +385,9 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | global.additionalLabels | object | `{}` | Common labels for the all resources | +| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | +| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `soft` or `hard` | +| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -460,7 +467,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | @@ -529,7 +536,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| repoServer.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | @@ -622,7 +629,7 @@ NAME: my-release | server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | | server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | -| server.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | @@ -785,7 +792,7 @@ server: | Key | Type | Default | Description | |-----|------|---------|-------------| -| dex.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | | dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | | dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | @@ -869,7 +876,7 @@ server: | Key | Type | Default | Description | |-----|------|---------|-------------| -| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | redis.containerPorts.metrics | int | `9121` | Metrics container port | | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | @@ -979,7 +986,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| applicationSet.affinity | object | `{}` | Assign custom [affinity] rules | +| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | @@ -1063,9 +1070,9 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| notifications.affinity | object | `{}` | Assign custom [affinity] rules | +| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | -| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules | +| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context | | notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] | | notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods | diff --git a/charts/argo/argo-cd/templates/_common.tpl b/charts/argo/argo-cd/templates/_common.tpl index f5154e47d..2ba53d8cc 100644 --- a/charts/argo/argo-cd/templates/_common.tpl +++ b/charts/argo/argo-cd/templates/_common.tpl @@ -63,3 +63,57 @@ app.kubernetes.io/instance: {{ .context.Release.Name }} app.kubernetes.io/component: {{ .component }} {{- end }} {{- end }} + +{{/* +Common affinity definition +Pod affinity + - Soft prefers different nodes + - Hard requires different nodes and prefers different availibility zones +Node affinity + - Soft prefers given user expressions + - Hard requires given user expressions +*/}} +{{- define "argo-cd.affinity" -}} +{{- with .component.affinity -}} + {{- toYaml . -}} +{{- else -}} +{{- $preset := .context.Values.global.affinity -}} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + {{- if (eq $preset.podAntiAffinity "soft") }} + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname + {{- else }} + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: topology.kubernetes.io/zone + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname + {{- end }} +{{- with $preset.nodeAffinity.matchExpressions }} +nodeAffinity: + {{- if (eq $preset.nodeAffinity.type "soft") }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- else }} + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl index bd99fc9dd..76abc8d28 100644 --- a/charts/argo/argo-cd/templates/_helpers.tpl +++ b/charts/argo/argo-cd/templates/_helpers.tpl @@ -8,6 +8,17 @@ to 63 chars and it includes 10 chars of hash and a separating '-'. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create dex name and version as used by the chart label. */}} @@ -26,6 +37,17 @@ Create Dex server endpoint {{- printf "%s://%s:%d" $scheme $host $port }} {{- end }} +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dexServiceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create redis name and version as used by the chart label. */}} @@ -53,56 +75,6 @@ Return Redis server endpoint {{- end }} {{- end -}} -{{/* -Create argocd server name and version as used by the chart label. -*/}} -{{- define "argo-cd.server.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd repo-server name and version as used by the chart label. -*/}} -{{- define "argo-cd.repoServer.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd application set name and version as used by the chart label. -*/}} -{{- define "argo-cd.applicationSet.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd notifications name and version as used by the chart label. -*/}} -{{- define "argo-cd.notifications.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the controller service account to use -*/}} -{{- define "argo-cd.controllerServiceAccountName" -}} -{{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.controller.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the dex service account to use -*/}} -{{- define "argo-cd.dexServiceAccountName" -}} -{{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.dex.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Create the name of the redis service account to use */}} @@ -114,6 +86,13 @@ Create the name of the redis service account to use {{- end -}} {{- end -}} +{{/* +Create argocd server name and version as used by the chart label. +*/}} +{{- define "argo-cd.server.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the Argo CD server service account to use */}} @@ -125,6 +104,13 @@ Create the name of the Argo CD server service account to use {{- end -}} {{- end -}} +{{/* +Create argocd repo-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.repoServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the repo-server service account to use */}} @@ -136,6 +122,13 @@ Create the name of the repo-server service account to use {{- end -}} {{- end -}} +{{/* +Create argocd application set name and version as used by the chart label. +*/}} +{{- define "argo-cd.applicationSet.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the application set service account to use */}} @@ -147,6 +140,13 @@ Create the name of the application set service account to use {{- end -}} {{- end -}} +{{/* +Create argocd notifications name and version as used by the chart label. +*/}} +{{- define "argo-cd.notifications.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the notifications service account to use */}} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml index 2ada23b4f..0a161362a 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -264,6 +264,8 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.controller) | nindent 8 }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -272,10 +274,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.controller.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml index ca129ffd3..462ebcbaa 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -198,14 +198,12 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) | nindent 8 }} {{- with .Values.applicationSet.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.applicationSet.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml index b9949aab6..2749cb2b4 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml @@ -53,14 +53,12 @@ spec: {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }} securityContext: {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications.bots.slack) | nindent 8 }} {{- with .Values.notifications.bots.slack.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.bots.slack.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.notifications.bots.slack.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml index 474dc01da..5efc09653 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml @@ -88,14 +88,12 @@ spec: initContainers: {{- tpl (toYaml . ) $ | nindent 8 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) | nindent 8 }} {{- with .Values.notifications.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.notifications.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml index 67ad60f9e..00e73d8a2 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -291,6 +291,8 @@ spec: {{- with .Values.repoServer.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) | nindent 8 }} {{- with .Values.repoServer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -299,10 +301,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.repoServer.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.repoServer.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml index 57d1305b1..bb3940065 100644 --- a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml @@ -348,6 +348,8 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.server) | nindent 8 }} {{- with .Values.server.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -356,10 +358,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.server.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.server.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo/argo-cd/templates/dex/deployment.yaml b/charts/argo/argo-cd/templates/dex/deployment.yaml index 9acc08711..7fea0b485 100644 --- a/charts/argo/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo/argo-cd/templates/dex/deployment.yaml @@ -146,10 +146,8 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.dex.affinity }} affinity: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.dex) | nindent 8 }} {{- with .Values.dex.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo/argo-cd/templates/redis/deployment.yaml b/charts/argo/argo-cd/templates/redis/deployment.yaml index ff4b29b1d..ffff4badc 100644 --- a/charts/argo/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo/argo-cd/templates/redis/deployment.yaml @@ -106,10 +106,8 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.redis.affinity }} affinity: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.redis) | nindent 8 }} {{- with .Values.redis.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index f444e21cf..b3706c5ab 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -92,12 +92,29 @@ global: # hostnames: # - git.myhostname + # Default network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components create: false # -- Default deny all ingress traffic defaultDenyIngress: false + # Default affinity preset for all components + affinity: + # -- Default pod anti-affinity rules. Either: `soft` or `hard` + podAntiAffinity: soft + # Node affinity rules + nodeAffinity: + # -- Default node affinity rules. Either: `soft` or `hard` + type: hard + # -- Default match expressions for node affinity + matchExpressions: [] + # - key: topology.kubernetes.io/zone + # operator: In + # values: + # - antarctica-east1 + # - antarctica-west1 + ## Argo Configs configs: # General Argo CD configuration @@ -627,6 +644,7 @@ controller: tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller @@ -965,6 +983,7 @@ dex: # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to dex @@ -1136,6 +1155,7 @@ redis: tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to redis @@ -1523,6 +1543,7 @@ server: # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server @@ -2014,6 +2035,7 @@ repoServer: # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the repo server @@ -2349,6 +2371,7 @@ applicationSet: tolerations: [] # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. @@ -2594,6 +2617,7 @@ notifications: tolerations: [] # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Priority class for the notifications controller pods @@ -2983,6 +3007,7 @@ notifications: # memory: 128Mi # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- [Tolerations] for use with node taints diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock index a7afc847f..dfb58d3f4 100644 --- a/charts/bitnami/airflow/Chart.lock +++ b/charts/bitnami/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: https://charts.bitnami.com/bitnami - version: 17.6.0 + version: 17.7.4 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 12.1.14 + version: 12.2.0 - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:245de8b17e6c836197d271e160ba44ee3b6fb119ba8becc70e590bdcb0e3bc5f -generated: "2023-02-02T13:03:40.325978595Z" + version: 2.2.3 +digest: sha256:df2c76ca2f610b4a9af347185292ceb0df797123ecbbd075ba9d72153465d631 +generated: "2023-02-17T14:12:20.08405837Z" diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml index c098419ce..232143b2e 100644 --- a/charts/bitnami/airflow/Chart.yaml +++ b/charts/bitnami/airflow/Chart.yaml @@ -38,4 +38,4 @@ name: airflow sources: - https://github.com/bitnami/containers/tree/main/bitnami/airflow - https://airflow.apache.org/ -version: 14.0.11 +version: 14.0.12 diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md index 44a164b05..04268cc8c 100644 --- a/charts/bitnami/airflow/README.md +++ b/charts/bitnami/airflow/README.md @@ -7,12 +7,12 @@ Apache Airflow is a tool to express and execute workflows as directed acyclic gr [Overview of Apache Airflow](https://airflow.apache.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/airflow +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/airflow ``` ## Introduction @@ -31,8 +31,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/airflow +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/airflow ``` These commands deploy Airflow on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -44,7 +44,7 @@ These commands deploy Airflow on the Kubernetes cluster in the default configura To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -59,7 +59,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -75,7 +74,6 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the the deployment(s)/statefulset(s) | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the the deployment(s)/statefulset(s) | `["infinity"]` | - ### Airflow common parameters | Name | Description | Value | @@ -92,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | | `dags.image.registry` | Init container load-dags image registry | `docker.io` | | `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` | -| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r79` | +| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r85` | | `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | | `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | @@ -105,82 +103,80 @@ The command removes all the Kubernetes components associated with the chart and | `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for all the Airflow pods | `[]` | | `extraVolumes` | Optionally specify extra list of additional volumes for the all the Airflow pods | `[]` | - ### Airflow web parameters -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- | -| `web.image.registry` | Airflow image registry | `docker.io` | -| `web.image.repository` | Airflow image repository | `bitnami/airflow` | -| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r5` | -| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | -| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | -| `web.image.debug` | Enable image debug mode | `false` | -| `web.baseUrl` | URL used to access to Airflow web ui | `""` | -| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | -| `web.command` | Override default container command (useful when using custom images) | `[]` | -| `web.args` | Override default container args (useful when using custom images) | `[]` | -| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | -| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | -| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | -| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | -| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | -| `web.replicaCount` | Number of Airflow web replicas | `1` | -| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | -| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | -| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | -| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | -| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | -| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | -| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | -| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | -| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | -| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | -| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | -| `web.hostAliases` | Deployment pod host aliases | `[]` | -| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | -| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | -| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | -| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | -| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | -| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | -| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | -| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | -| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | -| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `web.priorityClassName` | Priority Class Name | `""` | -| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | -| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | -| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | -| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | -| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | -| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | -| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | -| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | -| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | -| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | - +| Name | Description | Value | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `web.image.registry` | Airflow image registry | `docker.io` | +| `web.image.repository` | Airflow image repository | `bitnami/airflow` | +| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r10` | +| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | +| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | +| `web.image.debug` | Enable image debug mode | `false` | +| `web.baseUrl` | URL used to access to Airflow web ui | `""` | +| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | +| `web.command` | Override default container command (useful when using custom images) | `[]` | +| `web.args` | Override default container args (useful when using custom images) | `[]` | +| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | +| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | +| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | +| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | +| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | +| `web.replicaCount` | Number of Airflow web replicas | `1` | +| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | +| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | +| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | +| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | +| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | +| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | +| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | +| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | +| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | +| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | +| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | +| `web.hostAliases` | Deployment pod host aliases | `[]` | +| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | +| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | +| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | +| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | +| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | +| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | +| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | +| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | +| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | +| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `web.priorityClassName` | Priority Class Name | `""` | +| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | +| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | +| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | +| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | +| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | +| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | +| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | +| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | +| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | +| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | ### Airflow scheduler parameters @@ -188,7 +184,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- | | `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` | | `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` | -| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r5` | +| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r9` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | @@ -236,14 +232,13 @@ The command removes all the Kubernetes components associated with the chart and | `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` | | `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | - ### Airflow worker parameters | Name | Description | Value | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | | `worker.image.registry` | Airflow Worker image registry | `docker.io` | | `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` | -| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r5` | +| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r9` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | @@ -317,14 +312,13 @@ The command removes all the Kubernetes components associated with the chart and | `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` | | `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` | - ### Airflow git sync parameters | Name | Description | Value | | ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- | | `git.image.registry` | Git image registry | `docker.io` | | `git.image.repository` | Git image repository | `bitnami/git` | -| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.1-debian-11-r6` | +| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.2-debian-11-r0` | | `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | | `git.image.pullSecrets` | Git image pull secrets | `[]` | @@ -348,7 +342,6 @@ The command removes all the Kubernetes components associated with the chart and | `git.sync.extraEnvVarsSecret` | Secret with extra environment variables | `""` | | `git.sync.resources` | Sync sidecar container resource requests and limits | `{}` | - ### Airflow ldap parameters | Name | Description | Value | @@ -369,7 +362,6 @@ The command removes all the Kubernetes components associated with the chart and | `ldap.tls.certificatesMountPath` | Where LDAP certifcates are mounted. | `/opt/bitnami/airflow/conf/certs` | | `ldap.tls.CAFilename` | LDAP CA cert filename | `""` | - ### Traffic Exposure Parameters | Name | Description | Value | @@ -400,7 +392,6 @@ The command removes all the Kubernetes components associated with the chart and | `ingress.secrets` | Custom TLS certificates as secrets | `[]` | | `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | - ### Other Parameters | Name | Description | Value | @@ -412,7 +403,6 @@ The command removes all the Kubernetes components associated with the chart and | `rbac.create` | Create Role and RoleBinding | `false` | | `rbac.rules` | Custom RBAC rules to set | `[]` | - ### Airflow metrics parameters | Name | Description | Value | @@ -420,7 +410,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.image.registry` | Airflow exporter image registry | `docker.io` | | `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` | -| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r86` | +| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r91` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | @@ -463,7 +453,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | - ### Airflow database parameters | Name | Description | Value | @@ -494,11 +483,8 @@ The command removes all the Kubernetes components associated with the chart and | `externalRedis.existingSecret` | Name of an existing secret resource containing the Redis&trade credentials | `""` | | `externalRedis.existingSecretPasswordKey` | Name of an existing secret key containing the Redis&trade credentials | `""` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - ```console -$ helm install my-release \ +helm install my-release \ --set auth.username=my-user \ --set auth.password=my-passsword \ --set auth.fernetKey=my-fernet-key \ @@ -513,7 +499,7 @@ The above command sets the credentials to access the Airflow web UI. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/airflow +helm install my-release -f values.yaml my-repo/airflow ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -657,6 +643,7 @@ Local executor runs tasks by spawning processes in the Scheduler pods. To enable executor=LocalExecutor redis.enabled=false ``` + ### LocalKubernetesExecutor The LocalKubernetesExecutor is introduced in Airflow 2.3 and is a combination of both the Local and the Kubernetes executors. Tasks will be executed in the scheduler by default, but those tasks that require it can be executed in a Kubernetes pod using the 'kubernetes' queue. @@ -709,7 +696,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/airflow/charts/common/Chart.yaml b/charts/bitnami/airflow/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/airflow/charts/common/Chart.yaml +++ b/charts/bitnami/airflow/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/airflow/charts/common/README.md b/charts/bitnami/airflow/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/airflow/charts/common/README.md +++ b/charts/bitnami/airflow/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/airflow/charts/common/templates/_images.tpl b/charts/bitnami/airflow/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/airflow/charts/common/templates/_images.tpl +++ b/charts/bitnami/airflow/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.lock b/charts/bitnami/airflow/charts/postgresql/Chart.lock index 912a3a869..5f647678a 100644 --- a/charts/bitnami/airflow/charts/postgresql/Chart.lock +++ b/charts/bitnami/airflow/charts/postgresql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2022-12-14T19:37:46.129876178Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-09T18:59:17.379982577Z" diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/Chart.yaml index 57f3af1e1..44f542ae1 100644 --- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml +++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Database licenses: Apache-2.0 apiVersion: v2 -appVersion: 15.1.0 +appVersion: 15.2.0 dependencies: - name: common repository: https://charts.bitnami.com/bitnami @@ -28,4 +28,4 @@ name: postgresql sources: - https://github.com/bitnami/containers/tree/main/bitnami/postgresql - https://www.postgresql.org/ -version: 12.1.14 +version: 12.2.0 diff --git a/charts/bitnami/airflow/charts/postgresql/README.md b/charts/bitnami/airflow/charts/postgresql/README.md index e6259ab32..482428131 100644 --- a/charts/bitnami/airflow/charts/postgresql/README.md +++ b/charts/bitnami/airflow/charts/postgresql/README.md @@ -7,12 +7,12 @@ PostgreSQL (Postgres) is an open source object-relational database known for rel [Overview of PostgreSQL](http://www.postgresql.org) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/postgresql +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/postgresql ``` ## Introduction @@ -34,8 +34,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/postgresql +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/postgresql ``` The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -47,7 +47,7 @@ The command deploys PostgreSQL on the Kubernetes cluster in the default configur To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. @@ -55,7 +55,7 @@ The command removes all the Kubernetes components but PVC's associated with the To delete the PVC's associated with `my-release`: ```console -$ kubectl delete pvc -l release=my-release +kubectl delete pvc -l release=my-release ``` > **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. @@ -102,7 +102,7 @@ $ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r31` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r0` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -383,7 +383,7 @@ $ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r79` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r81` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -396,6 +396,7 @@ $ kubectl delete pvc -l release=my-release | Name | Description | Value | | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | | `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` | | `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | | `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | @@ -412,7 +413,7 @@ $ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r55` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r58` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | @@ -465,7 +466,6 @@ $ kubectl delete pvc -l release=my-release | `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` | -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console $ helm install my-release \ @@ -476,13 +476,12 @@ $ helm install my-release \ The above command sets the PostgreSQL `postgres` account password to `secretpassword`. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - > **Warning** Setting a password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. Refer to [issue 2061](https://github.com/bitnami/charts/issues/2061) for more details Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/postgresql +helm install my-release -f values.yaml my-repo/postgresql ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -583,7 +582,7 @@ The exporter allows to create custom metrics from additional SQL queries. See th In more complex scenarios, we may have the following tree of dependencies -``` +```text +--------------+ | | +------------+ Chart 1 +-----------+ @@ -603,7 +602,7 @@ In more complex scenarios, we may have the following tree of dependencies The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: -``` +```text postgresql.auth.username=testuser subchart1.postgresql.auth.username=testuser subchart2.postgresql.auth.username=testuser @@ -617,7 +616,7 @@ subchart2.postgresql.auth.database=testdb If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: -``` +```text global.postgresql.auth.username=testuser global.postgresql.auth.password=testpass global.postgresql.auth.database=testdb @@ -641,7 +640,7 @@ To enable network policy for PostgreSQL, install [a networking plugin that imple For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: ```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 5432. @@ -685,10 +684,10 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml +++ b/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/airflow/charts/postgresql/charts/common/README.md b/charts/bitnami/airflow/charts/postgresql/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/airflow/charts/postgresql/charts/common/README.md +++ b/charts/bitnami/airflow/charts/postgresql/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl +++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml b/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml index 5f28fb374..b650edf48 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml @@ -1,3 +1,23 @@ +{{- $host := include "postgresql.primary.fullname" . }} +{{- $port := include "postgresql.service.port" . }} +{{- $postgresPassword := "" }} +{{- if .Values.auth.enablePostgresUser }} +{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }} +{{- end }} +{{- $replicationPassword := "" }} +{{- if eq .Values.architecture "replication" }} +{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }} +{{- end }} +{{- $ldapPassword := "" }} +{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} +{{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }} +{{- end }} +{{- $customUser := include "postgresql.username" . }} +{{- $password := "" }} +{{- if not (empty (include "postgresql.username" .)) }} +{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }} +{{- end }} +{{- $database := include "postgresql.database" . }} {{- if (include "postgresql.createSecret" .) }} apiVersion: v1 kind: Secret @@ -14,16 +34,70 @@ metadata: type: Opaque data: {{- if .Values.auth.enablePostgresUser }} - postgres-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) }} + postgres-password: {{ $postgresPassword | b64enc | quote }} {{- end }} {{- if not (empty (include "postgresql.username" .)) }} - password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) }} + password: {{ $password | b64enc | quote }} {{- end }} {{- if eq .Values.architecture "replication" }} - replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) }} + replication-password: {{ $replicationPassword | b64enc | quote }} {{- end }} # We don't auto-generate LDAP password when it's not provided as we do for other passwords {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} - ldap-password: {{ coalesce .Values.ldap.bind_password .Values.ldap.bindpw | b64enc | quote }} + ldap-password: {{ $ldapPassword | b64enc | quote }} {{- end }} -{{- end -}} +{{- end }} +{{- if .Values.serviceBindings.enabled }} +{{- if .Values.auth.enablePostgresUser }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-postgres + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/postgresql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "postgresql" | b64enc | quote }} + host: {{ $host | b64enc | quote }} + port: {{ $port | b64enc | quote }} + user: {{ print "postgres" | b64enc | quote }} + database: {{ print "postgres" | b64enc | quote }} + password: {{ $postgresPassword | b64enc | quote }} + uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }} +{{- end }} +{{- if and (not (empty $customUser)) (ne $customUser "postgres") }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-custom-user + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/postgresql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "postgresql" | b64enc | quote }} + host: {{ $host | b64enc | quote }} + port: {{ $port | b64enc | quote }} + user: {{ $customUser | b64enc | quote }} + password: {{ $password | b64enc | quote }} + {{- if $database }} + database: {{ $database | b64enc | quote }} + {{- end }} + uri: {{ printf "postgresql://%s:%s@%s:%s/%s" $customUser $password $host $port $database | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/bitnami/airflow/charts/postgresql/values.yaml b/charts/bitnami/airflow/charts/postgresql/values.yaml index 7bf35af20..a3a1b4790 100644 --- a/charts/bitnami/airflow/charts/postgresql/values.yaml +++ b/charts/bitnami/airflow/charts/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.1.0-debian-11-r31 + tag: 15.2.0-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -231,6 +231,7 @@ ldap: enabled: false ## @param ldap.uri LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. ## Ref: https://www.postgresql.org/docs/current/auth-ldap.html + ## uri: "" ## @param postgresqlDataDir PostgreSQL data dir folder ## @@ -1020,6 +1021,7 @@ readReplicas: dataSource: {} ## @section NetworkPolicy parameters +## ## Add networkpolicies ## @@ -1070,6 +1072,7 @@ networkPolicy: ## - namespaceSelector: ## matchLabels: ## label: example + ## customRules: {} ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). @@ -1095,6 +1098,7 @@ networkPolicy: ## - namespaceSelector: ## matchLabels: ## label: example + ## customRules: {} ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule @@ -1109,9 +1113,11 @@ networkPolicy: ## - namespaceSelector: ## matchLabels: ## label: example + ## customRules: {} ## @section Volume Permissions parameters +## ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node @@ -1130,7 +1136,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r79 + tag: 11-debian-11-r81 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1158,6 +1164,13 @@ volumePermissions: runAsUser: 0 ## @section Other Parameters +## + +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false ## Service account for PostgreSQL to use. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ @@ -1202,6 +1215,7 @@ psp: create: false ## @section Metrics Parameters +## metrics: ## @param metrics.enabled Start a prometheus exporter @@ -1217,7 +1231,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.11.1-debian-11-r55 + tag: 0.11.1-debian-11-r58 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/airflow/charts/redis/Chart.lock b/charts/bitnami/airflow/charts/redis/Chart.lock index ba89eccf8..9d89ddcef 100644 --- a/charts/bitnami/airflow/charts/redis/Chart.lock +++ b/charts/bitnami/airflow/charts/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2022-12-12T19:34:26.826289322Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-14T22:31:24.380931903Z" diff --git a/charts/bitnami/airflow/charts/redis/Chart.yaml b/charts/bitnami/airflow/charts/redis/Chart.yaml index ea15ea225..bebc35090 100644 --- a/charts/bitnami/airflow/charts/redis/Chart.yaml +++ b/charts/bitnami/airflow/charts/redis/Chart.yaml @@ -24,4 +24,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/containers/tree/main/bitnami/redis -version: 17.6.0 +version: 17.7.4 diff --git a/charts/bitnami/airflow/charts/redis/README.md b/charts/bitnami/airflow/charts/redis/README.md index 20373c910..ee27f47c2 100644 --- a/charts/bitnami/airflow/charts/redis/README.md +++ b/charts/bitnami/airflow/charts/redis/README.md @@ -11,8 +11,8 @@ Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/redis +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/redis ``` ## Introduction @@ -47,8 +47,8 @@ The main features of each chart are the following: To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/redis +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/redis ``` The command deploys Redis® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -60,7 +60,7 @@ The command deploys Redis® on the Kubernetes cluster in the default configur To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -89,6 +89,7 @@ The command removes all the Kubernetes components associated with the chart and | `secretAnnotations` | Annotations to add to secret | `{}` | | `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | | `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `useHostnames` | Use hostnames internally when announcing replication | `true` | | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | @@ -96,15 +97,15 @@ The command removes all the Kubernetes components associated with the chart and ### Redis® Image parameters -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- | -| `image.registry` | Redis® image registry | `docker.io` | -| `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.8-debian-11-r0` | -| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Redis® image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | +| Name | Description | Value | +| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | +| `image.registry` | Redis® image registry | `docker.io` | +| `image.repository` | Redis® image repository | `bitnami/redis` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.8-debian-11-r11` | +| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Redis® image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | ### Redis® common configuration parameters @@ -336,7 +337,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.7-debian-11-r10` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.8-debian-11-r10` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -452,7 +453,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.45.0-debian-11-r26` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.46.0-debian-11-r5` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -518,7 +519,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r72` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -528,7 +529,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | | `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r72` | +| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` | | `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -548,7 +549,6 @@ The command removes all the Kubernetes components associated with the chart and | `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console $ helm install my-release \ @@ -563,7 +563,7 @@ The above command sets the Redis® server password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/redis +helm install my-release -f values.yaml my-repo/redis ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -616,10 +616,10 @@ useExternalDNS: On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-redis-node-0.a-redis.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Redis/Sentinel configuration using this new FQDN: -* `replica-announce-ip` -* `known-sentinel` -* `known-replica` -* `announce-ip` +- `replica-announce-ip` +- `known-sentinel` +- `known-replica` +- `announce-ip` :warning: This requires a working installation of `external-dns` to be fully functional. :warning: @@ -654,7 +654,7 @@ In addition to this, only one service is exposed: For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis® Sentinel cluster and query the current master using the command below (using redis-cli or similar): -``` +```console SENTINEL get-master-addr-by-name ``` @@ -669,6 +669,7 @@ In case the current master crashes, the Sentinel containers will elect a new mas When `master.count` is greater than `1`, special care must be taken to create a consistent setup. An example of use case is the creation of a redundant set of standalone masters or master-replicas per Kubernetes node where you must ensure: + - No more than `1` master can be deployed per Kubernetes node - Replicas and writers can only see the single master of their own Kubernetes node @@ -726,7 +727,7 @@ By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/co 3. Install the chart ```console -$ helm install my-release --set master.persistence.existingClaim=PVC_NAME my-repo/redis +helm install my-release --set master.persistence.existingClaim=PVC_NAME my-repo/redis ``` ## Backup and restore @@ -762,6 +763,7 @@ This major version updates the Redis® docker image version used from `6.2` t This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. Affected values: + - `master.service.port` renamed as `master.service.ports.redis`. - `master.service.nodePort` renamed as `master.service.nodePorts.redis`. - `replica.service.port` renamed as `replica.service.ports.redis`. @@ -785,11 +787,11 @@ The Redis® sentinel exporter was removed in this version because the upstrea ### To 14.0.0 - Several parameters were renamed or disappeared in favor of new ones on this major version: - - The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`. - - Credentials parameter are reorganized under the `auth` parameter. - - `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. - - `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`. - - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones. + - The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`. + - Credentials parameter are reorganized under the `auth` parameter. + - `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. + - `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`. + - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones. - New parameters to add custom command, environment variables, sidecars, init containers, etc. were added. - Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). - values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm). @@ -802,10 +804,10 @@ Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new - Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`: ```console -$ helm install redis my-repo/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC] +helm install redis my-repo/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC] ``` -| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[PASSWORD]_ with the password used in your previous release. +| Note: you need to substitute the placeholder *[EXISTING_PVC]* with the name of the PVC used on your previous release, and *[PASSWORD]* with the password used in your previous release. ### To 13.0.0 @@ -819,41 +821,29 @@ This version also introduces `bitnami/common`, a [library chart](https://helm.sh [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -**What changes were introduced in this major version?** +#### What changes were introduced in this major version? - Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. - The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -**Considerations when upgrading to this version** +#### Considerations when upgrading to this version - If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues - If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore - If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 -**Useful links** +#### Useful links -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 11.0.0 - -When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml` - -### To 9.0.0 - -The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis® exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter). - -### To 7.0.0 - -In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all. - -This version also allows enabling Redis® Sentinel containers inside of the Redis® Pods (feature disabled by default). In case the master crashes, a new Redis® node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster. +- +- +- ### To 11.0.0 When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version. +When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml` + ### To 10.0.0 For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases: @@ -863,6 +853,10 @@ For releases with `usePassword: true`, the value `sentinel.usePassword` controls If using a master/slave topology, or with `usePassword: false`, no action is required. +### To 9.0.0 + +The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis® exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter). + ### To 8.0.18 For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details. @@ -873,16 +867,16 @@ This version causes a change in the Redis® Master StatefulSet definition, so - Recommended: Create a clone of the Redis® Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC. - ``` - $ helm install my-release my-repo/redis --set persistence.existingClaim= - ``` +```console +helm install my-release my-repo/redis --set persistence.existingClaim= +``` - Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis® Master StatefulSet. As a consequence, the following commands can be done to upgrade the release - ``` - $ helm delete --purge - $ helm install my-repo/redis - ``` +```console +helm delete --purge +helm install my-repo/redis +``` Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters. @@ -913,34 +907,34 @@ must be specified. This version removes the `chart` label from the `spec.selector.matchLabels` which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently -added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726. +added, causing any subsequent upgrade to fail. See . -It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set. +It also fixes where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set. -Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. +Finally, it fixes by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. In order to upgrade, delete the Redis® StatefulSet before upgrading: ```console -$ kubectl delete statefulsets.apps --cascade=false my-release-redis-master +kubectl delete statefulsets.apps --cascade=false my-release-redis-master ``` And edit the Redis® slave (and metrics if enabled) deployment: ```console -$ kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' ``` ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml b/charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml +++ b/charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/airflow/charts/redis/charts/common/README.md b/charts/bitnami/airflow/charts/redis/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/airflow/charts/redis/charts/common/README.md +++ b/charts/bitnami/airflow/charts/redis/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/airflow/charts/redis/charts/common/templates/_images.tpl b/charts/bitnami/airflow/charts/redis/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/airflow/charts/redis/charts/common/templates/_images.tpl +++ b/charts/bitnami/airflow/charts/redis/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml index acff2e25e..7da15ddad 100644 --- a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml @@ -37,6 +37,9 @@ spec: {{- if .Values.master.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.master.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/airflow/charts/redis/templates/master/service.yaml b/charts/bitnami/airflow/charts/redis/templates/master/service.yaml index c03fea702..c2fb9087a 100644 --- a/charts/bitnami/airflow/charts/redis/templates/master/service.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/master/service.yaml @@ -30,7 +30,7 @@ spec: loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }} clusterIP: {{ .Values.master.service.clusterIP }} diff --git a/charts/bitnami/airflow/charts/redis/templates/replicas/service.yaml b/charts/bitnami/airflow/charts/redis/templates/replicas/service.yaml index f2619266a..c0b6861a2 100644 --- a/charts/bitnami/airflow/charts/redis/templates/replicas/service.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/replicas/service.yaml @@ -30,7 +30,7 @@ spec: loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.replica.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} clusterIP: {{ .Values.replica.service.clusterIP }} diff --git a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml index 8a8541d7b..406bce136 100644 --- a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml @@ -36,6 +36,9 @@ spec: {{- if .Values.replica.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml b/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml index 39fcc5011..96e2f1a0a 100644 --- a/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml @@ -44,11 +44,17 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } @@ -262,11 +268,17 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } @@ -426,13 +438,20 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } + run_sentinel_command() { if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" @@ -492,13 +511,20 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } + run_sentinel_command() { if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" @@ -614,11 +640,17 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } diff --git a/charts/bitnami/airflow/charts/redis/templates/sentinel/service.yaml b/charts/bitnami/airflow/charts/redis/templates/sentinel/service.yaml index 362d681dc..ac5b41145 100644 --- a/charts/bitnami/airflow/charts/redis/templates/sentinel/service.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/sentinel/service.yaml @@ -38,7 +38,7 @@ spec: loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.sentinel.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} clusterIP: {{ .Values.sentinel.service.clusterIP }} diff --git a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml index 205d55924..af563850a 100644 --- a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml @@ -35,6 +35,9 @@ spec: {{- if .Values.replica.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} {{- end }} diff --git a/charts/bitnami/airflow/charts/redis/templates/tls-secret.yaml b/charts/bitnami/airflow/charts/redis/templates/tls-secret.yaml index 4f9c39b85..3479370a4 100644 --- a/charts/bitnami/airflow/charts/redis/templates/tls-secret.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/tls-secret.yaml @@ -1,6 +1,5 @@ {{- if (include "redis.createTlsSecret" .) }} {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $existingCerts := (lookup "v1" "Secret" .Release.Namespace $secretName).data | default dict }} {{- $ca := genCA "redis-ca" 365 }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} @@ -9,7 +8,7 @@ {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: @@ -24,7 +23,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ (get $existingCerts "ca.crt") | default ($ca.Cert | b64enc | quote ) }} - tls.crt: {{ (get $existingCerts "tls.crt") | default ($crt.Cert | b64enc | quote) }} - tls.key: {{ (get $existingCerts "tls.key") | default ($crt.Key | b64enc | quote) }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/airflow/charts/redis/values.yaml b/charts/bitnami/airflow/charts/redis/values.yaml index 2bbc7e4f6..264ff0627 100644 --- a/charts/bitnami/airflow/charts/redis/values.yaml +++ b/charts/bitnami/airflow/charts/redis/values.yaml @@ -47,6 +47,9 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] +## @param useHostnames Use hostnames internally when announcing replication +### +useHostnames: true ## Enable diagnostic mode in the deployment ## @@ -79,7 +82,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.0.8-debian-11-r0 + tag: 7.0.8-debian-11-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -982,7 +985,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.0.7-debian-11-r10 + tag: 7.0.8-debian-11-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1404,7 +1407,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.45.0-debian-11-r26 + tag: 1.46.0-debian-11-r5 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1655,7 +1658,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r72 + tag: 11-debian-11-r85 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1703,7 +1706,7 @@ sysctl: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r72 + tag: 11-debian-11-r85 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml index 722953cb4..69006ad56 100644 --- a/charts/bitnami/airflow/values.yaml +++ b/charts/bitnami/airflow/values.yaml @@ -118,7 +118,7 @@ dags: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r79 + tag: 11-debian-11-r85 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -185,7 +185,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.5.1-debian-11-r5 + tag: 2.5.1-debian-11-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -443,7 +443,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.5.1-debian-11-r5 + tag: 2.5.1-debian-11-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -647,7 +647,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.5.1-debian-11-r5 + tag: 2.5.1-debian-11-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -920,7 +920,7 @@ git: image: registry: docker.io repository: bitnami/git - tag: 2.39.1-debian-11-r6 + tag: 2.39.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1283,7 +1283,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-11-r86 + tag: 0.20220314.0-debian-11-r91 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/cassandra/Chart.lock b/charts/bitnami/cassandra/Chart.lock index 2da99a938..a6aae946c 100644 --- a/charts/bitnami/cassandra/Chart.lock +++ b/charts/bitnami/cassandra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2022-12-22T13:03:20.759195688Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-17T14:47:04.069700672Z" diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index 9533cede2..cefe36ac3 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -29,4 +29,4 @@ name: cassandra sources: - https://github.com/bitnami/containers/tree/main/bitnami/cassandra - http://cassandra.apache.org -version: 10.0.2 +version: 10.0.3 diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md index b5dde0cb3..85aa0da5f 100644 --- a/charts/bitnami/cassandra/README.md +++ b/charts/bitnami/cassandra/README.md @@ -7,12 +7,12 @@ Apache Cassandra is an open source distributed database management system design [Overview of Apache Cassandra](http://cassandra.apache.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/cassandra +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/cassandra ``` ## Introduction @@ -32,8 +32,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/cassandra +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/cassandra ``` These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -45,7 +45,7 @@ These commands deploy one node with Apache Cassandra on the Kubernetes cluster i To uninstall/delete the `my-release` release: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -60,7 +60,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -76,14 +75,13 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - ### Cassandra parameters | Name | Description | Value | | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Cassandra image registry | `docker.io` | | `image.repository` | Cassandra image repository | `bitnami/cassandra` | -| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.0-debian-11-r11` | +| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.0-debian-11-r21` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` | @@ -114,7 +112,6 @@ The command removes all the Kubernetes components associated with the chart and | `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | - ### Statefulset parameters | Name | Description | Value | @@ -183,7 +180,6 @@ The command removes all the Kubernetes components associated with the chart and | `hostPorts.jmx` | JMX Port on the Host | `""` | | `hostPorts.cql` | CQL Port on the Host | `""` | - ### RBAC parameters | Name | Description | Value | @@ -193,7 +189,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.annotations` | Annotations for Cassandra Service Account | `{}` | | `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | - ### Traffic Exposure Parameters | Name | Description | Value | @@ -214,7 +209,6 @@ The command removes all the Kubernetes components associated with the chart and | `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | - ### Persistence parameters | Name | Description | Value | @@ -229,7 +223,6 @@ The command removes all the Kubernetes components associated with the chart and | `persistence.mountPath` | The path the data volume will be mounted at | `/bitnami/cassandra` | | `persistence.commitLogMountPath` | The path the commit log volume will be mounted at. Unset by default. Set it to '/bitnami/cassandra/commitlog' to enable a separate commit log volume | `""` | - ### Volume Permissions parameters | Name | Description | Value | @@ -237,7 +230,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r74` | +| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r85` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -245,7 +238,6 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.resources.requests` | The requested resources for the container | `{}` | | `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | - ### Metrics parameters | Name | Description | Value | @@ -253,7 +245,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | -| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r81` | +| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r90` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -282,7 +274,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.hostPorts.jmx` | JMX Port on the Host | `""` | | `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` | - ### TLS/SSL parameters | Name | Description | Value | @@ -299,13 +290,10 @@ The command removes all the Kubernetes components associated with the chart and | `tls.certificatesSecret` | Secret with the TLS certificates. | `""` | | `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` | - -The above parameters map to the env variables defined in [bitnami/cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra). For more information please refer to the [bitnami/cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image documentation. - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set dbUser.user=admin,dbUser.password=password \ my-repo/cassandra ``` @@ -313,7 +301,7 @@ $ helm install my-release \ Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/cassandra +helm install my-release -f values.yaml my-repo/cassandra ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -330,8 +318,8 @@ Bitnami will release a new chart updating its containers if a new version of the This chart supports TLS between client and server and between nodes, as explained below: -* For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`. -* For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`. +- For internode cluster encryption, set the `tls.internodeEncryption` chart parameter to a value different from `none`. Available values are `all`, `dc` or `rack`. +- For client-server encryption, set the `tls.clientEncryption` chart parameter to `true`. In both cases, it is also necessary to create a secret containing the keystore and truststore certificates and their corresponding protection passwords. This secret is to be passed to the chart via the `tls.existingSecret` parameter at deployment-time. @@ -370,8 +358,8 @@ If you encounter errors when working with persistent volumes, refer to our [trou As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. There are two approaches to achieve this: -* Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions. -* Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`. +- Use Kubernetes SecurityContexts by setting the `podSecurityContext.enabled` and `containerSecurityContext.enabled` to `true`. This option is enabled by default in the chart. However, this feature does not work in all Kubernetes distributions. +- Use an init container to change the ownership of the volume before mounting it in the final destination. Enable this container by setting the `volumePermissions.enabled` parameter to `true`. ## Backup and restore @@ -386,12 +374,13 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart: ```console -$ helm upgrade my-release my-repo/cassandra --set dbUser.password=[PASSWORD] +helm upgrade my-release my-repo/cassandra --set dbUser.password=[PASSWORD] ``` -| Note: you need to substitute the placeholder _[PASSWORD]_ with the value obtained in the installation notes. +| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes. ### To 9.0.0 + This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. Affected values: @@ -407,10 +396,10 @@ Affected values: Cassandra's version was bumped to `4.0`, [the new major](https://cassandra.apache.org/_/blog/Apache-Cassandra-4.0-is-Here.html) considered LTS. Among other features, this release removes support for [Thrift](https://issues.apache.org/jira/browse/CASSANDRA-11115), which means that the following properties of the chart will no longer be available: - - `cluster.enableRPC` - - `service.thriftPort` - - `service.nodePorts.thrift` - - `containerPorts.thrift` +- `cluster.enableRPC` +- `service.thriftPort` +- `service.nodePorts.thrift` +- `containerPorts.thrift` For this version, there have been [intensive efforts](https://cwiki.apache.org/confluence/display/CASSANDRA/4.0+Quality%3A+Components+and+Test+Plans) from Apache to ensure that a safe cluster upgrade can be performed. Nevertheless, a backup creation prior to undergoing the upgrade process is recommended. Please, refer to the [official guide](https://cassandra.apache.org/doc/latest/operating/backups.html#snapshots) for further information. @@ -443,8 +432,8 @@ The `minimumAvailable` option has been renamed to `minAvailable` for consistency An issue in StatefulSet manifest of the 4.x chart series rendered chart upgrades to be broken. The 5.0.0 series fixes this issue. To upgrade to the 5.x series you need to manually delete the Cassandra StatefulSet before executing the `helm upgrade` command. ```console -$ kubectl delete sts -l release= -$ helm upgrade ... +kubectl delete sts -l release= +helm upgrade ... ``` ### To 4.0.0 @@ -467,7 +456,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/cassandra/charts/common/Chart.yaml b/charts/bitnami/cassandra/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/cassandra/charts/common/Chart.yaml +++ b/charts/bitnami/cassandra/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/cassandra/charts/common/README.md b/charts/bitnami/cassandra/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/cassandra/charts/common/README.md +++ b/charts/bitnami/cassandra/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/cassandra/charts/common/templates/_images.tpl b/charts/bitnami/cassandra/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/cassandra/charts/common/templates/_images.tpl +++ b/charts/bitnami/cassandra/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 6e9cb84b8..08b3936ac 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.0-debian-11-r11 + tag: 4.1.0-debian-11-r21 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -604,7 +604,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r74 + tag: 11-debian-11-r85 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -673,7 +673,7 @@ metrics: registry: docker.io pullPolicy: IfNotPresent repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r81 + tag: 2.3.8-debian-11-r90 digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index 39d54db13..33f8de3a4 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: https://charts.bitnami.com/bitnami - version: 11.1.0 + version: 11.1.2 - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:da099b68bc1deabb4998fd87b4141440f26dba1a14801a507c402247830e75ee -generated: "2023-01-24T02:09:12.655952782Z" + version: 2.2.3 +digest: sha256:36f9ab281db4f7a9d978f445eb7fcf9d7553ad4f8c491bf01fce432c9f698509 +generated: "2023-02-15T09:46:39.298351777Z" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index 114788e2c..907f3d175 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.3.2 +appVersion: 3.4.0 dependencies: - condition: zookeeper.enabled name: zookeeper @@ -35,4 +35,4 @@ name: kafka sources: - https://github.com/bitnami/containers/tree/main/bitnami/kafka - https://kafka.apache.org/ -version: 20.0.6 +version: 21.0.1 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index 9ee6f328b..2cb118242 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -7,12 +7,12 @@ Apache Kafka is a distributed streaming platform designed to build real-time pip [Overview of Apache Kafka](http://kafka.apache.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/kafka +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/kafka ``` ## Introduction @@ -32,8 +32,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/kafka +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/kafka ``` These commands deploy Kafka on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -45,7 +45,7 @@ These commands deploy Kafka on the Kubernetes cluster in the default configurati To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -60,7 +60,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -76,14 +75,13 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` | - ### Kafka parameters | Name | Description | Value | | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.3.2-debian-11-r0` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r2` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -161,7 +159,6 @@ The command removes all the Kubernetes components associated with the chart and | `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | | `extraEnvVarsSecret` | Secret with extra environment variables | `""` | - ### Statefulset parameters | Name | Description | Value | @@ -230,58 +227,56 @@ The command removes all the Kubernetes components associated with the chart and | `pdb.minAvailable` | Maximum number/percentage of unavailable Kafka replicas | `""` | | `pdb.maxUnavailable` | Maximum number/percentage of unavailable Kafka replicas | `1` | - ### Traffic Exposure parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.ports.client` | Kafka svc port for client connections | `9092` | -| `service.ports.internal` | Kafka svc port for inter-broker connections | `9093` | -| `service.ports.external` | Kafka svc port for external connections | `9094` | -| `service.nodePorts.client` | Node port for the Kafka client connections | `""` | -| `service.nodePorts.external` | Node port for the Kafka external connections | `""` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.clusterIP` | Kafka service Cluster IP | `""` | -| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for Kafka service | `{}` | -| `service.headless.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | -| `service.headless.annotations` | Annotations for the headless service. | `{}` | -| `service.headless.labels` | Labels for the headless service. | `{}` | -| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` | -| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` | -| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | -| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | -| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.6-debian-11-r1` | -| `externalAccess.autoDiscovery.image.digest` | Petete image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | -| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | -| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | -| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | -| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | -| `externalAccess.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | -| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | -| `externalAccess.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | -| `externalAccess.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | -| `externalAccess.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | -| `externalAccess.service.labels` | Service labels for external access | `{}` | -| `externalAccess.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | -| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` | -| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | - +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.ports.client` | Kafka svc port for client connections | `9092` | +| `service.ports.internal` | Kafka svc port for inter-broker connections | `9093` | +| `service.ports.external` | Kafka svc port for external connections | `9094` | +| `service.nodePorts.client` | Node port for the Kafka client connections | `""` | +| `service.nodePorts.external` | Node port for the Kafka external connections | `""` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | Kafka service Cluster IP | `""` | +| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for Kafka service | `{}` | +| `service.headless.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `service.headless.labels` | Labels for the headless service. | `{}` | +| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.6-debian-11-r10` | +| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | +| `externalAccess.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | +| `externalAccess.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | +| `externalAccess.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | +| `externalAccess.service.labels` | Service labels for external access | `{}` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | +| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | ### Persistence parameters @@ -305,7 +300,6 @@ The command removes all the Kubernetes components associated with the chart and | `logPersistence.selector` | Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it | `{}` | | `logPersistence.mountPath` | Mount path of the Kafka logs volume | `/opt/bitnami/kafka/logs` | - ### Volume Permissions parameters | Name | Description | Value | @@ -313,7 +307,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r75` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -321,7 +315,6 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | - ### Other Parameters | Name | Description | Value | @@ -332,7 +325,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | | `rbac.create` | Whether to create & use RBAC resources or not | `false` | - ### Metrics parameters | Name | Description | Value | @@ -340,7 +332,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r52` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r61` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -388,7 +380,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r41` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r49` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -421,7 +413,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | | `metrics.prometheusRule.groups` | Prometheus Rule Groups for Kafka | `[]` | - ### Kafka provisioning parameters | Name | Description | Value | @@ -474,7 +465,6 @@ The command removes all the Kubernetes components associated with the chart and | `provisioning.initContainers` | Add additional Add init containers to the Kafka provisioning pod(s) | `[]` | | `provisioning.waitForKafka` | If true use an init container to wait until kafka is ready before starting provisioning | `true` | - ### ZooKeeper chart parameters | Name | Description | Value | @@ -492,11 +482,10 @@ The command removes all the Kubernetes components associated with the chart and | `zookeeper.persistence.size` | Persistent Volume size | `8Gi` | | `externalZookeeper.servers` | List of external zookeeper servers to use. Typically used in combination with 'zookeeperChrootPath'. | `[]` | - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set replicaCount=3 \ my-repo/kafka ``` @@ -506,7 +495,7 @@ The above command deploys Kafka with 3 brokers (replicas). Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/kafka +helm install my-release -f values.yaml my-repo/kafka ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -563,8 +552,8 @@ In order to configure TLS authentication/encryption, you **can** create a secret For instance, to configure TLS authentication on a Kafka cluster with 2 Kafka brokers use the commands below to create the secrets: ```console -$ kubectl create secret generic kafka-jks-0 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-0.keystore.jks -$ kubectl create secret generic kafka-jks-1 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-1.keystore.jks +kubectl create secret generic kafka-jks-0 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-0.keystore.jks +kubectl create secret generic kafka-jks-1 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-1.keystore.jks ``` > **Note**: the command above assumes you already created the truststore and keystores files. This [script](https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh) can help you with the JKS files generation. @@ -574,8 +563,8 @@ If, for some reason (like using Cert-Manager) you can not use the default JKS se - `auth.tls.jksTruststoreSecret` to define additional secret, where the `kafka.truststore.jks` is being kept. The truststore password **must** be the same as in `auth.tls.password` - `auth.tls.jksTruststore` to overwrite the default value of the truststore key (`kafka.truststore.jks`). - `auth.tls.jksKeystoreSAN` if you want to use a SAN certificate for your brokers. Setting this parameter would mean that the chart expects a existing key in the `auth.tls.jksTruststoreSecret` with the `auth.tls.jksKeystoreSAN` value and use this as a keystore for **all** brokers -> **Note**: If you are using cert-manager, particularly when an ACME issuer is used, the `ca.crt` field is not put in the `Secret` that cert-manager creates. To handle this, the `auth.tls.pemChainIncluded` property can be set to `true` and the initContainer created by this Chart will attempt to extract the intermediate certs from the `tls.crt` field of the secret (which is a PEM chain) +> **Note**: If you are using cert-manager, particularly when an ACME issuer is used, the `ca.crt` field is not put in the `Secret` that cert-manager creates. To handle this, the `auth.tls.pemChainIncluded` property can be set to `true` and the initContainer created by this Chart will attempt to extract the intermediate certs from the `tls.crt` field of the secret (which is a PEM chain) > **Note**: The truststore/keystore from above **must** be protected with the same password as in `auth.tls.password` You can deploy the chart with authentication using the following parameters: @@ -920,24 +909,24 @@ This version also introduces `bitnami/common`, a [library chart](https://helm.sh [On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. -**What changes were introduced in this major version?** +#### What changes were introduced in this major version? - Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. - Move dependency information from the *requirements.yaml* to the *Chart.yaml* - After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* - The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -**Considerations when upgrading to this version** +#### Considerations when upgrading to this version - If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues - If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore - If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 -**Useful links** +#### Useful links -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ +- +- +- ### To 11.8.0 @@ -997,7 +986,7 @@ Backwards compatibility is not guaranteed you adapt your values.yaml to the new + metrics.jmx.existingConfigmap ``` -Ports names were prefixed with the protocol to comply with Istio (see https://istio.io/docs/ops/deployment/requirements/). +Ports names were prefixed with the protocol to comply with Istio (see ). ### To 8.0.0 @@ -1009,8 +998,8 @@ Backwards compatibility is not guaranteed when Kafka metrics are enabled, unless Use the workaround below to upgrade from versions previous to 7.0.0. The following example assumes that the release name is kafka: ```console -$ helm upgrade kafka my-repo/kafka --version 6.1.8 --set metrics.kafka.enabled=false -$ helm upgrade kafka my-repo/kafka --version 7.0.0 --set metrics.kafka.enabled=true +helm upgrade kafka my-repo/kafka --version 6.1.8 --set metrics.kafka.enabled=false +helm upgrade kafka my-repo/kafka --version 7.0.0 --set metrics.kafka.enabled=true ``` ### To 2.0.0 @@ -1019,8 +1008,8 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is kafka: ```console -$ kubectl delete statefulset kafka-kafka --cascade=false -$ kubectl delete statefulset kafka-zookeeper --cascade=false +kubectl delete statefulset kafka-kafka --cascade=false +kubectl delete statefulset kafka-zookeeper --cascade=false ``` ### To 1.0.0 @@ -1029,19 +1018,19 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is kafka: ```console -$ kubectl delete statefulset kafka-kafka --cascade=false -$ kubectl delete statefulset kafka-zookeeper --cascade=false +kubectl delete statefulset kafka-kafka --cascade=false +kubectl delete statefulset kafka-zookeeper --cascade=false ``` ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/kafka/charts/common/Chart.yaml b/charts/bitnami/kafka/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/kafka/charts/common/Chart.yaml +++ b/charts/bitnami/kafka/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/kafka/charts/common/README.md b/charts/bitnami/kafka/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/kafka/charts/common/README.md +++ b/charts/bitnami/kafka/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/kafka/charts/common/templates/_images.tpl b/charts/bitnami/kafka/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/kafka/charts/common/templates/_images.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml index ae6fd7e1f..dc695f3cc 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml @@ -1,9 +1,8 @@ annotations: category: Infrastructure - licenses: | - - Apache-2.0 + licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.8.0 +appVersion: 3.8.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami @@ -23,4 +22,4 @@ name: zookeeper sources: - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper - https://zookeeper.apache.org/ -version: 11.1.0 +version: 11.1.2 diff --git a/charts/bitnami/kafka/charts/zookeeper/README.md b/charts/bitnami/kafka/charts/zookeeper/README.md index 7a1c17ffb..a6714635f 100644 --- a/charts/bitnami/kafka/charts/zookeeper/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/README.md @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r74` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r0` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -255,7 +255,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r69` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -518,7 +518,7 @@ $ kubectl delete statefulset zookeeper-zookeeper --cascade=false ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/kafka/charts/zookeeper/templates/tls-secrets.yaml b/charts/bitnami/kafka/charts/zookeeper/templates/tls-secrets.yaml index a07480d55..3d7e15926 100644 --- a/charts/bitnami/kafka/charts/zookeeper/templates/tls-secrets.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/templates/tls-secrets.yaml @@ -1,4 +1,5 @@ {{- if (include "zookeeper.client.createTlsSecret" .) }} +{{- $secretName := printf "%s-client-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "zookeeper-client-ca" 365 }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} @@ -6,11 +7,11 @@ {{- $serviceName := include "common.names.fullname" . }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-client-crt + name: {{ $secretName }} namespace: {{ template "zookeeper.namespace" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -21,11 +22,12 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- if (include "zookeeper.quorum.createTlsSecret" .) }} +{{- $secretName := printf "%s-quorum-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "zookeeper-quorum-ca" 365 }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} @@ -33,12 +35,12 @@ data: {{- $serviceName := include "common.names.fullname" . }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-quorum-crt + name: {{ $secretName }} namespace: {{ template "zookeeper.namespace" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -49,7 +51,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/kafka/charts/zookeeper/values.yaml b/charts/bitnami/kafka/charts/zookeeper/values.yaml index b9d59000d..abfdf67ab 100644 --- a/charts/bitnami/kafka/charts/zookeeper/values.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.0-debian-11-r74 + tag: 3.8.1-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r69 + tag: 11-debian-11-r77 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index 1245bdb65..c438c8347 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -69,7 +69,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.3.2-debian-11-r0 + tag: 3.4.0-debian-11-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -755,14 +755,14 @@ externalAccess: ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) - ## @param externalAccess.autoDiscovery.image.digest Petete image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.autoDiscovery.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets ## image: registry: docker.io repository: bitnami/kubectl - tag: 1.25.6-debian-11-r1 + tag: 1.25.6-debian-11-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1001,7 +1001,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r75 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1081,7 +1081,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.6.0-debian-11-r52 + tag: 1.6.0-debian-11-r61 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1317,7 +1317,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.17.2-debian-11-r41 + tag: 0.17.2-debian-11-r49 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/mariadb/Chart.lock b/charts/bitnami/mariadb/Chart.lock index 5d7370abc..9b535546c 100644 --- a/charts/bitnami/mariadb/Chart.lock +++ b/charts/bitnami/mariadb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2022-12-15T08:09:23.256191892Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-17T18:41:00.54667787Z" diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index 5efaf4e9a..44b0d3523 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -32,4 +32,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 11.4.6 +version: 11.5.0 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index 17b097298..8cfb5624b 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -7,12 +7,12 @@ MariaDB is an open source, community-developed SQL database server that is widel [Overview of MariaDB](https://mariadb.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mariadb +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/mariadb ``` ## Introduction @@ -34,8 +34,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mariadb +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/mariadb ``` The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -47,7 +47,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -62,24 +62,23 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global storage class for dynamic provisioning | `""` | - ### Common parameters -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override mariadb.fullname | `""` | -| `fullnameOverride` | String to fully override mariadb.fullname | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` | -| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` | -| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - +| Name | Description | Value | +| ------------------------- | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override mariadb.fullname | `""` | +| `fullnameOverride` | String to fully override mariadb.fullname | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` | +| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | ### MariaDB common parameters @@ -87,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | MariaDB image registry | `docker.io` | | `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r0` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r3` | | `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -106,7 +105,6 @@ The command removes all the Kubernetes components associated with the chart and | `initdbScripts` | Dictionary of initdb scripts | `{}` | | `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | - ### MariaDB Primary parameters | Name | Description | Value | @@ -199,7 +197,6 @@ The command removes all the Kubernetes components associated with the chart and | `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` | | `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | - ### MariaDB Secondary parameters | Name | Description | Value | @@ -292,7 +289,6 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` | | `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | - ### RBAC parameters | Name | Description | Value | @@ -303,7 +299,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | | `rbac.create` | Whether to create and use RBAC resources or not | `false` | - ### Volume Permissions parameters | Name | Description | Value | @@ -311,14 +306,13 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r80` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | - ### Metrics parameters | Name | Description | Value | @@ -326,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r86` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r90` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -365,7 +359,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | | `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | - ### NetworkPolicy parameters | Name | Description | Value | @@ -391,7 +384,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ my-repo/mariadb ``` @@ -403,7 +396,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/mariadb +helm install my-release -f values.yaml my-repo/mariadb ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -463,7 +456,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: ```console -$ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] +helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] ``` | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. @@ -520,7 +513,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: ```console -$ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` | Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. @@ -529,7 +522,7 @@ $ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] - Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. -In https://github.com/helm/charts/pull/17308 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. +In the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. This major version bump signifies this change. @@ -546,7 +539,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is mariadb: ```console -$ kubectl delete statefulset opencart-mariadb --cascade=false +kubectl delete statefulset opencart-mariadb --cascade=false ``` ## License @@ -557,7 +550,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/mariadb/charts/common/Chart.yaml b/charts/bitnami/mariadb/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/mariadb/charts/common/Chart.yaml +++ b/charts/bitnami/mariadb/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/mariadb/charts/common/README.md b/charts/bitnami/mariadb/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/mariadb/charts/common/README.md +++ b/charts/bitnami/mariadb/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/mariadb/charts/common/templates/_images.tpl b/charts/bitnami/mariadb/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_images.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/mariadb/templates/secrets.yaml b/charts/bitnami/mariadb/templates/secrets.yaml index 2ff62edd2..0f4906c8b 100644 --- a/charts/bitnami/mariadb/templates/secrets.yaml +++ b/charts/bitnami/mariadb/templates/secrets.yaml @@ -1,3 +1,7 @@ +{{- $host := include "mariadb.primary.fullname" . }} +{{- $port := print .Values.primary.service.ports.mysql }} +{{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mariadb.secretName" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) | trimAll "\"" | b64dec }} +{{- $password := include "common.secrets.passwords.manage" (dict "secret" (include "mariadb.secretName" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) | trimAll "\"" | b64dec }} {{- if eq (include "mariadb.createSecret" .) "true" }} apiVersion: v1 kind: Secret @@ -14,13 +18,13 @@ metadata: type: Opaque data: {{- if (not .Values.auth.forcePassword) }} - mariadb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) }} + mariadb-root-password: {{ print $rootPassword | b64enc | quote }} {{- else }} mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword | b64enc | quote }} {{- end }} {{- if (not (empty .Values.auth.username)) }} {{- if (not .Values.auth.forcePassword) }} - mariadb-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) }} + mariadb-password: {{ print $password | b64enc | quote }} {{- else }} mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password | b64enc | quote }} {{- end }} @@ -33,3 +37,57 @@ data: {{- end }} {{- end }} {{- end }} + +{{- if .Values.serviceBindings.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-root + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/mysql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "mysql" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + user: {{ print "root" | b64enc | quote }} + password: {{ print $rootPassword | b64enc | quote }} + uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }} + +{{- if .Values.auth.username }} +{{- $database := .Values.auth.database }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-custom-user + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/mysql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "mysql" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + user: {{ print .Values.auth.username | b64enc | quote }} + {{- if $database }} + database: {{ print $database | b64enc | quote }} + {{- end }} + password: {{ print $password | b64enc | quote }} + uri: {{ printf "mysql://%s:%s@%s:%s/%s" .Values.auth.username $password $host $port $database | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index 3c7c3e170..14ac9cfe1 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -65,6 +65,12 @@ diagnosticMode: args: - infinity +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + ## @section MariaDB common parameters ## @@ -81,7 +87,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mariadb - tag: 10.6.12-debian-11-r0 + tag: 10.6.12-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -989,7 +995,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r80 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1025,7 +1031,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r86 + tag: 0.14.0-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/mysql/Chart.lock b/charts/bitnami/mysql/Chart.lock index 485cbc31d..435205aec 100644 --- a/charts/bitnami/mysql/Chart.lock +++ b/charts/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2023-01-09T03:04:58.278003695Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-17T18:14:57.644290951Z" diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index 11765a91d..23abd451a 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -30,4 +30,4 @@ name: mysql sources: - https://github.com/bitnami/containers/tree/main/bitnami/mysql - https://mysql.com -version: 9.4.8 +version: 9.5.0 diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md index 1730f5035..960fb7660 100644 --- a/charts/bitnami/mysql/README.md +++ b/charts/bitnami/mysql/README.md @@ -7,12 +7,12 @@ MySQL is a fast, reliable, scalable, and easy to use open source relational data [Overview of MySQL](http://www.mysql.com) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mysql +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/mysql ``` ## Introduction @@ -32,8 +32,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mysql +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/mysql ``` These commands deploy MySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -45,7 +45,7 @@ These commands deploy MySQL on the Kubernetes cluster in the default configurati To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -60,23 +60,22 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `clusterDomain` | Cluster domain | `cluster.local` | -| `commonAnnotations` | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - +| Name | Description | Value | +| ------------------------- | --------------------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `clusterDomain` | Cluster domain | `cluster.local` | +| `commonAnnotations` | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `commonLabels` | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | +| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | ### MySQL common parameters @@ -84,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | MySQL image registry | `docker.io` | | `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.32-debian-11-r0` | +| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.32-debian-11-r8` | | `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -103,7 +102,6 @@ The command removes all the Kubernetes components associated with the chart and | `initdbScripts` | Dictionary of initdb scripts | `{}` | | `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | - ### MySQL Primary parameters | Name | Description | Value | @@ -192,7 +190,6 @@ The command removes all the Kubernetes components associated with the chart and | `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | | `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | - ### MySQL Secondary parameters | Name | Description | Value | @@ -282,7 +279,6 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | | `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | - ### RBAC parameters | Name | Description | Value | @@ -294,7 +290,6 @@ The command removes all the Kubernetes components associated with the chart and | `rbac.create` | Whether to create & use RBAC resources or not | `false` | | `rbac.rules` | Custom RBAC rules to set | `[]` | - ### Network Policy | Name | Description | Value | @@ -303,7 +298,6 @@ The command removes all the Kubernetes components associated with the chart and | `networkPolicy.allowExternal` | The Policy model to apply. | `true` | | `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | - ### Volume Permissions parameters | Name | Description | Value | @@ -311,13 +305,12 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r75` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources` | Init container volume-permissions resources | `{}` | - ### Metrics parameters | Name | Description | Value | @@ -325,7 +318,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r81` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r90` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -370,7 +363,7 @@ The above parameters map to the env variables defined in [bitnami/mysql](https:/ Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ my-repo/mysql ``` @@ -382,7 +375,7 @@ The above command sets the MySQL `root` account password to `secretpassword`. Ad Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/mysql +helm install my-release -f values.yaml my-repo/mysql ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -443,14 +436,14 @@ The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/stora If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). -## Network Policy +## Network Policy config To enable network policy for MySQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: ```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 3306. @@ -473,7 +466,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: ```console -$ helm upgrade my-release my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] +helm upgrade my-release my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] ``` | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. @@ -503,7 +496,7 @@ Affected values: ### To 8.0.0 - Several parameters were renamed or disappeared in favor of new ones on this major version: - - The terms *master* and *slave* have been replaced by the terms *primary* and *secondary*. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. + - The terms _master_ and _slave_ have been replaced by the terms _primary_ and _secondary_. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. - Credentials parameters are reorganized under the `auth` parameter. - `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. - Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). @@ -516,7 +509,7 @@ Consequences: - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mysql`: ```console -$ helm install mysql my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +helm install mysql my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` | Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. @@ -533,19 +526,19 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is mysql: ```console -$ kubectl delete statefulset mysql-master --cascade=false -$ kubectl delete statefulset mysql-slave --cascade=false +kubectl delete statefulset mysql-master --cascade=false +kubectl delete statefulset mysql-slave --cascade=false ``` ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/mysql/charts/common/Chart.yaml b/charts/bitnami/mysql/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/mysql/charts/common/Chart.yaml +++ b/charts/bitnami/mysql/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/mysql/charts/common/README.md b/charts/bitnami/mysql/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/mysql/charts/common/README.md +++ b/charts/bitnami/mysql/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/mysql/charts/common/templates/_images.tpl b/charts/bitnami/mysql/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/mysql/charts/common/templates/_images.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/mysql/templates/secrets.yaml b/charts/bitnami/mysql/templates/secrets.yaml index 6da5327cb..e2aa4438f 100644 --- a/charts/bitnami/mysql/templates/secrets.yaml +++ b/charts/bitnami/mysql/templates/secrets.yaml @@ -1,3 +1,7 @@ +{{- $host := include "mysql.primary.fullname" . }} +{{- $port := print .Values.primary.service.ports.mysql }} +{{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mysql.secretName" .) "key" "mysql-root-password" "length" 10 "providedValues" (list "auth.rootPassword") "context" $) | trimAll "\"" | b64dec }} +{{- $password := include "common.secrets.passwords.manage" (dict "secret" (include "mysql.secretName" .) "key" "mysql-password" "length" 10 "providedValues" (list "auth.password") "context" $) | trimAll "\"" | b64dec }} {{- if eq (include "mysql.createSecret" .) "true" }} apiVersion: v1 kind: Secret @@ -13,9 +17,62 @@ metadata: {{- end }} type: Opaque data: - mysql-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mysql-root-password" "length" 10 "providedValues" (list "auth.rootPassword") "context" $) }} - mysql-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mysql-password" "length" 10 "providedValues" (list "auth.password") "context" $) }} + mysql-root-password: {{ print $rootPassword | b64enc | quote }} + mysql-password: {{ print $password | b64enc | quote }} {{- if eq .Values.architecture "replication" }} mysql-replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mysql-replication-password" "length" 10 "providedValues" (list "auth.replicationPassword") "context" $) }} {{- end }} {{- end }} +{{- if .Values.serviceBindings.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-root + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/mysql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "mysql" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + user: {{ print "root" | b64enc | quote }} + password: {{ print $rootPassword | b64enc | quote }} + uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }} + +{{- if .Values.auth.username }} +{{- $database := .Values.auth.database }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-custom-user + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/mysql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "mysql" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + user: {{ print .Values.auth.username | b64enc | quote }} + {{- if $database }} + database: {{ print $database | b64enc | quote }} + {{- end }} + password: {{ print $password | b64enc | quote }} + uri: {{ printf "mysql://%s:%s@%s:%s/%s" .Values.auth.username $password $host $port $database | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml index c292f3dbd..076668f05 100644 --- a/charts/bitnami/mysql/values.yaml +++ b/charts/bitnami/mysql/values.yaml @@ -2,6 +2,7 @@ ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array @@ -17,6 +18,7 @@ global: storageClass: "" ## @section Common parameters +## ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## @@ -43,6 +45,12 @@ commonLabels: {} ## extraDeploy: [] +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -59,6 +67,7 @@ diagnosticMode: - infinity ## @section MySQL common parameters +## ## Bitnami MySQL image ## ref: https://hub.docker.com/r/bitnami/mysql/tags/ @@ -73,7 +82,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.32-debian-11-r0 + tag: 8.0.32-debian-11-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -152,6 +161,7 @@ initdbScripts: {} initdbScriptsConfigMap: "" ## @section MySQL Primary parameters +## primary: ## @param primary.name Name of the primary database (eg primary, master, leader, ...) @@ -312,11 +322,13 @@ primary: ## limits: ## cpu: 250m ## memory: 256Mi + ## limits: {} ## Examples: ## requests: ## cpu: 250m ## memory: 256Mi + ## requests: {} ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes @@ -522,6 +534,7 @@ primary: podLabels: {} ## @section MySQL Secondary parameters +## secondary: ## @param secondary.name Name of the secondary database (eg secondary, slave, ...) @@ -686,11 +699,13 @@ secondary: ## limits: ## cpu: 250m ## memory: 256Mi + ## limits: {} ## Examples: ## requests: ## cpu: 250m ## memory: 256Mi + ## requests: {} ## Configure extra options for liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes @@ -896,6 +911,7 @@ secondary: podLabels: {} ## @section RBAC parameters +## ## MySQL pods ServiceAccount ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ @@ -936,6 +952,7 @@ rbac: rules: [] ## @section Network Policy +## ## MySQL Nework Policy configuration ## @@ -966,6 +983,7 @@ networkPolicy: explicitNamespacesSelector: {} ## @section Volume Permissions parameters +## ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. @@ -984,7 +1002,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r75 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1000,6 +1018,7 @@ volumePermissions: resources: {} ## @section Metrics parameters +## ## Mysqld Prometheus exporter parameters ## @@ -1017,7 +1036,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r81 + tag: 0.14.0-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1097,11 +1116,13 @@ metrics: ## limits: ## cpu: 100m ## memory: 256Mi + ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 256Mi + ## requests: {} ## Mysqld Prometheus exporter liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index f15477aa1..f351ae140 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -32,4 +32,4 @@ name: postgresql sources: - https://github.com/bitnami/containers/tree/main/bitnami/postgresql - https://www.postgresql.org/ -version: 12.2.0 +version: 12.2.1 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index 482428131..9c78c66f5 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -79,7 +79,6 @@ kubectl delete pvc -l release=my-release | `global.postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` | | `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` | - ### Common parameters | Name | Description | Value | @@ -95,14 +94,13 @@ kubectl delete pvc -l release=my-release | `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` | - ### PostgreSQL common parameters | Name | Description | Value | | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r0` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r2` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -158,7 +156,6 @@ kubectl delete pvc -l release=my-release | `tls.certCAFilename` | CA Certificate filename | `""` | | `tls.crlFilename` | File containing a Certificate Revocation List | `""` | - ### PostgreSQL Primary parameters | Name | Description | Value | @@ -263,7 +260,6 @@ kubectl delete pvc -l release=my-release | `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | | `primary.persistence.dataSource` | Custom PVC data source | `{}` | - ### PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`) | Name | Description | Value | @@ -355,7 +351,6 @@ kubectl delete pvc -l release=my-release | `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | | `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` | - ### NetworkPolicy parameters | Name | Description | Value | @@ -375,7 +370,6 @@ kubectl delete pvc -l release=my-release | `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | | `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | - ### Volume Permissions parameters | Name | Description | Value | @@ -383,7 +377,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r81` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -391,7 +385,6 @@ kubectl delete pvc -l release=my-release | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | - ### Other Parameters | Name | Description | Value | @@ -405,7 +398,6 @@ kubectl delete pvc -l release=my-release | `rbac.rules` | Custom RBAC rules to set | `[]` | | `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | - ### Metrics Parameters | Name | Description | Value | @@ -413,7 +405,7 @@ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r58` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r60` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | @@ -468,7 +460,7 @@ kubectl delete pvc -l release=my-release ```console -$ helm install my-release \ +helm install my-release \ --set auth.postgresPassword=secretpassword my-repo/postgresql ``` @@ -690,4 +682,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index a3a1b4790..a489ecfb6 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.2.0-debian-11-r0 + tag: 15.2.0-debian-11-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1136,7 +1136,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r81 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1231,7 +1231,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.11.1-debian-11-r58 + tag: 0.11.1-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index c653413a5..9f7057e9b 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -28,4 +28,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/containers/tree/main/bitnami/redis -version: 17.7.4 +version: 17.8.0 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index ee27f47c2..95cf0832f 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -76,7 +76,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | | `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` | - ### Common parameters | Name | Description | Value | @@ -94,20 +93,18 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - ### Redis® Image parameters | Name | Description | Value | | ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Redis® image registry | `docker.io` | | `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.8-debian-11-r11` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.8-debian-11-r13` | | `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | | `image.pullSecrets` | Redis® image pull secrets | `[]` | | `image.debug` | Enable image debug mode | `false` | - ### Redis® common configuration parameters | Name | Description | Value | @@ -122,7 +119,6 @@ The command removes all the Kubernetes components associated with the chart and | `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | | `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` | - ### Redis® master configuration parameters | Name | Description | Value | @@ -222,7 +218,6 @@ The command removes all the Kubernetes components associated with the chart and | `master.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | | `master.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - ### Redis® replicas configuration parameters | Name | Description | Value | @@ -329,7 +324,6 @@ The command removes all the Kubernetes components associated with the chart and | `replica.serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | | `replica.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - ### Redis® Sentinel configuration parameters | Name | Description | Value | @@ -337,7 +331,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.8-debian-11-r10` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.8-debian-11-r12` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -413,11 +407,11 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` | - ### Other Parameters | Name | Description | Value | | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | | `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | | `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | @@ -445,7 +439,6 @@ The command removes all the Kubernetes components associated with the chart and | `tls.certCAFilename` | CA Certificate filename | `""` | | `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | - ### Metrics Parameters | Name | Description | Value | @@ -453,7 +446,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.46.0-debian-11-r5` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.46.0-debian-11-r6` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -511,7 +504,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | | `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | - ### Init Container Parameters | Name | Description | Value | @@ -519,7 +511,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r87` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -529,7 +521,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | | `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` | +| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r87` | | `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -538,7 +530,6 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.resources.limits` | The resources limits for the init container | `{}` | | `sysctl.resources.requests` | The requested resources for the init container | `{}` | - ### useExternalDNS Parameters | Name | Description | Value | @@ -549,9 +540,8 @@ The command removes all the Kubernetes components associated with the chart and | `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | - ```console -$ helm install my-release \ +helm install my-release \ --set auth.password=secretpassword \ my-repo/redis ``` diff --git a/charts/bitnami/redis/templates/master/application.yaml b/charts/bitnami/redis/templates/master/application.yaml index 7da15ddad..e6388e2fa 100644 --- a/charts/bitnami/redis/templates/master/application.yaml +++ b/charts/bitnami/redis/templates/master/application.yaml @@ -264,6 +264,8 @@ spec: {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} {{- else }} command: - /bin/bash diff --git a/charts/bitnami/redis/templates/secret.yaml b/charts/bitnami/redis/templates/secret.yaml index 2edc0d814..8be0a6d72 100644 --- a/charts/bitnami/redis/templates/secret.yaml +++ b/charts/bitnami/redis/templates/secret.yaml @@ -1,3 +1,13 @@ +{{- $host := include "common.names.fullname" . }} +{{- if not .Values.sentinel.enabled }} +{{- $host = printf "%s-master" (include "common.names.fullname" .) }} +{{- end }} +{{- $port := print .Values.master.service.ports.redis }} +{{- if .Values.sentinel.enabled }} +{{- $port = print .Values.sentinel.service.ports.redis }} +{{- end }} +{{- $password := include "redis.password" . }} + {{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}} apiVersion: v1 kind: Secret @@ -21,3 +31,26 @@ type: Opaque data: redis-password: {{ include "redis.password" . | b64enc | quote }} {{- end -}} +{{- if .Values.serviceBindings.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/redis +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "redis" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + password: {{ print $password | b64enc | quote }} + uri: {{ printf "redis://%s@%s:%s" $password $host $port | b64enc | quote }} +{{- end }} diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index 264ff0627..d5e44b619 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -82,7 +82,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.0.8-debian-11-r11 + tag: 7.0.8-debian-11-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -364,6 +364,7 @@ master: ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsPolicy: ClusterFirst + ## dnsPolicy: "" ## @param master.dnsConfig DNS Configuration for Redis® master pod ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ @@ -373,6 +374,7 @@ master: ## - name: ndots ## value: "4" ## - name: single-request-reopen + ## dnsConfig: {} ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup ## @@ -776,6 +778,7 @@ replica: ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsPolicy: ClusterFirst + ## dnsPolicy: "" ## @param replica.dnsConfig DNS Configuration for Redis® replica pods ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ @@ -785,6 +788,7 @@ replica: ## - name: ndots ## value: "4" ## - name: single-request-reopen + ## dnsConfig: {} ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup ## @@ -985,7 +989,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.0.8-debian-11-r10 + tag: 7.0.8-debian-11-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1011,6 +1015,7 @@ sentinel: quorum: 2 ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. ## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes. + ## getMasterTimeout: 220 ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. @@ -1018,6 +1023,7 @@ sentinel: ## automateClusterRecovery: false ## @param sentinel.redisShutdownWaitFailover Whether the Redis® master container waits for the failover at shutdown (in addition to the Redis® Sentinel container). + ## redisShutdownWaitFailover: true ## Sentinel timing restrictions ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down @@ -1247,6 +1253,12 @@ sentinel: ## @section Other Parameters ## +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + ## Network Policy configuration ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -1407,7 +1419,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.46.0-debian-11-r5 + tag: 1.46.0-debian-11-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1658,7 +1670,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r85 + tag: 11-debian-11-r87 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1706,7 +1718,7 @@ sysctl: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r85 + tag: 11-debian-11-r87 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/spark/Chart.lock b/charts/bitnami/spark/Chart.lock index 1ceb2c200..09869f824 100644 --- a/charts/bitnami/spark/Chart.lock +++ b/charts/bitnami/spark/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2022-12-23T13:22:51.320728448Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-17T20:43:52.500017625Z" diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index 94b29d45f..8f6868993 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.3.1 +appVersion: 3.3.2 dependencies: - name: common repository: file://./charts/common @@ -28,4 +28,4 @@ name: spark sources: - https://github.com/bitnami/containers/tree/main/bitnami/spark - https://spark.apache.org/ -version: 6.3.16 +version: 6.3.17 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index 18071007b..d4570aea4 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -7,12 +7,12 @@ Apache Spark is a high-performance engine for large-scale computing tasks, such [Overview of Apache Spark](https://spark.apache.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/spark +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/spark ``` ## Introduction @@ -33,8 +33,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/spark +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/spark ``` These commands deploy Apache Spark on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -46,7 +46,7 @@ These commands deploy Apache Spark on the Kubernetes cluster in the default conf To uninstall/delete the `my-release` statefulset: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. Use the option `--purge` to delete all persistent volumes too. @@ -61,7 +61,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -81,20 +80,18 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - ### Spark parameters -| Name | Description | Value | -| ------------------- | ----------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Spark image registry | `docker.io` | -| `image.repository` | Spark image repository | `bitnami/spark` | -| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.1-debian-11-r35` | -| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `hostNetwork` | Enable HOST Network | `false` | - +| Name | Description | Value | +| ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- | +| `image.registry` | Spark image registry | `docker.io` | +| `image.repository` | Spark image repository | `bitnami/spark` | +| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r0` | +| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `hostNetwork` | Enable HOST Network | `false` | ### Spark master parameters @@ -166,7 +163,6 @@ The command removes all the Kubernetes components associated with the chart and | `master.sidecars` | Add additional sidecar containers to the master pod(s) | `[]` | | `master.initContainers` | Add initContainers to the master pods. | `[]` | - ### Spark worker parameters | Name | Description | Value | @@ -248,7 +244,6 @@ The command removes all the Kubernetes components associated with the chart and | `worker.autoscaling.targetCPU` | Target CPU utilization percentage | `50` | | `worker.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | - ### Security parameters | Name | Description | Value | @@ -268,7 +263,6 @@ The command removes all the Kubernetes components associated with the chart and | `security.ssl.resources.limits` | The resources limits for the container | `{}` | | `security.ssl.resources.requests` | The requested resources for the container | `{}` | - ### Traffic Exposure parameters | Name | Description | Value | @@ -303,7 +297,6 @@ The command removes all the Kubernetes components associated with the chart and | `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | | `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | - ### Other parameters | Name | Description | Value | @@ -313,7 +306,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.annotations` | Annotations for Spark Service Account | `{}` | | `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | - ### Metrics parameters | Name | Description | Value | @@ -332,11 +324,10 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | | `metrics.prometheusRule.rules` | Custom Prometheus [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` | - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set master.webPort=8081 my-repo/spark ``` @@ -345,7 +336,7 @@ The above command sets the spark master web port to `8081`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/spark +helm install my-release -f values.yaml my-repo/spark ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -474,13 +465,13 @@ This version standardizes the way of defining Ingress rules. When configuring a ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/spark/charts/common/Chart.yaml b/charts/bitnami/spark/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/spark/charts/common/Chart.yaml +++ b/charts/bitnami/spark/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/spark/charts/common/README.md b/charts/bitnami/spark/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/spark/charts/common/README.md +++ b/charts/bitnami/spark/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/spark/charts/common/templates/_images.tpl b/charts/bitnami/spark/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/spark/charts/common/templates/_images.tpl +++ b/charts/bitnami/spark/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index 40e797805..268ec4478 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -92,7 +92,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.3.1-debian-11-r35 + tag: 3.3.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml index 0281de035..7814a3d90 100644 --- a/charts/bitnami/tomcat/Chart.yaml +++ b/charts/bitnami/tomcat/Chart.yaml @@ -32,4 +32,4 @@ name: tomcat sources: - https://github.com/bitnami/containers/tree/main/bitnami/tomcat - http://tomcat.apache.org -version: 10.5.15 +version: 10.5.16 diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md index 9ba999130..7ec6d5f33 100644 --- a/charts/bitnami/tomcat/README.md +++ b/charts/bitnami/tomcat/README.md @@ -7,12 +7,12 @@ Apache Tomcat is an open-source web server designed to host and run Java-based w [Overview of Apache Tomcat](http://tomcat.apache.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/tomcat +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/tomcat ``` ## Introduction @@ -35,8 +35,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/tomcat +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/tomcat ``` These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -48,7 +48,7 @@ These commands deploy Tomcat on the Kubernetes cluster in the default configurat To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -63,7 +63,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -76,14 +75,13 @@ The command removes all the Kubernetes components associated with the chart and | `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | | `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - ### Tomcat parameters | Name | Description | Value | | ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- | | `image.registry` | Tomcat image registry | `docker.io` | | `image.repository` | Tomcat image repository | `bitnami/tomcat` | -| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r16` | +| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r17` | | `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -99,7 +97,6 @@ The command removes all the Kubernetes components associated with the chart and | `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | - ### Tomcat deployment parameters | Name | Description | Value | @@ -168,7 +165,6 @@ The command removes all the Kubernetes components associated with the chart and | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | | `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | - ### Traffic Exposure parameters | Name | Description | Value | @@ -199,7 +195,6 @@ The command removes all the Kubernetes components associated with the chart and | `ingress.path` | Ingress path | `/` | | `ingress.pathType` | Ingress path type | `ImplementationSpecific` | - ### Volume Permissions parameters | Name | Description | Value | @@ -207,14 +202,13 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r85` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | - ### Metrics parameters | Name | Description | Value | @@ -223,7 +217,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r48` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r50` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -249,13 +243,12 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | | `metrics.prometheusRule.rules` | Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` | - The above parameters map to the env variables defined in [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat). For more information please refer to the [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) image documentation. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set tomcatUsername=manager,tomcatPassword=password my-repo/tomcat ``` @@ -266,7 +259,7 @@ The above command sets the Tomcat management username and password to `manager` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/tomcat +helm install my-release -f values.yaml my-repo/tomcat ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -350,9 +343,9 @@ Consequences: - Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing Tomcat deployment before upgrading (the following example assumes that the release name is `tomcat`): ```console -$ export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d) -$ kubectl delete deployments.apps tomcat -$ helm upgrade tomcat my-repo/tomcat --set tomcatPassword=$TOMCAT_PASSWORD +export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d) +kubectl delete deployments.apps tomcat +helm upgrade tomcat my-repo/tomcat --set tomcatPassword=$TOMCAT_PASSWORD ``` ### To 7.0.0 @@ -369,14 +362,14 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below: -``` -$ helm upgrade my-release my-repo/tomcat +```console +helm upgrade my-release my-repo/tomcat ``` If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below: -``` -$ helm upgrade my-release my-repo/tomcat --set securityContext.enabled=false,image.tag=XXX +```console +helm upgrade my-release my-repo/tomcat --set securityContext.enabled=false,image.tag=XXX ``` ### To 1.0.0 @@ -385,7 +378,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is tomcat: ```console -$ kubectl patch deployment tomcat --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl patch deployment tomcat --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' ``` ## License @@ -396,7 +389,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml index 856030328..30dd97e0b 100644 --- a/charts/bitnami/tomcat/values.yaml +++ b/charts/bitnami/tomcat/values.yaml @@ -58,7 +58,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/tomcat - tag: 10.1.5-debian-11-r16 + tag: 10.1.5-debian-11-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -576,7 +576,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r85 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -636,7 +636,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.17.2-debian-11-r48 + tag: 0.17.2-debian-11-r50 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index 1f7e9e276..0e859fe7f 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: memcached repository: https://charts.bitnami.com/bitnami - version: 6.3.6 + version: 6.3.7 - name: mariadb repository: https://charts.bitnami.com/bitnami version: 11.4.6 - name: common repository: https://charts.bitnami.com/bitnami version: 2.2.3 -digest: sha256:dd9ce6aae191fa08f71779f495cb3a178d53f7ac55a82733b75e4e2a7b8f4327 -generated: "2023-02-14T02:26:17.02311077Z" +digest: sha256:603f659cc8e943991bea143717b130c43a0cf14fc1b9019d97006bfa9f825581 +generated: "2023-02-17T19:05:31.835880298Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index db7f76708..91b78f26a 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -41,4 +41,4 @@ name: wordpress sources: - https://github.com/bitnami/containers/tree/main/bitnami/wordpress - https://wordpress.org/ -version: 15.2.42 +version: 15.2.45 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 154582e1c..9b4c80002 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -63,7 +63,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -79,20 +78,18 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - ### WordPress Image parameters | Name | Description | Value | | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r46` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r49` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | | `image.debug` | Specify if debug values should be set | `false` | - ### WordPress Configuration parameters | Name | Description | Value | @@ -132,7 +129,6 @@ The command removes all the Kubernetes components associated with the chart and | `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | - ### WordPress Multisite Configuration parameters | Name | Description | Value | @@ -142,14 +138,12 @@ The command removes all the Kubernetes components associated with the chart and | `multisite.networkType` | WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. | `subdomain` | | `multisite.enableNipIoRedirect` | Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. | `false` | - ### WordPress deployment parameters | Name | Description | Value | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- | | `replicaCount` | Number of WordPress replicas to deploy | `1` | | `updateStrategy.type` | WordPress deployment strategy type | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | WordPress deployment rolling update configuration parameters | `{}` | | `schedulerName` | Alternate scheduler | `""` | | `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `priorityClassName` | Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand | `""` | @@ -205,7 +199,6 @@ The command removes all the Kubernetes components associated with the chart and | `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `lifecycleHooks` | for the WordPress container(s) to automate configuration before or after startup | `{}` | - ### Traffic Exposure Parameters | Name | Description | Value | @@ -240,7 +233,6 @@ The command removes all the Kubernetes components associated with the chart and | `ingress.secrets` | Custom TLS certificates as secrets | `[]` | | `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | - ### Persistence Parameters | Name | Description | Value | @@ -257,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -265,7 +257,6 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | - ### Other Parameters | Name | Description | Value | @@ -283,7 +274,6 @@ The command removes all the Kubernetes components associated with the chart and | `autoscaling.targetCPU` | Target CPU utilization percentage | `50` | | `autoscaling.targetMemory` | Target Memory utilization percentage | `50` | - ### Metrics Parameters | Name | Description | Value | @@ -332,7 +322,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | - ### NetworkPolicy parameters | Name | Description | Value | @@ -353,7 +342,6 @@ The command removes all the Kubernetes components associated with the chart and | `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | | `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | - ### Database Parameters | Name | Description | Value | @@ -384,10 +372,8 @@ The command removes all the Kubernetes components associated with the chart and -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - ```console -$ helm install my-release \ +helm install my-release \ --set wordpressUsername=admin \ --set wordpressPassword=password \ --set mariadb.auth.rootPassword=secretpassword \ diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml index 4f3deab35..8b31a1532 100644 --- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml +++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml @@ -24,4 +24,4 @@ name: memcached sources: - https://github.com/bitnami/containers/tree/main/bitnami/memcached - http://memcached.org/ -version: 6.3.6 +version: 6.3.7 diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md index e96671c97..7420f6ff1 100644 --- a/charts/bitnami/wordpress/charts/memcached/README.md +++ b/charts/bitnami/wordpress/charts/memcached/README.md @@ -7,12 +7,12 @@ Memcached is an high-performance, distributed memory object caching system, gene [Overview of Memcached](http://memcached.org) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/memcached +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/memcached ``` ## Introduction @@ -31,8 +31,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/memcached +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/memcached ``` These commands deploy Memcached on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -44,7 +44,7 @@ These commands deploy Memcached on the Kubernetes cluster in the default configu To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -59,7 +59,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -75,14 +74,13 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the deployment/statefulset | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment/statefulset | `["infinity"]` | - ### Memcached parameters | Name | Description | Value | | ----------------------------- | --------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | Memcached image registry | `docker.io` | | `image.repository` | Memcached image repository | `bitnami/memcached` | -| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.18-debian-11-r11` | +| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.18-debian-11-r14` | | `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -98,7 +96,6 @@ The command removes all the Kubernetes components associated with the chart and | `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Memcached nodes | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Memcached nodes | `""` | - ### Deployment/Statefulset parameters | Name | Description | Value | @@ -166,7 +163,6 @@ The command removes all the Kubernetes components associated with the chart and | `pdb.minAvailable` | Minimum available Memcached replicas | `""` | | `pdb.maxUnavailable` | Maximum unavailable Memcached replicas | `1` | - ### Traffic Exposure parameters | Name | Description | Value | @@ -183,7 +179,6 @@ The command removes all the Kubernetes components associated with the chart and | `service.annotations` | Additional custom annotations for Memcached service | `{}` | | `service.extraPorts` | Extra ports to expose in the Memcached service (normally used with the `sidecar` value) | `[]` | - ### Other Parameters | Name | Description | Value | @@ -193,7 +188,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | | `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - ### Persistence parameters | Name | Description | Value | @@ -205,7 +199,6 @@ The command removes all the Kubernetes components associated with the chart and | `persistence.annotations` | Annotations for the PVC | `{}` | | `persistence.selector` | Selector to match an existing Persistent Volume for Memcached's data PVC | `{}` | - ### Volume Permissions parameters | Name | Description | Value | @@ -213,7 +206,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r81` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -223,7 +216,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Memcached exporter image registry | `docker.io` | | `metrics.image.repository` | Memcached exporter image repository | `bitnami/memcached-exporter` | -| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.10.0-debian-11-r83` | +| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r0` | | `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -270,13 +263,12 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | - The above parameters map to the environment variables defined in the [bitnami/memcached](https://github.com/bitnami/containers/tree/main/bitnami/memcached) container image. For more information please refer to the [bitnami/memcached](https://github.com/bitnami/containers/tree/main/bitnami/memcached) container image documentation. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release --set auth.username=user,auth.password=password my-repo/memcached +helm install my-release --set auth.username=user,auth.password=password my-repo/memcached ``` The above command sets the Memcached admin account username and password to `user` and `password` respectively. @@ -286,7 +278,7 @@ The above command sets the Memcached admin account username and password to `use Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/memcached +helm install my-release -f values.yaml my-repo/memcached ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -357,8 +349,8 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 4.0.0. The following example assumes that the release name is memcached: ```console -$ kubectl delete deployment memcached --cascade=false -$ helm upgrade memcached my-repo/memcached +kubectl delete deployment memcached --cascade=false +helm upgrade memcached my-repo/memcached ``` ### To 3.0.0 @@ -371,7 +363,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is memcached: ```console -$ kubectl patch deployment memcached --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl patch deployment memcached --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' ``` ## License @@ -382,7 +374,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/wordpress/charts/memcached/values.yaml b/charts/bitnami/wordpress/charts/memcached/values.yaml index 96c7b302c..ab968fd99 100644 --- a/charts/bitnami/wordpress/charts/memcached/values.yaml +++ b/charts/bitnami/wordpress/charts/memcached/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.18-debian-11-r11 + tag: 1.6.18-debian-11-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -509,7 +509,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r81 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -554,7 +554,7 @@ metrics: image: registry: docker.io repository: bitnami/memcached-exporter - tag: 0.10.0-debian-11-r83 + tag: 0.11.1-debian-11-r0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 8ede6748c..71c2847dc 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.1.1-debian-11-r46 + tag: 6.1.1-debian-11-r49 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -261,7 +261,6 @@ multisite: ## replicaCount: 1 ## @param updateStrategy.type WordPress deployment strategy type -## @param updateStrategy.rollingUpdate WordPress deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: @@ -273,7 +272,6 @@ replicaCount: 1 ## updateStrategy: type: RollingUpdate - rollingUpdate: {} ## @param schedulerName Alternate scheduler ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -759,7 +757,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r85 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/zookeeper/Chart.lock b/charts/bitnami/zookeeper/Chart.lock index 065985261..db268a715 100644 --- a/charts/bitnami/zookeeper/Chart.lock +++ b/charts/bitnami/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2023-01-06T05:12:14.420203052Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-17T20:26:24.808959946Z" diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index b33976b57..17cad7692 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -26,4 +26,4 @@ name: zookeeper sources: - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper - https://zookeeper.apache.org/ -version: 11.1.2 +version: 11.1.3 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index a6714635f..e300f71cf 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -7,12 +7,12 @@ Apache ZooKeeper provides a reliable, centralized register of configuration data [Overview of Apache ZooKeeper](https://zookeeper.apache.org) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/zookeeper +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/zookeeper ``` ## Introduction @@ -32,8 +32,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/zookeeper +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/zookeeper ``` These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -45,7 +45,7 @@ These commands deploy ZooKeeper on the Kubernetes cluster in the default configu To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -60,7 +60,6 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - ### Common parameters | Name | Description | Value | @@ -77,14 +76,13 @@ The command removes all the Kubernetes components associated with the chart and | `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` | - ### ZooKeeper chart parameters | Name | Description | Value | | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r0` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r6` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -125,7 +123,6 @@ The command removes all the Kubernetes components associated with the chart and | `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` | | `args` | Override default container args (useful when using custom images) | `[]` | - ### Statefulset parameters | Name | Description | Value | @@ -193,7 +190,6 @@ The command removes all the Kubernetes components associated with the chart and | `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` | | `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` | - ### Traffic Exposure parameters | Name | Description | Value | @@ -220,7 +216,6 @@ The command removes all the Kubernetes components associated with the chart and | `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | - ### Other Parameters | Name | Description | Value | @@ -230,7 +225,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | | `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - ### Persistence parameters | Name | Description | Value | @@ -247,7 +241,6 @@ The command removes all the Kubernetes components associated with the chart and | `persistence.dataLogDir.existingClaim` | Provide an existing `PersistentVolumeClaim` for ZooKeeper's data log directory | `""` | | `persistence.dataLogDir.selector` | Selector to match an existing Persistent Volume for ZooKeeper's data log PVC | `{}` | - ### Volume Permissions parameters | Name | Description | Value | @@ -255,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -264,7 +257,6 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | - ### Metrics parameters | Name | Description | Value | @@ -289,7 +281,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | | `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` | - ### TLS/SSL parameters | Name | Description | Value | @@ -323,11 +314,10 @@ The command removes all the Kubernetes components associated with the chart and | `tls.resources.limits` | The resources limits for the TLS init container | `{}` | | `tls.resources.requests` | The requested resources for the TLS init container | `{}` | - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set auth.clientUser=newUser \ my-repo/zookeeper ``` @@ -339,7 +329,7 @@ The above command sets the ZooKeeper user to `newUser`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/zookeeper +helm install my-release -f values.yaml my-repo/zookeeper ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -362,7 +352,7 @@ First, ensure that you are not getting metrics via the deprecated pattern of pol Second, to avoid the connection/disconnection messages from the probes, you can set custom values for these checks which direct them to the ZooKeeper Admin Server instead of the client port. By default, an Admin Server will be started that listens on `localhost` at port `8080`. The following is an example of this use of the Admin Server for probes: -``` +```yaml livenessProbe: enabled: false readinessProbe: @@ -390,6 +380,7 @@ You can also set the log4j logging level and what log appenders are turned on, b ```console zookeeper.root.logger=INFO, CONSOLE ``` + the available appender is - CONSOLE @@ -504,7 +495,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is `zookeeper`: ```console -$ kubectl delete statefulset zookeeper-zookeeper --cascade=false +kubectl delete statefulset zookeeper-zookeeper --cascade=false ``` ### To 1.0.0 @@ -513,7 +504,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is zookeeper: ```console -$ kubectl delete statefulset zookeeper-zookeeper --cascade=false +kubectl delete statefulset zookeeper-zookeeper --cascade=false ``` ## License @@ -524,7 +515,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/zookeeper/charts/common/Chart.yaml b/charts/bitnami/zookeeper/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/zookeeper/charts/common/Chart.yaml +++ b/charts/bitnami/zookeeper/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/zookeeper/charts/common/README.md b/charts/bitnami/zookeeper/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/zookeeper/charts/common/README.md +++ b/charts/bitnami/zookeeper/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/zookeeper/charts/common/templates/_images.tpl b/charts/bitnami/zookeeper/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/zookeeper/charts/common/templates/_images.tpl +++ b/charts/bitnami/zookeeper/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index abfdf67ab..7a48f6c5d 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.1-debian-11-r0 + tag: 3.8.1-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r77 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/clastix/kamaji/Chart.yaml b/charts/clastix/kamaji/Chart.yaml index aaf64a4cc..286a102b6 100644 --- a/charts/clastix/kamaji/Chart.yaml +++ b/charts/clastix/kamaji/Chart.yaml @@ -18,10 +18,8 @@ maintainers: name: Massimiliano Giovagnoli - email: me@bsctl.io name: Adriano Pezzuto -- email: iam@mendrugory.com - name: Gonzalo Gabriel Jiménez Fuentes name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 0.11.0 +version: 0.11.2 diff --git a/charts/clastix/kamaji/README.md b/charts/clastix/kamaji/README.md index cf4ccd621..f11cce0fa 100644 --- a/charts/clastix/kamaji/README.md +++ b/charts/clastix/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square) +![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square) Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler. @@ -11,7 +11,6 @@ Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a | Dario Tranchitella | | | | Massimiliano Giovagnoli | | | | Adriano Pezzuto | | | -| Gonzalo Gabriel Jiménez Fuentes | | | ## Source Code @@ -99,6 +98,7 @@ Here the values you can override: | etcd.overrides.endpoints | object | `{"etcd-0":"etcd-0.etcd.kamaji-system.svc.cluster.local","etcd-1":"etcd-1.etcd.kamaji-system.svc.cluster.local","etcd-2":"etcd-2.etcd.kamaji-system.svc.cluster.local"}` | (map) Dictionary of the endpoints for the etcd cluster's members, key is the name of the etcd server. Don't define the protocol (TLS is automatically inflected), or any port, inflected from .etcd.peerApiPort value. | | etcd.peerApiPort | int | `2380` | The peer API port which servers are listening to. | | etcd.persistence.accessModes[0] | string | `"ReadWriteOnce"` | | +| etcd.persistence.customAnnotations | object | `{}` | The custom annotations to add to the PVC | | etcd.persistence.size | string | `"10Gi"` | | | etcd.persistence.storageClass | string | `""` | | | etcd.port | int | `2379` | The client request port. | diff --git a/charts/clastix/kamaji/templates/_helpers.tpl b/charts/clastix/kamaji/templates/_helpers.tpl index a879ea6de..f44ca63d4 100644 --- a/charts/clastix/kamaji/templates/_helpers.tpl +++ b/charts/clastix/kamaji/templates/_helpers.tpl @@ -46,9 +46,9 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} Selector labels */}} {{- define "kamaji.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kamaji.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: controller-manager +app.kubernetes.io/name: {{ default (include "kamaji.name" .) .name }} +app.kubernetes.io/instance: {{ default .Release.Name .instance }} +app.kubernetes.io/component: {{ default "controller-manager" .component }} {{- end }} {{/* diff --git a/charts/clastix/kamaji/templates/certmanager_certificate.yaml b/charts/clastix/kamaji/templates/certmanager_certificate.yaml index 044815f64..2f310b16f 100644 --- a/charts/clastix/kamaji/templates/certmanager_certificate.yaml +++ b/charts/clastix/kamaji/templates/certmanager_certificate.yaml @@ -2,8 +2,8 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/component: certificate + {{- $data := . | mustMergeOverwrite (dict "component" "certificate") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: {{ include "kamaji.certificateName" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/clastix/kamaji/templates/certmanager_issuer.yaml b/charts/clastix/kamaji/templates/certmanager_issuer.yaml index dfd7c8892..1bc3cbb6d 100644 --- a/charts/clastix/kamaji/templates/certmanager_issuer.yaml +++ b/charts/clastix/kamaji/templates/certmanager_issuer.yaml @@ -2,8 +2,8 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/component: issuer + {{- $data := . | mustMergeOverwrite (dict "component" "issuer") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: kamaji-selfsigned-issuer namespace: {{ .Release.Namespace }} spec: diff --git a/charts/clastix/kamaji/templates/etcd_job_postdelete.yaml b/charts/clastix/kamaji/templates/etcd_job_postdelete.yaml index 7f95972b2..45a8b4e6d 100644 --- a/charts/clastix/kamaji/templates/etcd_job_postdelete.yaml +++ b/charts/clastix/kamaji/templates/etcd_job_postdelete.yaml @@ -28,4 +28,8 @@ spec: - --ignore-not-found=true - {{ include "etcd.caSecretName" . }} - {{ include "etcd.clientSecretName" . }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/clastix/kamaji/templates/etcd_job_postinstall.yaml b/charts/clastix/kamaji/templates/etcd_job_postinstall.yaml index 1e30604bb..48048e160 100644 --- a/charts/clastix/kamaji/templates/etcd_job_postinstall.yaml +++ b/charts/clastix/kamaji/templates/etcd_job_postinstall.yaml @@ -63,4 +63,8 @@ spec: - name: certs secret: secretName: {{ include "etcd.caSecretName" . }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/clastix/kamaji/templates/etcd_job_preinstall.yaml b/charts/clastix/kamaji/templates/etcd_job_preinstall.yaml index bf4e43667..a563a1a24 100644 --- a/charts/clastix/kamaji/templates/etcd_job_preinstall.yaml +++ b/charts/clastix/kamaji/templates/etcd_job_preinstall.yaml @@ -57,4 +57,8 @@ spec: name: {{ include "etcd.csrConfigMapName" . }} - name: certs emptyDir: {} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/clastix/kamaji/templates/etcd_sts.yaml b/charts/clastix/kamaji/templates/etcd_sts.yaml index 42bfbedbb..b3863ec59 100644 --- a/charts/clastix/kamaji/templates/etcd_sts.yaml +++ b/charts/clastix/kamaji/templates/etcd_sts.yaml @@ -81,6 +81,10 @@ spec: volumeClaimTemplates: - metadata: name: data + {{- with .Values.etcd.persistence.customAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: storageClassName: {{ .Values.etcd.persistence.storageClassName }} accessModes: diff --git a/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml b/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml index 36c280a45..19b741e6b 100644 --- a/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml +++ b/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml @@ -4,8 +4,8 @@ metadata: annotations: cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }} labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/instance: mutating-webhook-configuration + {{- $data := . | mustMergeOverwrite (dict "instance" "mutating-webhook-configuration") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: kamaji-mutating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/charts/clastix/kamaji/templates/service_metrics.yaml b/charts/clastix/kamaji/templates/service_metrics.yaml index a19b4abf2..68ef848b3 100644 --- a/charts/clastix/kamaji/templates/service_metrics.yaml +++ b/charts/clastix/kamaji/templates/service_metrics.yaml @@ -2,8 +2,8 @@ apiVersion: v1 kind: Service metadata: labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/component: metrics + {{- $data := . | mustMergeOverwrite (dict "component" "metrics") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: {{ include "kamaji.metricsServiceName" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/clastix/kamaji/templates/service_webhook.yaml b/charts/clastix/kamaji/templates/service_webhook.yaml index 593f43037..cdb26cd3b 100644 --- a/charts/clastix/kamaji/templates/service_webhook.yaml +++ b/charts/clastix/kamaji/templates/service_webhook.yaml @@ -2,9 +2,8 @@ apiVersion: v1 kind: Service metadata: labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: webhook-service + {{- $data := . | mustMergeOverwrite (dict "component" "webhook" "instance" "webhook-service") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: {{ include "kamaji.webhookServiceName" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/clastix/kamaji/templates/servicemonitor.yaml b/charts/clastix/kamaji/templates/servicemonitor.yaml index 73f5a6fd3..ce8d2194e 100644 --- a/charts/clastix/kamaji/templates/servicemonitor.yaml +++ b/charts/clastix/kamaji/templates/servicemonitor.yaml @@ -3,8 +3,8 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/component: servicemonitor + {{- $data := . | mustMergeOverwrite (dict "component" "servicemonitor") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: {{ include "kamaji.fullname" . }} namespace: {{ .Release.Namespace }} spec: diff --git a/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml b/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml index 06977892d..d981e9743 100644 --- a/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml +++ b/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml @@ -4,8 +4,8 @@ metadata: annotations: cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }} labels: - {{- include "kamaji.labels" . | nindent 4 }} - app.kubernetes.io/instance: validating-webhook-configuration + {{- $data := . | mustMergeOverwrite (dict "instance" "validating-webhook-configuration") -}} + {{- include "kamaji.labels" $data | nindent 4 }} name: kamaji-validating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/charts/clastix/kamaji/values.yaml b/charts/clastix/kamaji/values.yaml index 46a1876ed..e50b9ee22 100644 --- a/charts/clastix/kamaji/values.yaml +++ b/charts/clastix/kamaji/values.yaml @@ -57,6 +57,9 @@ etcd: storageClass: "" accessModes: - ReadWriteOnce + # -- The custom annotations to add to the PVC + customAnnotations: {} + # volumeType: local overrides: caSecret: diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml index 79fd6f36c..81c597a06 100644 --- a/charts/cockroach-labs/cockroachdb/Chart.yaml +++ b/charts/cockroach-labs/cockroachdb/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.8-0' catalog.cattle.io/release-name: cockroachdb apiVersion: v1 -appVersion: 22.2.4 +appVersion: 22.2.5 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. home: https://www.cockroachlabs.com icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png @@ -14,4 +14,4 @@ maintainers: name: cockroachdb sources: - https://github.com/cockroachdb/cockroach -version: 10.0.4 +version: 10.0.5 diff --git a/charts/cockroach-labs/cockroachdb/README.md b/charts/cockroach-labs/cockroachdb/README.md index 7ca7c6303..1765db003 100644 --- a/charts/cockroach-labs/cockroachdb/README.md +++ b/charts/cockroach-labs/cockroachdb/README.md @@ -229,10 +229,10 @@ kubectl get pods \ ``` ``` -my-release-cockroachdb-0 cockroachdb/cockroach:v22.2.4 -my-release-cockroachdb-1 cockroachdb/cockroach:v22.2.4 -my-release-cockroachdb-2 cockroachdb/cockroach:v22.2.4 -my-release-cockroachdb-3 cockroachdb/cockroach:v22.2.4 +my-release-cockroachdb-0 cockroachdb/cockroach:v22.2.5 +my-release-cockroachdb-1 cockroachdb/cockroach:v22.2.5 +my-release-cockroachdb-2 cockroachdb/cockroach:v22.2.5 +my-release-cockroachdb-3 cockroachdb/cockroach:v22.2.5 ``` Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: @@ -287,7 +287,7 @@ Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v21.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html). -Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v22.2.4 release notes](https://www.cockroachlabs.com/docs/releases/v22.2.4.html#backward-incompatible-changes). +Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v22.2.5 release notes](https://www.cockroachlabs.com/docs/releases/v22.2.5.html#backward-incompatible-changes). ## Configuration @@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file. | `conf.store.size` | CockroachDB storage size | `""` | | `conf.store.attrs` | CockroachDB storage attributes | `""` | | `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v22.2.4` | +| `image.tag` | Container image tag | `v22.2.5` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | | `statefulset.replicas` | StatefulSet replicas number | `3` | diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml index 197dd0f8b..ebaa34f70 100644 --- a/charts/cockroach-labs/cockroachdb/values.yaml +++ b/charts/cockroach-labs/cockroachdb/values.yaml @@ -1,7 +1,7 @@ # Generated file, DO NOT EDIT. Source: build/templates/values.yaml image: repository: cockroachdb/cockroach - tag: v22.2.4 + tag: v22.2.5 pullPolicy: IfNotPresent credentials: {} # registry: docker.io @@ -436,6 +436,8 @@ tls: # The name of this ServiceAccount to use. # If not set and `create` is `true`, then a name is auto-generated. name: "" + # Additional serviceAccount annotations (e.g. for attaching AWS IAM roles to pods) + annotations: {} copyCerts: image: busybox certs: @@ -476,6 +478,8 @@ tls: readinessWait: 30s # Wait time for each cockroachdb replica to get to running state. Only considered when rotateCerts is set to true podUpdateTimeout: 2m + # ServiceAccount annotations for selfSigner jobs (e.g. for attaching AWS IAM roles to pods) + svcAccountAnnotations: {} # Use cert-manager to issue certificates for mTLS. certManager: false diff --git a/charts/crowdstrike/falcon-sensor/Chart.yaml b/charts/crowdstrike/falcon-sensor/Chart.yaml index f5064e72f..ba891a865 100644 --- a/charts/crowdstrike/falcon-sensor/Chart.yaml +++ b/charts/crowdstrike/falcon-sensor/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>1.15.0-0' catalog.cattle.io/release-name: falcon-sensor apiVersion: v2 -appVersion: 1.18.2 +appVersion: 1.18.4 description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. home: https://crowdstrike.com icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg @@ -24,4 +24,4 @@ name: falcon-sensor sources: - https://github.com/CrowdStrike/falcon-helm type: application -version: 1.18.2 +version: 1.18.4 diff --git a/charts/crowdstrike/falcon-sensor/README.md b/charts/crowdstrike/falcon-sensor/README.md index 8ad0b7354..c77c5ce04 100644 --- a/charts/crowdstrike/falcon-sensor/README.md +++ b/charts/crowdstrike/falcon-sensor/README.md @@ -57,7 +57,6 @@ The following tables lists the Falcon Sensor configurable parameters and their d | `falcon.app` | App Proxy Port (APP) | None | | `falcon.trace` | Set trace level. (`none`,`err`,`warn`,`info`,`debug`) | `none` | | `falcon.feature` | Sensor Feature options | None | -| `falcon.backend` | Choose sensor backend (`kernel`,`bpf`). Sensor 6.49+ only | None | | `falcon.message_log` | Enable message log (true/false) | None | | `falcon.billing` | Utilize default or metered billing | None | | `falcon.tags` | Comma separated list of tags for sensor grouping | None | @@ -122,16 +121,17 @@ For more details please see the [falcon-helm](https://github.com/CrowdStrike/fal The following tables lists the more common configurable parameters of the chart and their default values for installing on a Kubernetes node. -| Parameter | Description | Default | -|:--------------------------------|:---------------------------------------------------------------------|:---------------------------------------------------------------------- | -| `node.enabled` | Enable installation on the Kubernetes node | `true` | -| `node.image.repository` | Falcon Sensor Node registry/image name | `falcon-node-sensor` | -| `node.image.tag` | The version of the official image to use | `latest` (Use node.image.digest instead for security and production) | -| `node.image.digest` | The sha256 digest of the official image to use | None (Use instead of the image tag for security and production) | -| `node.image.pullPolicy` | Policy for updating images | `Always` | -| `node.image.pullSecrets` | Pull secrets for private registry | None (Conflicts with node.image.registryConfigJSON) | -| `node.image.registryConfigJSON` | base64 encoded docker config json for the pull secret | None (Conflicts with node.image.pullSecrets) | -| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) | +| Parameter | Description | Default | +| :-------------------------------- | :--------------------------------------------------------------------- | :---------------------------------------------------------------------- | +| `node.enabled` | Enable installation on the Kubernetes node | `true` | +| `node.backend` | Choose sensor backend (`kernel`,`bpf`). Sensor 6.49+ only | kernel | +| `node.image.repository` | Falcon Sensor Node registry/image name | `falcon-node-sensor` | +| `node.image.tag` | The version of the official image to use | `latest` (Use node.image.digest instead for security and production) | +| `node.image.digest` | The sha256 digest of the official image to use | None (Use instead of the image tag for security and production) | +| `node.image.pullPolicy` | Policy for updating images | `Always` | +| `node.image.pullSecrets` | Pull secrets for private registry | None (Conflicts with node.image.registryConfigJSON) | +| `node.image.registryConfigJSON` | base64 encoded docker config json for the pull secret | None (Conflicts with node.image.pullSecrets) | +| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) | `falcon.cid` and `node.image.repository` are required values. diff --git a/charts/crowdstrike/falcon-sensor/templates/configmap.yaml b/charts/crowdstrike/falcon-sensor/templates/configmap.yaml index 429c80bd1..99004813e 100644 --- a/charts/crowdstrike/falcon-sensor/templates/configmap.yaml +++ b/charts/crowdstrike/falcon-sensor/templates/configmap.yaml @@ -18,6 +18,9 @@ data: FALCONCTL_OPT_{{ $key | upper }}: {{ $value | quote }} {{- end }} {{- end }} + {{- if and .Values.node.enabled .Values.node.backend }} + FALCONCTL_OPT_BACKEND: "{{ .Values.node.backend }}" + {{- end }} {{- if .Values.container.enabled }} CP_NAMESPACE: {{ .Release.Namespace }} FALCON_IMAGE_PULL_POLICY: "{{ .Values.container.image.pullPolicy }}" diff --git a/charts/crowdstrike/falcon-sensor/values.schema.json b/charts/crowdstrike/falcon-sensor/values.schema.json index f095ed575..65402747b 100644 --- a/charts/crowdstrike/falcon-sensor/values.schema.json +++ b/charts/crowdstrike/falcon-sensor/values.schema.json @@ -15,19 +15,15 @@ "1234567890ABCDEF1234567890ABCDEF-12" ] }, - "backend": { - "type": [ - "null", - "string" - ], - "pattern": "^(kernel|bpf)$" - }, "trace": { "type": [ "null", "string" ], "pattern": "^(|none|err|warn|info|debug)$" + }, + "backend": { + "type": "null" } } }, @@ -37,6 +33,13 @@ "enabled" ], "properties": { + "backend": { + "type": [ + "null", + "string" + ], + "pattern": "^(kernel|bpf)$" + }, "daemonset": { "type": "object", "required": [ diff --git a/charts/crowdstrike/falcon-sensor/values.yaml b/charts/crowdstrike/falcon-sensor/values.yaml index 79ad7ff23..1e6f562c0 100644 --- a/charts/crowdstrike/falcon-sensor/values.yaml +++ b/charts/crowdstrike/falcon-sensor/values.yaml @@ -6,6 +6,9 @@ node: # When enabled, Helm chart deploys the Falcon Sensors to Kubernetes nodes enabled: true + # Overrides the backend leveraged by the Falcon Sensor (kernel, bpf) + backend: kernel + daemonset: # Annotations to apply to the daemonset annotations: {} @@ -208,7 +211,6 @@ falcon: app: trace: none feature: - backend: kernel message_log: billing: tags: diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 9413ada05..308b80781 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,13 @@ # Datadog changelog +## 3.10.9 + +* Default `Agent` and `Cluster-Agent` image tags to `7.42.2`. + +## 3.10.8 + +* Fix `cluster-agent` SCC, remove duplicate `users` field. + ## 3.10.7 * Default `Agent` and `Cluster-Agent` image tags to `7.42.1`. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 1f8e074e6..60b9fc398 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.10.7 +version: 3.10.9 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index 1bc808bac..319c26430 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.10.7](https://img.shields.io/badge/Version-3.10.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.10.9](https://img.shields.io/badge/Version-3.10.9-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -443,7 +443,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.42.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.42.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -501,7 +501,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.42.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.42.2"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -547,7 +547,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.42.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.42.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/datadog/templates/cluster-agent-scc.yaml b/charts/datadog/datadog/templates/cluster-agent-scc.yaml index 2140f547b..d6c54c0e1 100644 --- a/charts/datadog/datadog/templates/cluster-agent-scc.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-scc.yaml @@ -33,7 +33,6 @@ seLinuxContext: type: MustRunAs supplementalGroups: type: RunAsAny -users: [] volumes: - configMap - downwardAPI diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index c948cef1a..8e16f9f9c 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -794,7 +794,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.42.1 + tag: 7.42.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1116,7 +1116,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.42.1 + tag: 7.42.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1557,7 +1557,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.42.1 + tag: 7.42.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/charts/gluu/gluu/Chart.yaml b/charts/gluu/gluu/Chart.yaml index e767b2c0d..e28f6e856 100644 --- a/charts/gluu/gluu/Chart.yaml +++ b/charts/gluu/gluu/Chart.yaml @@ -1,28 +1,28 @@ annotations: artifacthub.io/changes: | - - Waiting for changes + - Chart 5.0.11 official release artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/images: | - name: auth-server - image: janssenproject/auth-server:1.0.7_dev + image: janssenproject/auth-server:1.0.8_dev - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.7_dev + image: janssenproject/certmanager:1.0.8_dev - name: configuration-manager - image: janssenproject/configurator:1.0.7_dev + image: janssenproject/configurator:1.0.8_dev - name: config-api - image: janssenproject/config-api:1.0.7_dev + image: janssenproject/config-api:1.0.8_dev - name: fido2 - image: janssenproject/fido2:1.0.7_dev + image: janssenproject/fido2:1.0.8_dev - name: opendj image: gluufederation/opendj:5.0.0_dev - name: persistence - image: janssenproject/persistence-loader:1.0.7_dev + image: janssenproject/persistence-loader:1.0.8_dev - name: scim - image: janssenproject/scim:1.0.7_dev + image: janssenproject/scim:1.0.8_dev - name: casa image: gluufederation/casa:5.0.0_dev - name: admin-ui - image: gluufederation/admin-ui:1.0.1_dev + image: gluufederation/admin-ui:1.0.8_dev artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "true" catalog.cattle.io/certified: partner @@ -35,59 +35,59 @@ dependencies: - condition: global.config.enabled name: config repository: file://./charts/config - version: 5.0.10 + version: 5.0.11 - condition: global.config-api.enabled name: config-api repository: file://./charts/config-api - version: 5.0.10 + version: 5.0.11 - condition: global.opendj.enabled name: opendj repository: file://./charts/opendj - version: 5.0.10 + version: 5.0.11 - condition: global.auth-server.enabled name: auth-server repository: file://./charts/auth-server - version: 5.0.10 + version: 5.0.11 - condition: global.admin-ui.enabled name: admin-ui repository: file://./charts/admin-ui - version: 5.0.10 + version: 5.0.11 - condition: global.fido2.enabled name: fido2 repository: file://./charts/fido2 - version: 5.0.10 + version: 5.0.11 - condition: global.scim.enabled name: scim repository: file://./charts/scim - version: 5.0.10 + version: 5.0.11 - condition: global.nginx-ingress.enabled name: nginx-ingress repository: file://./charts/nginx-ingress - version: 5.0.10 + version: 5.0.11 - condition: global.oxshibboleth.enabled name: oxshibboleth repository: file://./charts/oxshibboleth - version: 5.0.10 + version: 5.0.11 - condition: global.oxpassport.enabled name: oxpassport repository: file://./charts/oxpassport - version: 5.0.10 + version: 5.0.11 - condition: global.casa.enabled name: casa repository: file://./charts/casa - version: 5.0.10 + version: 5.0.11 - condition: global.auth-server-key-rotation.enabled name: auth-server-key-rotation repository: file://./charts/auth-server-key-rotation - version: 5.0.10 + version: 5.0.11 - condition: global.persistence.enabled name: persistence repository: file://./charts/persistence - version: 5.0.10 + version: 5.0.11 - condition: global.istio.ingress name: cn-istio-ingress repository: file://./charts/cn-istio-ingress - version: 5.0.10 + version: 5.0.11 description: Gluu Access and Identity Management home: https://www.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -99,4 +99,4 @@ name: gluu sources: - https://gluu.org/docs/gluu-server - https://github.com/GluuFederation/flex/flex-cn-setup -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/README.md b/charts/gluu/gluu/README.md index 0742a0f51..21ce4dcea 100644 --- a/charts/gluu/gluu/README.md +++ b/charts/gluu/gluu/README.md @@ -1,6 +1,6 @@ # gluu -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu Access and Identity Management @@ -23,26 +23,26 @@ Kubernetes: `>=v1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| | admin-ui | 5.0.10 | -| | auth-server | 5.0.10 | -| | auth-server-key-rotation | 5.0.10 | -| | casa | 5.0.10 | -| | cn-istio-ingress | 5.0.10 | -| | config | 5.0.10 | -| | config-api | 5.0.10 | -| | fido2 | 5.0.10 | -| | nginx-ingress | 5.0.10 | -| | opendj | 5.0.10 | -| | oxpassport | 5.0.10 | -| | oxshibboleth | 5.0.10 | -| | persistence | 5.0.10 | -| | scim | 5.0.10 | +| | admin-ui | 5.0.11 | +| | auth-server | 5.0.11 | +| | auth-server-key-rotation | 5.0.11 | +| | casa | 5.0.11 | +| | cn-istio-ingress | 5.0.11 | +| | config | 5.0.11 | +| | config-api | 5.0.11 | +| | fido2 | 5.0.11 | +| | nginx-ingress | 5.0.11 | +| | opendj | 5.0.11 | +| | oxpassport | 5.0.11 | +| | oxshibboleth | 5.0.11 | +| | persistence | 5.0.11 | +| | scim | 5.0.11 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.5-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.7-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | | admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | admin-ui.dnsConfig | object | `{}` | Add custom dns config | @@ -53,7 +53,7 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | | admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| admin-ui.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| admin-ui.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | @@ -69,8 +69,8 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.5-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.5-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.7-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.7-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | @@ -78,7 +78,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | | auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | @@ -100,7 +100,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| auth-server.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -117,7 +117,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-4"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-7"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | casa.dnsConfig | object | `{}` | Add custom dns config | @@ -128,7 +128,7 @@ Kubernetes: `>=v1.21.0-0` | casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | casa.image.pullSecrets | list | `[]` | Image Pull Secrets | | casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | -| casa.image.tag | string | `"5.0.0-4"` | Image tag to use for deploying. | +| casa.image.tag | string | `"5.0.0-7"` | Image tag to use for deploying. | | casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | | casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -146,8 +146,8 @@ Kubernetes: `>=v1.21.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.5-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.5-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.7-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.7-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | config-api.dnsConfig | object | `{}` | Add custom dns config | @@ -158,7 +158,7 @@ Kubernetes: `>=v1.21.0-0` | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| config-api.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -180,8 +180,6 @@ Kubernetes: `>=v1.21.0-0` | config.adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | | config.city | string | `"Austin"` | City. Used for certificate creation. | | config.configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | -| config.configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| config.configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | | config.configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | | config.configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | @@ -194,6 +192,8 @@ Kubernetes: `>=v1.21.0-0` | config.configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the Google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSecretManagerServiceAccount | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | | config.configmap.cnGoogleSpannerInstanceId | string | `""` | Google Spanner ID. Used only when global.cnPersistenceType is spanner. | | config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | @@ -206,16 +206,14 @@ Kubernetes: `>=v1.21.0-0` | config.configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnScimProtectionMode | string | `"OAUTH"` | SCIM protection mode OAUTH|TEST|UMA | -| config.configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| config.configmap.cnSecretGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | | config.configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | | config.configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | -| config.configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| config.configmap.cnSqlDbName | string | `"gluu"` | SQL database name. | | config.configmap.cnSqlDbPort | int | `3306` | SQL database port. | | config.configmap.cnSqlDbSchema | string | `""` | Schema name used by SQL database (default to empty-string; if using MySQL, the schema name will be resolved as the database name, whereas in PostgreSQL the schema name will be resolved as `"public"`). | | config.configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | -| config.configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| config.configmap.cnSqlDbUser | string | `"gluu"` | SQL database username. | | config.configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected the secrets . | | config.configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. | | config.countryCode | string | `"US"` | Country code. Used for certificate creation. | @@ -224,7 +222,7 @@ Kubernetes: `>=v1.21.0-0` | config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | | config.image.pullSecrets | list | `[]` | Image Pull Secrets | | config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| config.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| config.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. | | config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | @@ -243,7 +241,7 @@ Kubernetes: `>=v1.21.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.5-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.7-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | fido2.dnsConfig | object | `{}` | Add custom dns config | @@ -254,7 +252,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | | fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| fido2.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -273,7 +271,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. | | global.admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. | | global.admin-ui.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints in either istio or nginx ingress depending on users choice | @@ -363,12 +361,16 @@ Kubernetes: `>=v1.21.0-0` | global.configAdapterName | string | `"kubernetes"` | The config backend adapter that will hold Gluu configuration layer. aws|google|kubernetes | | global.configSecretAdapter | string | `"kubernetes"` | The config backend adapter that will hold Gluu secret layer. aws|google|kubernetes | | global.distribution | string | `"default"` | Gluu distributions supported are: default|openbanking. | -| global.fido2.appLoggers | object | `{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.fido2.appLoggers | object | `{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | | global.fido2.appLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e fido2 ===> 2022-12-20 17:49:55,744 INFO | | global.fido2.appLoggers.fido2LogLevel | string | `"INFO"` | fido2.log level | | global.fido2.appLoggers.fido2LogTarget | string | `"STDOUT"` | fido2.log target | +| global.fido2.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | fido2_persistence_duration.log level | +| global.fido2.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | fido2_persistence_duration.log target | | global.fido2.appLoggers.persistenceLogLevel | string | `"INFO"` | fido2_persistence.log level | | global.fido2.appLoggers.persistenceLogTarget | string | `"FILE"` | fido2_persistence.log target | +| global.fido2.appLoggers.scriptLogLevel | string | `"INFO"` | fido2_script.log level | +| global.fido2.appLoggers.scriptLogTarget | string | `"FILE"` | fido2_script.log target | | global.fido2.enabled | bool | `true` | Boolean flag to enable/disable the fido2 chart. | | global.fido2.fido2ServiceName | string | `"fido2"` | Name of the fido2 service. Please keep it as default. | | global.fido2.ingress | object | `{"fido2ConfigEnabled":false}` | Enable endpoints in either istio or nginx ingress depending on users choice | @@ -549,7 +551,7 @@ Kubernetes: `>=v1.21.0-0` | oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.5-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.7-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | persistence.dnsConfig | object | `{}` | Add custom dns config | @@ -557,7 +559,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | | persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| persistence.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -568,7 +570,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.5-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.7-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | scim.dnsConfig | object | `{}` | Add custom dns config | @@ -579,7 +581,7 @@ Kubernetes: `>=v1.21.0-0` | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | scim.image.pullSecrets | list | `[]` | Image Pull Secrets | | scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| scim.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | diff --git a/charts/gluu/gluu/charts/admin-ui/Chart.yaml b/charts/gluu/gluu/charts/admin-ui/Chart.yaml index 1cea033a9..a016835be 100644 --- a/charts/gluu/gluu/charts/admin-ui/Chart.yaml +++ b/charts/gluu/gluu/charts/admin-ui/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://github.com/GluuFederation/docker-gluu-admin-ui - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/admin-ui/README.md b/charts/gluu/gluu/charts/admin-ui/README.md index 49e0317b5..4fe2589b3 100644 --- a/charts/gluu/gluu/charts/admin-ui/README.md +++ b/charts/gluu/gluu/charts/admin-ui/README.md @@ -1,6 +1,6 @@ # admin-ui -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Admin GUI. Requires license. @@ -35,7 +35,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | | replicas | int | `1` | Service replica number. | diff --git a/charts/gluu/gluu/charts/admin-ui/values.yaml b/charts/gluu/gluu/charts/admin-ui/values.yaml index a52b003e0..51d5255f5 100644 --- a/charts/gluu/gluu/charts/admin-ui/values.yaml +++ b/charts/gluu/gluu/charts/admin-ui/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: gluufederation/admin-ui # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml index 08a5305c6..cd8631c6f 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/docker-jans-certmanager - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md index a6ee79d31..efeb9ca9c 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md @@ -1,6 +1,6 @@ # auth-server-key-rotation -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Responsible for regenerating auth-keys per x hours @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | keysLife | int | `48` | Auth server key rotation keys life in hours | | nodeSelector | object | `{}` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml index 1e682e1cb..7e4e64f6b 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours diff --git a/charts/gluu/gluu/charts/auth-server/Chart.yaml b/charts/gluu/gluu/charts/auth-server/Chart.yaml index 4807573e5..286f87137 100644 --- a/charts/gluu/gluu/charts/auth-server/Chart.yaml +++ b/charts/gluu/gluu/charts/auth-server/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/docker-jans-auth-server - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/auth-server/README.md b/charts/gluu/gluu/charts/auth-server/README.md index d0060dcae..c79dff53c 100644 --- a/charts/gluu/gluu/charts/auth-server/README.md +++ b/charts/gluu/gluu/charts/auth-server/README.md @@ -1,6 +1,6 @@ # auth-server -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | diff --git a/charts/gluu/gluu/charts/auth-server/values.yaml b/charts/gluu/gluu/charts/auth-server/values.yaml index aed67472d..27c4b5d3c 100644 --- a/charts/gluu/gluu/charts/auth-server/values.yaml +++ b/charts/gluu/gluu/charts/auth-server/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/casa/Chart.yaml b/charts/gluu/gluu/charts/casa/Chart.yaml index 79af60035..de139f5b7 100644 --- a/charts/gluu/gluu/charts/casa/Chart.yaml +++ b/charts/gluu/gluu/charts/casa/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/GluuFederation/docker-casa - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/casa/README.md b/charts/gluu/gluu/charts/casa/README.md index c6fbd2bc3..b9aba46d8 100644 --- a/charts/gluu/gluu/charts/casa/README.md +++ b/charts/gluu/gluu/charts/casa/README.md @@ -1,6 +1,6 @@ # casa -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml index 2c37a2460..159226496 100644 --- a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml +++ b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://gluu.org/docs/gluu-server/ - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/README.md b/charts/gluu/gluu/charts/cn-istio-ingress/README.md index 5404bdd37..ca9d63b22 100644 --- a/charts/gluu/gluu/charts/cn-istio-ingress/README.md +++ b/charts/gluu/gluu/charts/cn-istio-ingress/README.md @@ -1,6 +1,6 @@ # cn-istio-ingress -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Istio Gateway diff --git a/charts/gluu/gluu/charts/config-api/Chart.yaml b/charts/gluu/gluu/charts/config-api/Chart.yaml index 541b7bdb6..d7b39a39e 100644 --- a/charts/gluu/gluu/charts/config-api/Chart.yaml +++ b/charts/gluu/gluu/charts/config-api/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-config-api - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/config-api/README.md b/charts/gluu/gluu/charts/config-api/README.md index f53c12f99..e5797c48b 100644 --- a/charts/gluu/gluu/charts/config-api/README.md +++ b/charts/gluu/gluu/charts/config-api/README.md @@ -1,6 +1,6 @@ # config-api -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) @@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | nameOverride | string | `""` | | diff --git a/charts/gluu/gluu/charts/config-api/values.yaml b/charts/gluu/gluu/charts/config-api/values.yaml index 8da708c57..74baf5f10 100644 --- a/charts/gluu/gluu/charts/config-api/values.yaml +++ b/charts/gluu/gluu/charts/config-api/values.yaml @@ -33,7 +33,7 @@ image: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/config/Chart.yaml b/charts/gluu/gluu/charts/config/Chart.yaml index 32c308ec3..a54b47ce3 100644 --- a/charts/gluu/gluu/charts/config/Chart.yaml +++ b/charts/gluu/gluu/charts/config/Chart.yaml @@ -18,4 +18,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-configurator - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/config/README.md b/charts/gluu/gluu/charts/config/README.md index e0c930c40..a43040d3b 100644 --- a/charts/gluu/gluu/charts/config/README.md +++ b/charts/gluu/gluu/charts/config/README.md @@ -1,6 +1,6 @@ # config -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. @@ -31,8 +31,6 @@ Kubernetes: `>=v1.21.0-0` | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | | city | string | `"Austin"` | City. Used for certificate creation. | | configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | -| configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | | configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | | configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | @@ -45,6 +43,8 @@ Kubernetes: `>=v1.21.0-0` | configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnGoogleSecretManagerServiceAccount | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | | configmap.cnGoogleSpannerInstanceId | string | `""` | Google Spanner ID. Used only when global.cnPersistenceType is spanner. | | configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | @@ -56,15 +56,13 @@ Kubernetes: `>=v1.21.0-0` | configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | -| configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| configmap.cnSecretGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | | configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | | configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | -| configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| configmap.cnSqlDbName | string | `"gluu"` | SQL database name. | | configmap.cnSqlDbPort | int | `3306` | SQL database port. | | configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | -| configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| configmap.cnSqlDbUser | string | `"gluu"` | SQL database username. | | configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected in the secrets. | | configmap.containerMetadataName | string | `"kubernetes"` | | | configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | @@ -75,7 +73,7 @@ Kubernetes: `>=v1.21.0-0` | fullNameOverride | string | `""` | | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | migration.enabled | bool | `false` | Boolean flag to enable migration from CE | diff --git a/charts/gluu/gluu/charts/config/values.yaml b/charts/gluu/gluu/charts/config/values.yaml index b34a56c7a..855a03cad 100644 --- a/charts/gluu/gluu/charts/config/values.yaml +++ b/charts/gluu/gluu/charts/config/values.yaml @@ -106,7 +106,7 @@ image: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpennDJ is used for persistence. diff --git a/charts/gluu/gluu/charts/fido2/Chart.yaml b/charts/gluu/gluu/charts/fido2/Chart.yaml index 507d24467..af6eb07c1 100644 --- a/charts/gluu/gluu/charts/fido2/Chart.yaml +++ b/charts/gluu/gluu/charts/fido2/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-fido2 - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2 type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/fido2/README.md b/charts/gluu/gluu/charts/fido2/README.md index 2e4ca787a..9286fd0e4 100644 --- a/charts/gluu/gluu/charts/fido2/README.md +++ b/charts/gluu/gluu/charts/fido2/README.md @@ -1,6 +1,6 @@ # fido2 -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | diff --git a/charts/gluu/gluu/charts/fido2/values.yaml b/charts/gluu/gluu/charts/fido2/values.yaml index f29b2392d..6152bad32 100644 --- a/charts/gluu/gluu/charts/fido2/values.yaml +++ b/charts/gluu/gluu/charts/fido2/values.yaml @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml index 97a849258..225a65f7d 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml +++ b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://kubernetes.io/docs/concepts/services-networking/ingress/ - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/nginx-ingress/README.md b/charts/gluu/gluu/charts/nginx-ingress/README.md index f187d3b74..7ebb8dcea 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/README.md +++ b/charts/gluu/gluu/charts/nginx-ingress/README.md @@ -1,6 +1,6 @@ # nginx-ingress -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Nginx ingress definitions chart diff --git a/charts/gluu/gluu/charts/opendj/Chart.yaml b/charts/gluu/gluu/charts/opendj/Chart.yaml index c206b2300..00542f590 100644 --- a/charts/gluu/gluu/charts/opendj/Chart.yaml +++ b/charts/gluu/gluu/charts/opendj/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/GluuFederation/docker-opendj - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/opendj/README.md b/charts/gluu/gluu/charts/opendj/README.md index 2286c8bef..0eb2d95b0 100644 --- a/charts/gluu/gluu/charts/opendj/README.md +++ b/charts/gluu/gluu/charts/opendj/README.md @@ -1,6 +1,6 @@ # opendj -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. diff --git a/charts/gluu/gluu/charts/oxpassport/Chart.yaml b/charts/gluu/gluu/charts/oxpassport/Chart.yaml index 86080bf73..751a631e7 100644 --- a/charts/gluu/gluu/charts/oxpassport/Chart.yaml +++ b/charts/gluu/gluu/charts/oxpassport/Chart.yaml @@ -18,4 +18,4 @@ sources: - https://github.com/GluuFederation/docker-oxpassport - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/oxpassport/README.md b/charts/gluu/gluu/charts/oxpassport/README.md index 89a9dbcc9..1dcf136d4 100644 --- a/charts/gluu/gluu/charts/oxpassport/README.md +++ b/charts/gluu/gluu/charts/oxpassport/README.md @@ -1,6 +1,6 @@ # oxpassport -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu interface to Passport.js to support social login and inbound identity. diff --git a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml index bc1f675e3..33df95e49 100644 --- a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml +++ b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://github.com/GluuFederation/docker-oxshibboleth - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/oxshibboleth/README.md b/charts/gluu/gluu/charts/oxshibboleth/README.md index 3b877d7f2..c9c196b34 100644 --- a/charts/gluu/gluu/charts/oxshibboleth/README.md +++ b/charts/gluu/gluu/charts/oxshibboleth/README.md @@ -1,6 +1,6 @@ # oxshibboleth -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Shibboleth project for the Gluu Server's SAML IDP functionality. diff --git a/charts/gluu/gluu/charts/persistence/Chart.yaml b/charts/gluu/gluu/charts/persistence/Chart.yaml index e736208f3..e3cb986c6 100644 --- a/charts/gluu/gluu/charts/persistence/Chart.yaml +++ b/charts/gluu/gluu/charts/persistence/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-persistence-loader - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/persistence/README.md b/charts/gluu/gluu/charts/persistence/README.md index eb579723f..f10afb123 100644 --- a/charts/gluu/gluu/charts/persistence/README.md +++ b/charts/gluu/gluu/charts/persistence/README.md @@ -1,6 +1,6 @@ # persistence -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Job to generate data and initial config for Gluu Server persistence layer. @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/persistence"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/charts/gluu/gluu/charts/persistence/values.yaml b/charts/gluu/gluu/charts/persistence/values.yaml index 662b58539..548a1afaf 100644 --- a/charts/gluu/gluu/charts/persistence/values.yaml +++ b/charts/gluu/gluu/charts/persistence/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: gluufederation/persistence # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/charts/gluu/gluu/charts/scim/Chart.yaml b/charts/gluu/gluu/charts/scim/Chart.yaml index 930609500..8e67fe391 100644 --- a/charts/gluu/gluu/charts/scim/Chart.yaml +++ b/charts/gluu/gluu/charts/scim/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-scim - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/gluu/gluu/charts/scim/README.md b/charts/gluu/gluu/charts/scim/README.md index 9f6887ac0..8c0cabdb1 100644 --- a/charts/gluu/gluu/charts/scim/README.md +++ b/charts/gluu/gluu/charts/scim/README.md @@ -1,6 +1,6 @@ # scim -![Version: 5.0.10](https://img.shields.io/badge/Version-5.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.11](https://img.shields.io/badge/Version-5.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) System for Cross-domain Identity Management (SCIM) version 2.0 @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | diff --git a/charts/gluu/gluu/charts/scim/values.yaml b/charts/gluu/gluu/charts/scim/values.yaml index fd0f8aefa..e2ca69351 100644 --- a/charts/gluu/gluu/charts/scim/values.yaml +++ b/charts/gluu/gluu/charts/scim/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/openbanking-values.yaml b/charts/gluu/gluu/openbanking-values.yaml index aff860b5c..935cbe95d 100644 --- a/charts/gluu/gluu/openbanking-values.yaml +++ b/charts/gluu/gluu/openbanking-values.yaml @@ -28,7 +28,7 @@ auth-server: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -167,7 +167,7 @@ config: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Organization name. Used for certificate creation. @@ -231,7 +231,7 @@ config-api: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -674,7 +674,7 @@ persistence: # -- Image to use for deploying. repository: janssenproject/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/charts/gluu/gluu/values.yaml b/charts/gluu/gluu/values.yaml index d0603ce12..107b07dc3 100644 --- a/charts/gluu/gluu/values.yaml +++ b/charts/gluu/gluu/values.yaml @@ -106,7 +106,7 @@ admin-ui: # -- Image to use for deploying. repository: gluufederation/admin-ui # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -197,7 +197,7 @@ auth-server: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -264,7 +264,7 @@ auth-server-key-rotation: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours @@ -339,7 +339,7 @@ casa: # -- Image to use for deploying. repository: gluufederation/casa # -- Image tag to use for deploying. - tag: 5.0.0-4 + tag: 5.0.0-7 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -512,7 +512,7 @@ config: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpenDJ is used for persistence. @@ -606,7 +606,7 @@ config-api: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -698,7 +698,7 @@ fido2: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -1556,7 +1556,7 @@ persistence: # -- Image to use for deploying. repository: janssenproject/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. @@ -1629,7 +1629,7 @@ scim: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.5-1 + tag: 1.0.7-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/jaeger/jaeger-operator/Chart.yaml b/charts/jaeger/jaeger-operator/Chart.yaml index 709467510..d88b838e9 100644 --- a/charts/jaeger/jaeger-operator/Chart.yaml +++ b/charts/jaeger/jaeger-operator/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: jaeger-operator sources: - https://github.com/jaegertracing/jaeger-operator -version: 2.39.0 +version: 2.40.0 diff --git a/charts/jaeger/jaeger-operator/templates/certificate.yaml b/charts/jaeger/jaeger-operator/templates/certificate.yaml index e7a224279..67871f2e3 100644 --- a/charts/jaeger/jaeger-operator/templates/certificate.yaml +++ b/charts/jaeger/jaeger-operator/templates/certificate.yaml @@ -9,7 +9,11 @@ spec: - "{{ default "jaeger-operator-webhook-service" .Values.webhooks.service.name }}.{{ .Release.Namespace }}.svc" - "{{ default "jaeger-operator-webhook-service" .Values.webhooks.service.name }}.{{ .Release.Namespace }}.svc.cluster.local" issuerRef: + {{- if .Values.certs.issuer.create }} kind: Issuer + {{- else }} + kind: {{ .Values.certs.certificate.issuerKind }} + {{- end }} name: {{ default "selfsigned-issuer" .Values.certs.issuer.name }} secretName: {{ default "jaeger-operator-service-cert" .Values.certs.certificate.secretName }} subject: diff --git a/charts/jaeger/jaeger-operator/values.yaml b/charts/jaeger/jaeger-operator/values.yaml index fb82f1aa4..fa8f98704 100644 --- a/charts/jaeger/jaeger-operator/values.yaml +++ b/charts/jaeger/jaeger-operator/values.yaml @@ -16,6 +16,10 @@ certs: create: true namespace: "" secretName: "" + # Specify the cert-manager issuer kind to use an existing cert-manager + # issuer; typically Issuer or ClusterIssuer + # This field will be ignored if issuer.create is true + issuerKind: Issuer webhooks: mutatingWebhook: diff --git a/charts/metallb/metallb/.helmignore b/charts/metallb/metallb/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/metallb/metallb/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/metallb/metallb/Chart.lock b/charts/metallb/metallb/Chart.lock index 6b9329ac8..89c0e3b6b 100644 --- a/charts/metallb/metallb/Chart.lock +++ b/charts/metallb/metallb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: crds repository: "" - version: 0.13.7 -digest: sha256:d555da4a45e655d8095364bfcf05d588d8b6e86eb929e6d7ca0aba34be7e0262 -generated: "2022-10-17T16:22:46.162181761+02:00" + version: 0.13.9 +digest: sha256:3a0efb6755f91230c36a844438ffe107bea2b5acbdb42713a1bcc1d4d5201fda +generated: "2023-02-21T10:50:33.142117312+01:00" diff --git a/charts/metallb/metallb/Chart.yaml b/charts/metallb/metallb/Chart.yaml index 94cfbf2bf..863aac637 100644 --- a/charts/metallb/metallb/Chart.yaml +++ b/charts/metallb/metallb/Chart.yaml @@ -1,21 +1,23 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MetalLB + catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/namespace: metallb-system catalog.cattle.io/release-name: metallb apiVersion: v2 -appVersion: v0.13.7 +appVersion: v0.13.9 dependencies: - condition: crds.enabled name: crds repository: file://./charts/crds - version: 0.13.7 + version: 0.13.9 description: A network load-balancer implementation for Kubernetes using standard routing protocols home: https://metallb.universe.tf icon: https://metallb.universe.tf/images/logo/metallb-blue.png +kubeVersion: '>= 1.19.0-0' name: metallb sources: - https://github.com/metallb/metallb type: application -version: 0.13.7 +version: 0.13.9 diff --git a/charts/metallb/metallb/README.md b/charts/metallb/metallb/README.md index 25cb5d4cd..65a3bff22 100644 --- a/charts/metallb/metallb/README.md +++ b/charts/metallb/metallb/README.md @@ -12,6 +12,8 @@ A network load-balancer implementation for Kubernetes using standard routing pro ## Requirements +Kubernetes: `>= 1.19.0-0` + | Repository | Name | Version | |------------|------|---------| | | crds | 0.0.0 | @@ -87,6 +89,7 @@ A network load-balancer implementation for Kubernetes using standard routing pro | prometheus.prometheusRule.staleConfig.enabled | bool | `true` | | | prometheus.prometheusRule.staleConfig.labels.severity | string | `"warning"` | | | prometheus.rbacPrometheus | bool | `true` | | +| prometheus.rbacProxy.pullPolicy | string | `nil` | | | prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | | prometheus.rbacProxy.tag | string | `"v0.12.0"` | | | prometheus.scrapeAnnotations | bool | `false` | | @@ -108,8 +111,8 @@ A network load-balancer implementation for Kubernetes using standard routing pro | speaker.enabled | bool | `true` | | | speaker.frr.enabled | bool | `false` | | | speaker.frr.image.pullPolicy | string | `nil` | | -| speaker.frr.image.repository | string | `"frrouting/frr"` | | -| speaker.frr.image.tag | string | `"v7.5.1"` | | +| speaker.frr.image.repository | string | `"quay.io/frrouting/frr"` | | +| speaker.frr.image.tag | string | `"7.5.1"` | | | speaker.frr.metricsPort | int | `7473` | | | speaker.frr.resources | object | `{}` | | | speaker.frrMetrics.resources | object | `{}` | | @@ -125,6 +128,7 @@ A network load-balancer implementation for Kubernetes using standard routing pro | speaker.logLevel | string | `"info"` | Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` | | speaker.memberlist.enabled | bool | `true` | | | speaker.memberlist.mlBindPort | int | `7946` | | +| speaker.memberlist.mlSecretKeyPath | string | `"/etc/ml_secret_key"` | | | speaker.nodeSelector | object | `{}` | | | speaker.podAnnotations | object | `{}` | | | speaker.priorityClassName | string | `""` | | @@ -140,6 +144,9 @@ A network load-balancer implementation for Kubernetes using standard routing pro | speaker.serviceAccount.annotations | object | `{}` | | | speaker.serviceAccount.create | bool | `true` | | | speaker.serviceAccount.name | string | `""` | | +| speaker.startupProbe.enabled | bool | `true` | | +| speaker.startupProbe.failureThreshold | int | `30` | | +| speaker.startupProbe.periodSeconds | int | `5` | | | speaker.tolerateMaster | bool | `true` | | | speaker.tolerations | list | `[]` | | | speaker.updateStrategy.type | string | `"RollingUpdate"` | | diff --git a/charts/metallb/metallb/charts/crds/Chart.yaml b/charts/metallb/metallb/charts/crds/Chart.yaml index 8c77d36ef..349e221dd 100644 --- a/charts/metallb/metallb/charts/crds/Chart.yaml +++ b/charts/metallb/metallb/charts/crds/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v0.13.7 +appVersion: v0.13.9 description: MetalLB CRDs home: https://metallb.universe.tf icon: https://metallb.universe.tf/images/logo/metallb-white.png @@ -7,4 +7,4 @@ name: crds sources: - https://github.com/metallb/metallb type: application -version: 0.13.7 +version: 0.13.9 diff --git a/charts/metallb/metallb/charts/crds/templates/crds.yaml b/charts/metallb/metallb/charts/crds/templates/crds.yaml index 1cc88898f..9b415acf9 100644 --- a/charts/metallb/metallb/charts/crds/templates/crds.yaml +++ b/charts/metallb/metallb/charts/crds/templates/crds.yaml @@ -772,6 +772,10 @@ spec: sourceAddress: description: Source address to use when establishing the session. type: string + vrf: + description: To set if we want to peer with the BGPPeer using an interface + belonging to a host vrf + type: string required: - myASN - peerASN @@ -849,6 +853,130 @@ spec: description: AvoidBuggyIPs prevents addresses ending with .0 and .255 to be used by a pool. type: boolean + serviceAllocation: + description: AllocateTo makes ip pool allocation to specific namespace + and/or service. The controller will use the pool with lowest value + of priority in case of multiple matches. A pool with no priority + set will be used only if the pools with priority can't be used. + If multiple matching IPAddressPools are available it will check + for the availability of IPs sorting the matching IPAddressPools + by priority, starting from the highest to the lowest. If multiple + IPAddressPools have the same priority, choice will be random. + properties: + namespaceSelectors: + description: NamespaceSelectors list of label selectors to select + namespace(s) for ip pool, an alternative to using namespace + list. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + namespaces: + description: Namespaces list of namespace(s) on which ip pool + can be attached. + items: + type: string + type: array + priority: + description: Priority priority given for ip pool while ip allocation + on a service. + type: integer + serviceSelectors: + description: ServiceSelectors list of label selector to select + service(s) for which ip pool can be used for ip allocation. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + type: object required: - addresses type: object diff --git a/charts/metallb/metallb/policy/speaker.rego b/charts/metallb/metallb/policy/speaker.rego index a404d4392..d4d8137f1 100644 --- a/charts/metallb/metallb/policy/speaker.rego +++ b/charts/metallb/metallb/policy/speaker.rego @@ -11,15 +11,8 @@ deny[msg] { # validate METALLB_ML_SECRET_KEY (memberlist) deny[msg] { input.kind == "DaemonSet" - not input.spec.template.spec.containers[0].env[5].name == "METALLB_ML_SECRET_KEY" - msg = "speaker env does not contain METALLB_ML_SECRET_KEY at env[5]" -} - -deny[msg] { - input.kind == "DaemonSet" - not input.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.name == "RELEASE-NAME-metallb-memberlist" - not input.spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.key == "secretkey" - msg = "speaker env METALLB_ML_SECRET_KEY secretKeyRef does not equal expected value" + not input.spec.template.spec.containers[0].env[5].name == "METALLB_ML_SECRET_KEY_PATH" + msg = "speaker env does not contain METALLB_ML_SECRET_KEY_PATH at env[5]" } # validate node selector includes builtin when custom ones are provided diff --git a/charts/metallb/metallb/templates/controller.yaml b/charts/metallb/metallb/templates/controller.yaml index efb51c9db..544ef9664 100644 --- a/charts/metallb/metallb/templates/controller.yaml +++ b/charts/metallb/metallb/templates/controller.yaml @@ -110,7 +110,7 @@ spec: {{- end }} {{- with .Values.controller.resources }} resources: - {{- toYaml . | nindent 12 }} + {{- toYaml . | nindent 10 }} {{- end }} securityContext: allowPrivilegeEscalation: false @@ -121,7 +121,7 @@ spec: {{- if .Values.prometheus.secureMetricsPort }} - name: kube-rbac-proxy image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }} - imagePullPolicy: IfNotPresent + imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} args: - --logtostderr - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }} diff --git a/charts/metallb/metallb/templates/prometheusrules.yaml b/charts/metallb/metallb/templates/prometheusrules.yaml index 29ae85aad..463aacafb 100644 --- a/charts/metallb/metallb/templates/prometheusrules.yaml +++ b/charts/metallb/metallb/templates/prometheusrules.yaml @@ -52,6 +52,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + + {{- if .Values.prometheus.prometheusRule.addressPoolUsage.enabled }} {{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }} - alert: MetalLBAddressPoolUsage{{ .percent }}Percent annotations: @@ -63,6 +65,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + {{- end }} {{- if .Values.prometheus.prometheusRule.bgpSessionDown.enabled }} - alert: MetalLBBGPSessionDown annotations: diff --git a/charts/metallb/metallb/templates/rbac.yaml b/charts/metallb/metallb/templates/rbac.yaml index 1869e44f7..1d0462578 100644 --- a/charts/metallb/metallb/templates/rbac.yaml +++ b/charts/metallb/metallb/templates/rbac.yaml @@ -7,7 +7,7 @@ metadata: {{- include "metallb.labels" . | nindent 4 }} rules: - apiGroups: [""] - resources: ["services"] + resources: ["services", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services/status"] @@ -17,10 +17,19 @@ rules: verbs: ["create", "patch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resourceNames: ["metallb-webhook-configuration"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["list", "watch"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + resourceNames: ["addresspools.metallb.io","bfdprofiles.metallb.io","bgpadvertisements.metallb.io", + "bgppeers.metallb.io","ipaddresspools.metallb.io","l2advertisements.metallb.io","communities.metallb.io"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + verbs: ["list", "watch"] {{- if .Values.prometheus.secureMetricsPort }} - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] @@ -38,7 +47,7 @@ metadata: {{- include "metallb.labels" . | nindent 4 }} rules: - apiGroups: [""] - resources: ["services", "endpoints", "nodes"] + resources: ["services", "endpoints", "nodes", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] diff --git a/charts/metallb/metallb/templates/speaker.yaml b/charts/metallb/metallb/templates/speaker.yaml index 9e18a49c2..1cf78b7b6 100644 --- a/charts/metallb/metallb/templates/speaker.yaml +++ b/charts/metallb/metallb/templates/speaker.yaml @@ -147,6 +147,12 @@ spec: terminationGracePeriodSeconds: 0 hostNetwork: true volumes: + {{- if .Values.speaker.memberlist.enabled }} + - name: memberlist + secret: + secretName: {{ include "metallb.secretName" . }} + defaultMode: 420 + {{- end }} {{- if .Values.speaker.frr.enabled }} - name: frr-sockets emptyDir: {} @@ -229,11 +235,8 @@ spec: value: "app.kubernetes.io/name={{ include "metallb.name" . }},app.kubernetes.io/component=speaker" - name: METALLB_ML_BIND_PORT value: "{{ .Values.speaker.memberlist.mlBindPort }}" - - name: METALLB_ML_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ include "metallb.secretName" . }} - key: secretkey + - name: METALLB_ML_SECRET_KEY_PATH + value: "{{ .Values.speaker.memberlist.mlSecretKeyPath }}" {{- end }} {{- if .Values.speaker.frr.enabled }} - name: FRR_CONFIG_FILE @@ -278,7 +281,7 @@ spec: {{- end }} {{- with .Values.speaker.resources }} resources: - {{- toYaml . | nindent 12 }} + {{- toYaml . | nindent 10 }} {{- end }} securityContext: allowPrivilegeEscalation: false @@ -288,11 +291,17 @@ spec: - ALL add: - NET_RAW - {{- if .Values.speaker.frr.enabled }} + {{- if or .Values.speaker.frr.enabled .Values.speaker.memberlist.enabled }} volumeMounts: + {{- if .Values.speaker.memberlist.enabled }} + - name: memberlist + mountPath: {{ .Values.speaker.memberlist.mlSecretKeyPath }} + {{- end }} + {{- if .Values.speaker.frr.enabled }} - name: reloader mountPath: /etc/frr_reloader - {{- end }} + {{- end }} + {{- end }} {{- if .Values.speaker.frr.enabled }} - name: frr securityContext: @@ -332,6 +341,22 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.speaker.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /livez + port: {{ .Values.speaker.frr.metricsPort }} + periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.speaker.startupProbe.enabled }} + startupProbe: + httpGet: + path: /livez + port: {{ .Values.speaker.frr.metricsPort }} + failureThreshold: {{ .Values.speaker.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.speaker.startupProbe.periodSeconds }} + {{- end }} - name: reloader image: {{ .Values.speaker.frr.image.repository }}:{{ .Values.speaker.frr.image.tag | default .Chart.AppVersion }} {{- if .Values.speaker.frr.image.pullPolicy }} diff --git a/charts/metallb/metallb/values.schema.json b/charts/metallb/metallb/values.schema.json index 552860c04..9d3516d0a 100644 --- a/charts/metallb/metallb/values.schema.json +++ b/charts/metallb/metallb/values.schema.json @@ -316,6 +316,9 @@ }, "mlBindPort": { "type": "integer" + }, + "mlSecretKeyPath": { + "type": "string" } } }, diff --git a/charts/metallb/metallb/values.yaml b/charts/metallb/metallb/values.yaml index ac384ee03..c18a809a9 100644 --- a/charts/metallb/metallb/values.yaml +++ b/charts/metallb/metallb/values.yaml @@ -57,6 +57,7 @@ prometheus: rbacProxy: repository: gcr.io/kubebuilder/kube-rbac-proxy tag: v0.12.0 + pullPolicy: # Prometheus Operator PodMonitors podMonitor: @@ -258,6 +259,7 @@ speaker: memberlist: enabled: true mlBindPort: 7946 + mlSecretKeyPath: "/etc/ml_secret_key" image: repository: quay.io/metallb/speaker tag: @@ -306,13 +308,17 @@ speaker: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + startupProbe: + enabled: true + failureThreshold: 30 + periodSeconds: 5 # frr contains configuration specific to the MetalLB FRR container, # for speaker running alongside FRR. frr: enabled: false image: - repository: frrouting/frr - tag: v7.5.1 + repository: quay.io/frrouting/frr + tag: 7.5.1 pullPolicy: metricsPort: 7473 resources: {} diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index a23a50600..5823727a7 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -24,4 +24,4 @@ maintainers: name: Caleb Lloyd url: https://github.com/caleblloyd name: nats -version: 0.19.9 +version: 0.19.11 diff --git a/charts/nats/nats/templates/configmap.yaml b/charts/nats/nats/templates/configmap.yaml index 523675c44..df06ae0ed 100644 --- a/charts/nats/nats/templates/configmap.yaml +++ b/charts/nats/nats/templates/configmap.yaml @@ -94,6 +94,13 @@ data: {{- else }} {{- .Values.nats.jetstream.fileStorage.size }} {{- end }} + {{- else }} + {{- if .Values.nats.jetstream.store_dir }} + store_dir: {{ .Values.nats.jetstream.store_dir }} + {{- end }} + {{- if .Values.nats.jetstream.max_file }} + max_file: {{ .Values.nats.jetstream.max_file }} + {{- end }} {{- end }} {{- if .Values.nats.jetstream.uniqueTag }} @@ -105,6 +112,16 @@ data: {{- end }} } {{- end }} + + {{- if .Values.nats.mappings }} + ################################### + # # + # Mappings # + # # + ################################### + mappings: {{ toRawJson .Values.nats.mappings }} + {{- end }} + {{- if .Values.mqtt.enabled }} ################################### # # diff --git a/charts/nats/nats/templates/statefulset.yaml b/charts/nats/nats/templates/statefulset.yaml index 384611c4d..1ea285fce 100644 --- a/charts/nats/nats/templates/statefulset.yaml +++ b/charts/nats/nats/templates/statefulset.yaml @@ -112,7 +112,7 @@ spec: # Local volume shared with the reloader. - name: pid - emptyDir: {} + {{- toYaml .Values.pidVolume | nindent 8 }} {{- if and .Values.auth.enabled .Values.auth.resolver }} {{- if .Values.auth.resolver.configMap }} @@ -131,7 +131,7 @@ spec: {{- if and .Values.nats.externalAccess .Values.nats.advertise }} # Local volume shared with the advertise config initializer. - name: advertiseconfig - emptyDir: {} + {{- toYaml .Values.advertiseconfigVolume | nindent 8 }} {{- end }} {{- if and .Values.nats.jetstream.enabled .Values.nats.jetstream.fileStorage.enabled .Values.nats.jetstream.fileStorage.existingClaim }} @@ -333,6 +333,9 @@ spec: - name: GOMEMLIMIT value: {{ .Values.nats.gomemlimit | quote }} {{- end }} + {{- if .Values.nats.extraEnv }} + {{- toYaml .Values.nats.extraEnv | nindent 8 }} + {{- end }} {{- if .Values.nats.jetstream.enabled }} {{- with .Values.nats.jetstream.encryption }} @@ -572,6 +575,9 @@ spec: resources: {{- toYaml .Values.exporter.resources | nindent 10 }} args: + {{- if .Values.exporter.args }} + {{- toYaml .Values.exporter.args | nindent 8 }} + {{- else }} - -connz - -routez - -subz @@ -588,6 +594,7 @@ spec: - -gatewayz {{- end }} - http://localhost:8222/ + {{- end }} ports: - containerPort: 7777 name: {{ .Values.exporter.portName }} diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index a4dcf5ede..67d16ac26 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -158,6 +158,9 @@ nats: port: 4222 portName: "client" + # extraEnv is the list of environment variables to add to the nats-server container + extraEnv: [] + # Server settings. limits: maxConnections: @@ -219,6 +222,20 @@ nats: # configMap: # name: log-config + # mappings is used to configure subject mapping + # https://docs.nats.io/running-a-nats-service/configuration/configuring_subject_mapping + # e.g: + # mappings: + # foo: bar + # foo.cluster.scoped: + # - destination: bar.cluster.scoped + # weight: 70% + # cluster: us-west-1 + # - destination: foobar.cluster.scoped + # weight: 30% + # cluster: us-east-1 + mappings: {} + jetstream: enabled: false @@ -278,6 +295,12 @@ nats: annotations: # key: "value" + # Use below if fileStorage is not enabled but you are persisting + # data using an alternative to PVC (e.g. hostPath) + # These set the corresponding jetstream configuration in nats.conf. + # store_dir: "/data" + # max_file: "10Gi" + ####################### # # # TLS Configuration # @@ -492,7 +515,7 @@ gateway: bootconfig: image: repository: natsio/nats-boot-config - tag: 0.9.2 + tag: 0.9.3 pullPolicy: IfNotPresent # registry: docker.io @@ -568,7 +591,7 @@ reloader: enabled: true image: repository: natsio/nats-server-config-reloader - tag: 0.9.2 + tag: 0.9.3 pullPolicy: IfNotPresent # registry: docker.io @@ -587,6 +610,10 @@ exporter: portName: metrics securityContext: {} resources: {} + # override the default args passed to the exporter + # see https://github.com/nats-io/prometheus-nats-exporter#usage + # make sure to pass HTTP monitoring port URL as last arg, e.g ["-connz", "http://localhost:8222/"] + args: [] # Prometheus operator ServiceMonitor support. Exporter has to be enabled serviceMonitor: enabled: false @@ -766,3 +793,11 @@ commonLabels: {} # podManagementPolicy controls how pods are created during initial scale up, # when replacing pods on nodes, or when scaling down. podManagementPolicy: Parallel + +# Shared volume to be mounted in pods for pid +pidVolume: + emptyDir: {} + +# Shared volume to be mounted in pods for advertiseconfig +advertiseconfigVolume: + emptyDir: {} diff --git a/charts/pixie/pixie-operator-chart/Chart.yaml b/charts/pixie/pixie-operator-chart/Chart.yaml index e49d80a9b..5afc1cc5f 100644 --- a/charts/pixie/pixie-operator-chart/Chart.yaml +++ b/charts/pixie/pixie-operator-chart/Chart.yaml @@ -6,4 +6,4 @@ apiVersion: v2 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/pixie/icon/color/pixie-icon-color.svg name: pixie-operator-chart type: application -version: 0.0.3701 +version: 0.0.3801 diff --git a/charts/pixie/pixie-operator-chart/templates/deleter.yaml b/charts/pixie/pixie-operator-chart/templates/deleter.yaml index 6bf42cf39..1d66295af 100644 --- a/charts/pixie/pixie-operator-chart/templates/deleter.yaml +++ b/charts/pixie/pixie-operator-chart/templates/deleter.yaml @@ -19,7 +19,7 @@ spec: fieldPath: metadata.namespace - name: PL_VIZIER_NAME value: '{{ .Values.name }}' - image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.0.37 + image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.0.38 name: delete-job restartPolicy: Never serviceAccountName: pl-deleter-service-account diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 6ad65ac02..eb5e41022 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: vectorized/redpanda:v22.3.12 + image: vectorized/redpanda:v22.3.13 - name: busybox image: busybox:latest artifacthub.io/license: Apache-2.0 @@ -15,7 +15,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: redpanda apiVersion: v2 -appVersion: v22.3.12 +appVersion: v22.3.13 dependencies: - condition: console.enabled name: console @@ -31,4 +31,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 2.10.1 +version: 2.10.6 diff --git a/charts/redpanda/redpanda/templates/certs.yaml b/charts/redpanda/redpanda/templates/certs.yaml index e70c4b4b4..a0c76eee2 100644 --- a/charts/redpanda/redpanda/templates/certs.yaml +++ b/charts/redpanda/redpanda/templates/certs.yaml @@ -1,3 +1,19 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} {{- if (include "tls-enabled" . | fromJson).bool }} {{- $root := deepCopy . }} {{- $service := include "redpanda.fullname" . -}} diff --git a/charts/redpanda/redpanda/templates/console/configmap.yaml b/charts/redpanda/redpanda/templates/console/configmap.yaml index c007b709c..9f301aec9 100644 --- a/charts/redpanda/redpanda/templates/console/configmap.yaml +++ b/charts/redpanda/redpanda/templates/console/configmap.yaml @@ -1,7 +1,23 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} {{ $values := .Values }} {{/* if the console chart has the creation of the configmap disabled, create it here instead */}} -{{ if not .Values.console.configmap.create }} +{{ if and .Values.console.enabled (not .Values.console.configmap.create) }} {{ $consoleConfigmap := dict "create" true }} {{/* kafka section */}} diff --git a/charts/redpanda/redpanda/templates/console/deployment.yaml b/charts/redpanda/redpanda/templates/console/deployment.yaml index 5c39704f8..97e8be89d 100644 --- a/charts/redpanda/redpanda/templates/console/deployment.yaml +++ b/charts/redpanda/redpanda/templates/console/deployment.yaml @@ -1,4 +1,20 @@ -{{ if (not .Values.console.deployment.create) }} +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{ if and .Values.console.enabled (not .Values.console.deployment.create) }} {{ $extraVolumes := list }} {{ $extraVolumeMounts := list }} diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index c82b6eeb8..cd1c338a2 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -21,7 +21,7 @@ limitations under the License. apiVersion: batch/v1 kind: Job metadata: - name: {{ template "redpanda.fullname" . }}-post-install + name: {{ template "redpanda.fullname" . }}-configuration namespace: {{ .Release.Namespace | quote }} labels: {{- with include "full.labels" . }} diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index ee3eb293d..c35774c82 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -1,3 +1,19 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} {{- if .Values.post_upgrade_job.enabled }} {{- if (include "redpanda-atleast-22-1-1" . | fromJson).bool }} {{- $rpkFlags := include "rpk-flags-no-sasl" . }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 43fce648c..82b7cddc3 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -53,19 +53,21 @@ spec: securityContext: {{ include "pod-security-context" . | nindent 8 }} serviceAccountName: {{ include "redpanda.serviceAccountName" . }} initContainers: +{{- if not .Values.statefulset.skipChown }} - name: set-datadir-ownership image: {{ .Values.statefulset.initContainerImage.repository }}:{{ .Values.statefulset.initContainerImage.tag }} command: ["/bin/sh", "-c", "chown {{ $uid }}:{{ $gid }} -R /var/lib/redpanda/data"] volumeMounts: - name: datadir mountPath: /var/lib/redpanda/data -{{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} + {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} - name: set-tiered-storage-cache-dir-ownership image: {{ .Values.statefulset.initContainerImage.repository }}:{{ .Values.statefulset.initContainerImage.tag }} command: ["/bin/sh", "-c", 'chown {{ $uid }}:{{ $gid }} -R {{ template "tieredStorage.cacheDirectory" . }}'] volumeMounts: - name: tiered-storage-dir mountPath: {{ template "tieredStorage.cacheDirectory" . }} + {{- end }} {{- end }} - name: {{ (include "redpanda.name" .) | trunc 51 }}-configurator image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} @@ -147,7 +149,7 @@ spec: {{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }} {{- if .Values.rackAwareness.enabled }} # Configure Rack Awareness - RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep {{ .Values.rackAwareness.nodeAnnotation | quote | squote }} | sed 's/.*": "\([^"]\+\).*/\1/') + RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep {{ .Values.rackAwareness.nodeAnnotation | quote | squote }} | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/') rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" {{- end }} {{- end }} diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 87f862da9..85a6d8c44 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -662,6 +662,9 @@ }, "initContainer": { "type": "string" + }, + "skipChown": { + "type": "boolean" } } }, diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index d08b8779a..84d73aa1c 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -502,8 +502,7 @@ statefulset: # The topologyKey to be used. # Can be used to spread across different nodes, AZs, regions etc. topologyKey: kubernetes.io/hostname - # Type of anti-affinity rules: either `soft`, `hard` or empty value (which - # disables anti-affinity rules). + # Type of anti-affinity rules: either `soft` or `hard`. type: hard # Weight for `soft` anti-affinity rules. # Does not apply for other anti-affinity types. @@ -530,6 +529,9 @@ statefulset: initContainerImage: repository: busybox tag: latest + # in environments where root is not allowed, you cannot change the ownership of files and directories + # set this to skip this step + skipChown: false # Service account management serviceAccount: diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index bc289dadb..9f2b6cfd1 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.2.335 +appVersion: 1.2.352 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.2.22 +version: 1.2.23 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 7033b62b9..fc4d6c9b6 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.2.22 +### Upgrade to 1.2.23 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.22/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.23/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 7033b62b9..fc4d6c9b6 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.2.22 +### Upgrade to 1.2.23 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.22/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.23/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 58160b44b..07b2d7bf2 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.2.335 + tag: v1.2.352 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 0ad816649..b3d50ac89 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.15.74 +### New Features +* **node-analyzer,sysdig** [42e3aa5](https://github.com/sysdiglabs/charts/commit/42e3aa5c30a06166eb959632ec223149a6784421): Feat/bench runner bump to 1.1.0.8 ([#937](https://github.com/sysdiglabs/charts/issues/937)) +# v1.15.73 +### New Features +* **sysdig,node-analyzer** [407e669](https://github.com/sysdiglabs/charts/commit/407e6693e451059956838118d65a8e0cc68547c4): bump legacy NodeImageAnalyzer to v0.1.24 ([#935](https://github.com/sysdiglabs/charts/issues/935)) # v1.15.72 ### Chores * **sysdig** [38ce49c](https://github.com/sysdiglabs/charts/commit/38ce49c5e323b4703fa3cbe9e2a20c469fd784f0): bump agent version to 12.11.0 ([#926](https://github.com/sysdiglabs/charts/issues/926)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index 20017f48f..59d9491c3 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -29,4 +29,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.15.72 +version: 1.15.74 diff --git a/charts/sysdig/sysdig/README.md b/charts/sysdig/sysdig/README.md index a862b3019..917f16237 100644 --- a/charts/sysdig/sysdig/README.md +++ b/charts/sysdig/sysdig/README.md @@ -182,7 +182,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | `nodeAnalyzer.hostAnalyzer.env` | Extra environment variables that will be passed onto pods | `{}` | | `nodeAnalyzer.benchmarkRunner.deploy` | Deploy the Benchmark Runner | `true ` | | `nodeAnalyzer.benchmarkRunner.image.repository` | The image repository to pull the Benchmark Runner from | `sysdig/compliance-benchmark-runner` | -| `nodeAnalyzer.benchmarkRunner.image.tag` | The image tag to pull the Benchmark Runner | `1.1.0.5` | +| `nodeAnalyzer.benchmarkRunner.image.tag` | The image tag to pull the Benchmark Runner | `1.1.0.8` | | `nodeAnalyzer.benchmarkRunner.image.digest` | The image digest to pull | ` ` | | `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | The Image pull policy for the Benchmark Runner | `IfNotPresent` | | `nodeAnalyzer.benchmarkRunner.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4 | `false` | @@ -255,7 +255,7 @@ Node Image Analyzer parameters (deprecated by nodeAnalyzer) | `nodeImageAnalyzer.settings.httpsProxy` | Proxy configuration variables | | | `nodeImageAnalyzer.settings.noProxy` | Proxy configuration variables | | | `nodeImageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from | `sysdig/node-image-analyzer` | -| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer | `0.1.23` | +| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer | `0.1.24` | | `nodeImageAnalyzer.imagedigest` | The image digest to pull | ` ` | | `nodeImageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer | `IfNotPresent` | | `nodeImageAnalyzer.image.pullSecrets` | Image pull secrets for the Node Image Analyzer | `nil` | diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index bd444522d..243943616 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,6 +1,6 @@ # What's Changed -### Chores -- **sysdig** [38ce49c](https://github.com/sysdiglabs/charts/commit/38ce49c5e323b4703fa3cbe9e2a20c469fd784f0): bump agent version to 12.11.0 ([#926](https://github.com/sysdiglabs/charts/issues/926)) +### New Features +- **node-analyzer,sysdig** [42e3aa5](https://github.com/sysdiglabs/charts/commit/42e3aa5c30a06166eb959632ec223149a6784421): Feat/bench runner bump to 1.1.0.8 ([#937](https://github.com/sysdiglabs/charts/issues/937)) -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.5.63...sysdig-1.15.72 +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.5.69...sysdig-1.15.74 diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml index 363c8985e..2dc7e07f5 100644 --- a/charts/sysdig/sysdig/values.yaml +++ b/charts/sysdig/sysdig/values.yaml @@ -220,7 +220,7 @@ nodeImageAnalyzer: deploy: false image: repository: sysdig/node-image-analyzer - tag: 0.1.23 + tag: 0.1.24 digest: pullPolicy: IfNotPresent # pullSecrets: @@ -406,7 +406,7 @@ nodeAnalyzer: deploy: true image: repository: sysdig/node-image-analyzer - tag: 0.1.23 + tag: 0.1.24 digest: pullPolicy: IfNotPresent @@ -487,7 +487,7 @@ nodeAnalyzer: image: repository: sysdig/compliance-benchmark-runner - tag: 1.1.0.5 + tag: 1.1.0.8 digest: pullPolicy: IfNotPresent diff --git a/index.yaml b/index.yaml index 4bf44b186..f1a980cea 100644 --- a/index.yaml +++ b/index.yaml @@ -80,6 +80,51 @@ entries: - assets/datawiza/access-broker-0.1.1.tgz version: 0.1.1 airflow: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.5.1 + created: "2023-02-22T14:55:40.109276243Z" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 17.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: 669d24f6bad5b798e12ccd1ba0a3e25c9c3a0f4a9c8ca0c9afe8898d31665838 + home: https://github.com/bitnami/charts/tree/main/bitnami/airflow + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/airflow + - https://airflow.apache.org/ + urls: + - assets/bitnami/airflow-14.0.12.tgz + version: 14.0.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Airflow @@ -646,6 +691,42 @@ entries: - assets/ambassador/ambassador-6.7.1100.tgz version: 6.7.1100 argo-cd: + - annotations: + artifacthub.io/changes: | + - kind: changed + description: Grouped component templates together + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.6.2 + created: "2023-02-22T14:55:39.660199917Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.22.4 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 0e81bc34a1532d191c7f83b964aadbb6445f0161c00c5b3c05c74571c5aca60e + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.22.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.22.1.tgz + version: 5.22.1 - annotations: artifacthub.io/changes: | - kind: added @@ -3923,6 +4004,42 @@ entries: - assets/aws-event-sources/aws-event-sources-0.1.901.tgz version: 0.1.901 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.0 + created: "2023-02-22T14:55:40.244984499Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: 1c0fdb5923f6af222909200db7fdd84e862dcb14c5c532a75e4bd47a482f2a04 + home: https://github.com/bitnami/charts/tree/main/bitnami/cassandra + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/cassandra + - http://cassandra.apache.org + urls: + - assets/bitnami/cassandra-10.0.3.tgz + version: 10.0.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -4965,6 +5082,27 @@ entries: - assets/cloudcasa/cloudcasa-0.1.000.tgz version: 0.1.000 cockroachdb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CockroachDB + catalog.cattle.io/kube-version: '>=1.8-0' + catalog.cattle.io/release-name: cockroachdb + apiVersion: v1 + appVersion: 22.2.5 + created: "2023-02-22T14:55:41.07135464Z" + description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. + digest: 445dbadab2df92a64dfe9815f3ff856450118af5e66d8973073fa7c007a11972 + home: https://www.cockroachlabs.com + icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png + maintainers: + - email: helm-charts@cockroachlabs.com + name: cockroachlabs + name: cockroachdb + sources: + - https://github.com/cockroachdb/cockroach + urls: + - assets/cockroach-labs/cockroachdb-10.0.5.tgz + version: 10.0.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CockroachDB @@ -6273,6 +6411,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-02-22T14:55:41.198919227Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: c5432d5adac670049d6147a199187e7954201b99d3356e3f28c5f268b954ab75 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.10.9.tgz + version: 3.10.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -7964,6 +8139,38 @@ entries: - assets/f5/f5-bigip-ctlr-0.0.1901.tgz version: 0.0.1901 falcon-sensor: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrowdStrike Falcon Platform + catalog.cattle.io/kube-version: '>1.15.0-0' + catalog.cattle.io/release-name: falcon-sensor + apiVersion: v2 + appVersion: 1.18.4 + created: "2023-02-22T14:55:41.130631045Z" + description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes + clusters. + digest: e3a275105fe20c70a777735e26c34e5cadc2426d3122ac4d885e62bd0f4cd486 + home: https://crowdstrike.com + icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg + keywords: + - CrowdStrike + - Falcon + - EDR + - kubernetes + - security + - monitoring + - alerting + kubeVersion: '>1.15.0-0' + maintainers: + - email: integrations@crowdstrike.com + name: CrowdStrike Solutions Architecture + name: falcon-sensor + sources: + - https://github.com/CrowdStrike/falcon-helm + type: application + urls: + - assets/crowdstrike/falcon-sensor-1.18.4.tgz + version: 1.18.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrowdStrike Falcon Platform @@ -9405,6 +9612,112 @@ entries: - assets/gitlab/gitlab-6.5.1.tgz version: 6.5.1 gluu: + - annotations: + artifacthub.io/changes: | + - Chart 5.0.11 official release + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: janssenproject/auth-server:1.0.8_dev + - name: auth-server-key-rotation + image: janssenproject/certmanager:1.0.8_dev + - name: configuration-manager + image: janssenproject/configurator:1.0.8_dev + - name: config-api + image: janssenproject/config-api:1.0.8_dev + - name: fido2 + image: janssenproject/fido2:1.0.8_dev + - name: opendj + image: gluufederation/opendj:5.0.0_dev + - name: persistence + image: janssenproject/persistence-loader:1.0.8_dev + - name: scim + image: janssenproject/scim:1.0.8_dev + - name: casa + image: gluufederation/casa:5.0.0_dev + - name: admin-ui + image: gluufederation/admin-ui:1.0.8_dev + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "true" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management + catalog.cattle.io/kube-version: '>=v1.21.0-0' + catalog.cattle.io/release-name: gluu + apiVersion: v2 + appVersion: 5.0.0 + created: "2023-02-22T14:55:42.078650622Z" + dependencies: + - condition: global.config.enabled + name: config + repository: file://./charts/config + version: 5.0.11 + - condition: global.config-api.enabled + name: config-api + repository: file://./charts/config-api + version: 5.0.11 + - condition: global.opendj.enabled + name: opendj + repository: file://./charts/opendj + version: 5.0.11 + - condition: global.auth-server.enabled + name: auth-server + repository: file://./charts/auth-server + version: 5.0.11 + - condition: global.admin-ui.enabled + name: admin-ui + repository: file://./charts/admin-ui + version: 5.0.11 + - condition: global.fido2.enabled + name: fido2 + repository: file://./charts/fido2 + version: 5.0.11 + - condition: global.scim.enabled + name: scim + repository: file://./charts/scim + version: 5.0.11 + - condition: global.nginx-ingress.enabled + name: nginx-ingress + repository: file://./charts/nginx-ingress + version: 5.0.11 + - condition: global.oxshibboleth.enabled + name: oxshibboleth + repository: file://./charts/oxshibboleth + version: 5.0.11 + - condition: global.oxpassport.enabled + name: oxpassport + repository: file://./charts/oxpassport + version: 5.0.11 + - condition: global.casa.enabled + name: casa + repository: file://./charts/casa + version: 5.0.11 + - condition: global.auth-server-key-rotation.enabled + name: auth-server-key-rotation + repository: file://./charts/auth-server-key-rotation + version: 5.0.11 + - condition: global.persistence.enabled + name: persistence + repository: file://./charts/persistence + version: 5.0.11 + - condition: global.istio.ingress + name: cn-istio-ingress + repository: file://./charts/cn-istio-ingress + version: 5.0.11 + description: Gluu Access and Identity Management + digest: 8b2c013d073858a93a093547bb2ee39477d5c6b4ceef14e7b23b51fba0a1faf3 + home: https://www.gluu.org + icon: https://gluu.org/docs/gluu-server/favicon.ico + kubeVersion: '>=v1.21.0-0' + maintainers: + - email: support@gluu.org + name: moabu + name: gluu + sources: + - https://gluu.org/docs/gluu-server + - https://github.com/GluuFederation/flex/flex-cn-setup + urls: + - assets/gluu/gluu-5.0.11.tgz + version: 5.0.11 - annotations: artifacthub.io/changes: | - Waiting for changes @@ -10578,6 +10891,28 @@ entries: - assets/tetrate-istio/istiod-tid-1.12.600.tgz version: 1.12.600 jaeger-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jaeger Operator + catalog.cattle.io/release-name: jaeger-operator + apiVersion: v1 + appVersion: 1.39.0 + created: "2023-02-22T14:55:42.24742766Z" + description: jaeger-operator Helm chart for Kubernetes + digest: 70920120810ef344ed9666f6132e0a754051cae33b3f9f8f693af91e1c913031 + home: https://www.jaegertracing.io/ + icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg + maintainers: + - email: ctadeu@gmail.com + name: cpanato + - email: batazor111@gmail.com + name: batazor + name: jaeger-operator + sources: + - https://github.com/jaegertracing/jaeger-operator + urls: + - assets/jaeger/jaeger-operator-2.40.0.tgz + version: 2.40.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Jaeger Operator @@ -12534,6 +12869,48 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.4.0 + created: "2023-02-22T14:55:40.389206628Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: acb7e91738f25467660ded4fee489c0b0290e49d26462c5848a35dbdf088c3ea + home: https://github.com/bitnami/charts/tree/main/bitnami/kafka + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/kafka + - https://kafka.apache.org/ + urls: + - assets/bitnami/kafka-21.0.1.tgz + version: 21.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -13115,6 +13492,35 @@ entries: - assets/bitnami/kafka-19.0.1.tgz version: 19.0.1 kamaji: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: kamaji + apiVersion: v2 + appVersion: v0.2.0 + created: "2023-02-22T14:55:41.048986949Z" + description: Kamaji is a tool aimed to build and operate a Managed Kubernetes + Service with a fraction of the operational burden. With Kamaji, you can deploy + and operate hundreds of Kubernetes clusters as a hyper-scaler. + digest: 300fd6ead1fbcfd9e21e8b776f708dae23348c60fd3036b1c62e0dda3445bb86 + home: https://github.com/clastix/kamaji + icon: https://github.com/clastix/kamaji/raw/master/assets/kamaji-logo.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: dario@tranchitella.eu + name: Dario Tranchitella + - email: me@maxgio.it + name: Massimiliano Giovagnoli + - email: me@bsctl.io + name: Adriano Pezzuto + name: kamaji + sources: + - https://github.com/clastix/kamaji + type: application + urls: + - assets/clastix/kamaji-0.11.2.tgz + version: 0.11.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service @@ -14167,6 +14573,45 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.6.12 + created: "2023-02-22T14:55:40.429434871Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 2cc7559c510c3b543f05f6b2db14545be52596173c8a75af400afaa03ed5c1a4 + home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/mariadb + - https://github.com/prometheus/mysqld_exporter + - https://mariadb.org + urls: + - assets/bitnami/mariadb-11.5.0.tgz + version: 11.5.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -14513,6 +14958,33 @@ entries: - assets/bitnami/mariadb-11.3.3.tgz version: 11.3.3 metallb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MetalLB + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/namespace: metallb-system + catalog.cattle.io/release-name: metallb + apiVersion: v2 + appVersion: v0.13.9 + created: "2023-02-22T14:55:43.149319444Z" + dependencies: + - condition: crds.enabled + name: crds + repository: file://./charts/crds + version: 0.13.9 + description: A network load-balancer implementation for Kubernetes using standard + routing protocols + digest: a4306d304185cd95e5df5de41f86ca871e46b653504be50465ba53fea2888a1f + home: https://metallb.universe.tf + icon: https://metallb.universe.tf/images/logo/metallb-blue.png + kubeVersion: '>= 1.19.0-0' + name: metallb + sources: + - https://github.com/metallb/metallb + type: application + urls: + - assets/metallb/metallb-0.13.9.tgz + version: 0.13.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MetalLB @@ -14670,6 +15142,44 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 8.0.32 + created: "2023-02-22T14:55:40.457716712Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: 359165b1c7e50f1921bd08ee6c01692f04dd0ff5e59be60ef37a41b519dd3b94 + home: https://github.com/bitnami/charts/tree/main/bitnami/mysql + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/mysql + - https://mysql.com + urls: + - assets/bitnami/mysql-9.5.0.tgz + version: 9.5.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -14894,6 +15404,37 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.9.14-alpine + created: "2023-02-22T14:55:43.169710518Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 4adb55bc99237cb14078ed9545ca0a9e4ea87708502b522be09f3c8a8b87ce86 + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: wally@nats.io + name: Waldemar Quevedo + url: https://github.com/wallyqs + - email: colin@nats.io + name: Colin Sullivan + url: https://github.com/ColinSullivan1 + - email: caleb@nats.io + name: Caleb Lloyd + url: https://github.com/caleblloyd + name: nats + urls: + - assets/nats/nats-0.19.11.tgz + version: 0.19.11 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -16894,6 +17435,19 @@ entries: - assets/openebs/openebs-1.12.300.tgz version: 1.12.300 pixie-operator-chart: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Pixie + catalog.cattle.io/release-name: pixie + apiVersion: v2 + created: "2023-02-22T14:55:43.409016257Z" + digest: 6f4300317694e65e86b34e9736f9266b519d82ef8a759cb868c6f06ce9041152 + icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/pixie/icon/color/pixie-icon-color.svg + name: pixie-operator-chart + type: application + urls: + - assets/pixie/pixie-operator-chart-0.0.3801.tgz + version: 0.0.3801 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Pixie @@ -17357,6 +17911,45 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.2.0 + created: "2023-02-22T14:55:40.539125405Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: a40a78cd090c300123579e13bac9f02e9d9aeeeec8e57de11691bcfdf7bf07e8 + home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/postgresql + - https://www.postgresql.org/ + urls: + - assets/bitnami/postgresql-12.2.1.tgz + version: 12.2.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -18215,6 +18808,41 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.0.8 + created: "2023-02-22T14:55:40.654498688Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 3d2c48fb09d9e9ac60358fde3c63bc711984f5d436d0174fb204170149b0999d + home: https://github.com/bitnami/charts/tree/main/bitnami/redis + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-17.8.0.tgz + version: 17.8.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -18833,6 +19461,44 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.13 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.13 + created: "2023-02-22T14:55:43.447612386Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 3552809cc4cf99f31cf042b082917d8a32566a4755e908e6b1c54d42b8ec327e + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.10.6.tgz + version: 2.10.6 - annotations: artifacthub.io/images: | - name: redpanda @@ -19783,6 +20449,39 @@ entries: - assets/redpanda/redpanda-2.1.7.tgz version: 2.1.7 s3gw: + - annotations: + app.aquarist-labs.io/name: s3gw + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: S3 Gateway + catalog.cattle.io/experimental: "true" + catalog.cattle.io/kube-version: '>=1.14' + catalog.cattle.io/namespace: s3gw + catalog.cattle.io/release-name: s3gw + apiVersion: v2 + appVersion: latest + created: "2023-02-22T14:55:39.32843929Z" + description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s + Kubernetes. ' + digest: ed003b0698ef1972a4fcf528cd83693fb0828dbaf84df10b40ec2648b1ed4630 + home: https://github.com/aquarist-labs/s3gw + icon: https://raw.githubusercontent.com/aquarist-labs/aquarium-website/gh-pages/images/logo-xl.png + keywords: + - storage + - s3 + kubeVersion: '>=1.14' + maintainers: + - email: s3gw@suse.com + name: s3gw maintainers + url: https://github.com/orgs/aquarist-labs/projects/5 + name: s3gw + sources: + - https://github.com/aquarist-labs/s3gw-charts + - https://github.com/aquarist-labs/s3gw + - https://github.com/aquarist-labs/ceph + type: application + urls: + - assets/aquarist-labs/s3gw-0.12.0.tgz + version: 0.12.0 - annotations: app.aquarist-labs.io/name: s3gw catalog.cattle.io/certified: partner @@ -20274,6 +20973,41 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.3.2 + created: "2023-02-22T14:55:40.681808921Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: 60e81cb0dd1e8d56156120ccd95fd24d33933462be55a092d55516334f3e2290 + home: https://github.com/bitnami/charts/tree/main/bitnami/spark + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/spark + - https://spark.apache.org/ + urls: + - assets/bitnami/spark-6.3.17.tgz + version: 6.3.17 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -20585,6 +21319,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.2.352 + created: "2023-02-22T14:55:43.577527793Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 015c7df90dc889683c1478d9e4a47c2b7d6865f6a20cb123926d0d4746f1889c + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.2.23.tgz + version: 1.2.23 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -21319,6 +22084,42 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.11.0 + created: "2023-02-22T14:55:43.795196947Z" + description: Sysdig Monitor and Secure agent + digest: d614743073b45f60a58c5764773ce60084792ff0f2f77d9693f2db1fbdc76664 + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: lachlan@deis.com + name: lachie83 + - email: jorge.salamero@sysdig.com + name: bencer + - email: nestor.salceda@sysdig.com + name: nestorsalceda + - email: alvaro.iradier@sysdig.com + name: airadier + - email: carlos.arilla@sysdig.com + name: carillan81 + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.15.74.tgz + version: 1.15.74 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -21767,6 +22568,45 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 tomcat: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.5 + created: "2023-02-22T14:55:40.709129954Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 621377f1fe8343dda1ee698117d803fbcfbd9da6bb77c0956f0084abed7d713b + home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/tomcat + - http://tomcat.apache.org + urls: + - assets/bitnami/tomcat-10.5.16.tgz + version: 10.5.16 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Tomcat @@ -23357,6 +24197,54 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.1.1 + created: "2023-02-22T14:55:40.942417142Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 200aefd4f9ac2294a95627fa555f8a382a23a9365430070243f473281f49f80a + home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/wordpress + - https://wordpress.org/ + urls: + - assets/bitnami/wordpress-15.2.45.tgz + version: 15.2.45 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -24690,6 +25578,39 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.8.1 + created: "2023-02-22T14:55:41.005768781Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: 2becc06e185c1990b26219b3fd5572f677acadfad06e308cc1039153b064ba94 + home: https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper + - https://zookeeper.apache.org/ + urls: + - assets/bitnami/zookeeper-11.1.3.tgz + version: 11.1.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper