andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #654 from nflondo/main-source 

Charts CI
pull/630/head
alex-isv 2023-01-31 10:25:10 -07:00 committed by GitHub
parent 8775f22c66 bf5dfc1790
commit 865f9fe49b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
175 changed files with 4447 additions and 600 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/aquarist-labs/s3gw-0.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.19.12.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-14.0.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-20.0.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-11.4.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-12.1.13.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-6.3.16.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.5.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-15.2.36.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-11.1.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/citrix/citrix-ingress-controller-1.29.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/crate/crate-operator-2.22.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/gitlab/gitlab-6.8.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/instana/instana-agent-1.2.52.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.49.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.49.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/kuma/kuma-2.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/mongodb/community-operator-0.7.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-2.6.3.tgz Normal file
View File

Binary file not shown.

2
charts/aquarist-labs/s3gw/Chart.yaml
View File

@ -26,4 +26,4 @@ sources:
- https://github.com/aquarist-labs/s3gw
- https://github.com/aquarist-labs/ceph
type: application
version: 0.10.0
version: 0.11.0

68
charts/aquarist-labs/s3gw/README.md
View File

@ -1,45 +1,61 @@
# Quickstart
# [s3gw][s3gw-url]
To install s3gw using Helm add the chart to your Helm repos and then run `helm
install`:
s3gw is an S3-compatible service focused on deployments in a Kubernetes
environment backed by any PVC, including Longhorn. Since its inception, the
primary focus has been on cloud native deployments. However, the s3gw can be
deployed in a myriad of scenarios, provided some form of storage is attached.
s3gw is based on Cephs RADOSGW (RGW) but runs as a standalone service without
the RADOS cluster and relies on a storage backend still under heavy development
by the storage team at SUSE. A web-based UI for management and an object
explorer are also part of s3gw.
## Quickstart
To install s3gw using Helm add the chart to your Helm repository and then run
`helm install`:
```bash
helm add repo s3gw https://aquarist-labs.github.io/s3gw-charts/
helm --namespace s3gw-system install s3gw s3gw/s3gw --create-namespace
```
In order to install s3gw using Helm, from this repository directly, first you
must clone the repo:
```bash
git clone https://github.com/aquarist-labs/s3gw-charts.git
```
Before installing, familiarize yourself with the options, if necessary provide
your own `values.yaml` file.
Then change into the repository and install using Helm:
```bash
cd s3gw-charts
helm install $RELEASE_NAME charts/s3gw \
--namespace $S3GW_NAMESPACE \
helm \
--namespace s3gw-system \
install s3gw \
s3gw/s3gw \
--create-namespace \
-f /path/to/your/custom/values.yaml
```
## Rancher
Installing s3gw via the Rancher App Catalog is made easy, the steps are as follows:
Installing s3gw via the Rancher App Catalog is made easy, the steps are as
follows:
- Cluster -> Projects/Namespaces - create the `s3gw` namespace.
- Apps -> Repositories -> Create `s3gw` using the s3gw-charts Git URL
<https://aquarist-labs.github.io/s3gw-charts/> and the `main` branch.
- Apps -> Charts -> Install `Traefik`.
- Apps -> Charts -> Install `s3gw`. Select the `s3gw` namespace previously created.
A `pvc` for `s3gw` will be created automatically during installation.
- Apps -> Charts -> Install `s3gw`. Select the `s3gw` namespace previously
created. A `pvc` for `s3gw` will be created automatically during installation.
## Documentation
You can access our documentation [here][1].
You can access our documentation [here][docs-url].
[1]: https://s3gw-docs.readthedocs.io/en/latest/helm-charts/
## License
Licensed under the Apache License, Version 2.0 (the "License");
you may not use licensed files except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
or the LICENSE file in this repository.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
[s3gw-url]: https://s3gw.io
[docs-url]: https://s3gw-docs.readthedocs.io/en/latest/helm-charts/

28
charts/aquarist-labs/s3gw/questions.yaml
View File

@ -101,19 +101,39 @@ questions:
type: string
group: "General"
- variable: defaultUserCredentialsSecret
default: s3gw-creds
description: |
"The name of the secret containing the
S3 credentials for the default user"
type: string
group: "General"
- variable: useExistingSecret
default: false
description: |
"Check this to use a preexisting secret
containing the S3 credentials for the default user"
type: boolean
group: "General"
- variable: accessKey
show_if: "useExistingSecret=false"
default: test
description: "S3 Access Key"
description: |
"Set this as the empty string to make the Chart
to compute a random alphanumeric value"
label: "S3 Access Key"
required: true
type: string
group: "General"
- variable: secretKey
show_if: "useExistingSecret=false"
default: test
description: "S3 Secret Key"
description: |
"Set this as the empty string to make the Chart
to compute a random alphanumeric value"
label: "S3 Secret Key"
required: true
type: string
group: "General"

16
charts/aquarist-labs/s3gw/templates/NOTES.txt
View File

@ -0,0 +1,16 @@
Thank you for installing {{ .Chart.Name }} {{ printf "v%s" .Chart.Version }}
The S3 endpoint is available at:
{{ printf "%s.%s" .Values.serviceName .Values.publicDomain | indent 4 }}
{{ if .Values.ui.enabled}}
and the web interface is available at:
{{ printf "%s.%s" .Values.ui.serviceName .Values.ui.publicDomain | indent 4 }}
{{- end }}
{{ if and (not .Values.useExistingSecret) (empty .Values.accessKey) }}
An access key has been generated: {{ include "s3gw.defaultAccessKey" . | quote }}
{{- end }}
{{- if and (not .Values.useExistingSecret) (empty .Values.secretKey) }}
A secret key has been generated: {{ include "s3gw.defaultSecretKey" . | quote }}
{{ end }}

13
charts/aquarist-labs/s3gw/templates/_helpers.tpl
View File

@ -97,3 +97,16 @@ Image Pull Secret
{{- $au := (printf "%s:%s" $un $pw | b64enc) }}
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" $rg $un $pw $em $au | b64enc}}
{{- end }}
{{/*
Default Access Credentials
*/}}
{{- define "s3gw.defaultAccessKey" -}}
{{- $key := default (randAlphaNum 32) .Values.accessKey }}
{{- printf "%s" $key }}
{{- end }}
{{- define "s3gw.defaultSecretKey" -}}
{{- $key := default (randAlphaNum 32) .Values.secretKey }}
{{- printf "%s" $key }}
{{- end }}

4
charts/aquarist-labs/s3gw/templates/deployment.yaml
View File

@ -48,7 +48,7 @@ spec:
name: s3-tls
envFrom:
- secretRef:
name: s3gw-secret
name: {{ .Values.defaultUserCredentialsSecret }}
volumeMounts:
- name: s3gw-lh-store
mountPath: /data
@ -96,5 +96,5 @@ spec:
- configMapRef:
name: s3gw-config
- secretRef:
name: s3gw-secret
name: {{ .Values.defaultUserCredentialsSecret }}
{{- end }}

8
charts/aquarist-labs/s3gw/templates/secret.yaml
View File

@ -1,15 +1,17 @@
{{- if not .Values.useExistingSecret }}
---
apiVersion: v1
kind: Secret
metadata:
name: '{{ .Chart.Name }}-secret'
name: '{{ .Values.defaultUserCredentialsSecret }}'
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
type: Opaque
stringData:
RGW_DEFAULT_USER_ACCESS_KEY: {{ .Values.accessKey | quote }}
RGW_DEFAULT_USER_SECRET_KEY: {{ .Values.secretKey | quote }}
RGW_DEFAULT_USER_ACCESS_KEY: {{ include "s3gw.defaultAccessKey" . | quote }}
RGW_DEFAULT_USER_SECRET_KEY: {{ include "s3gw.defaultSecretKey" . | quote }}
{{- end }}
{{- if .Values.imageCredentials }}
---
apiVersion: v1

12
charts/aquarist-labs/s3gw/values.yaml
View File

@ -55,9 +55,17 @@ ui:
#
# 'serviceName' is the service name of S3GW.
serviceName: "s3gw"
# 'accessKey' is the S3 Access Key
# 'useExistingSecret' use an existing secret containing the S3 credentials
# for the default user
useExistingSecret: false
# 'defaultUserCredentialsSecret' the name of the secret containing
# the S3 Access Key and the S3 Secret Key for the default user.
defaultUserCredentialsSecret: "s3gw-creds"
# 'accessKey' is the S3 Access Key; the value is used when useExistingSecret: false.
# Set this as the empty string to make the Chart to compute a random alphanumeric value.
accessKey: "test"
# 'secretKey' is the S3 Secret Key
# 'secretKey' is the S3 Secret Key; the value is used when useExistingSecret: false
# Set this as the empty string to make the Chart to compute a random alphanumeric value.
secretKey: "test"
# 'publicDomain' is the public domain of S3GW used by the Ingress
publicDomain: "be.127.0.0.1.omg.howdoi.website"

7
charts/argo/argo-cd/Chart.yaml
View File

@ -1,12 +1,13 @@
annotations:
artifacthub.io/changes: |
- "[Added]: Added logFormat, logLevel and extraArgs to Slack bot"
- kind: fixed
description: Align changelog structure to show changelogs on Artifact Hub
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.5.8
appVersion: v2.5.9
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -28,4 +29,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.19.9
version: 5.19.12

4
charts/argo/argo-cd/README.md
View File

@ -874,7 +874,7 @@ server:
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.0.5-alpine"` | Redis tag |
| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.enabled | bool | `false` | Deploy metrics service |
@ -932,7 +932,7 @@ The main options are listed here:
| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.image.tag | string | `"7.0.5-alpine"` | Redis tag |
| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |

4
charts/argo/argo-cd/values.yaml
View File

@ -987,7 +987,7 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
tag: 7.0.5-alpine
tag: 7.0.7-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1218,7 +1218,7 @@ redis-ha:
enabled: true
image:
# -- Redis tag
tag: 7.0.5-alpine
tag: 7.0.7-alpine
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints:

2
charts/bitnami/airflow/Chart.yaml
View File

@ -38,4 +38,4 @@ name: airflow
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/airflow
- https://airflow.apache.org/
version: 14.0.9
version: 14.0.10

2
charts/bitnami/airflow/README.md
View File

@ -703,7 +703,7 @@ Refer to the [chart documentation for more information about how to upgrade from
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

9
charts/bitnami/airflow/templates/web/tls-secrets.yaml
View File

@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "airflow-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@ -37,8 +38,8 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

2
charts/bitnami/kafka/Chart.yaml
View File

@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
version: 20.0.5
version: 20.0.6

7
charts/bitnami/kafka/templates/tls-secrets.yaml
View File

@ -5,6 +5,7 @@
{{- $fullname := include "common.names.fullname" . }}
{{- $ca := genCA "kafka-ca" 365 }}
{{- range $i := until $replicaCount }}
{{- $secretName := printf "%s-%d-tls" (include "common.names.fullname" $) $i }}
{{- $replicaHost := printf "%s-%d.%s-headless" $fullname $i $fullname }}
{{- $altNames := list (printf "%s.%s.svc.%s" $replicaHost $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $replicaHost $releaseNamespace) (printf "%s.%s" $fullname $releaseNamespace) $replicaHost $fullname }}
{{- $cert := genSignedCert $replicaHost nil $altNames 365 $ca }}
@ -22,9 +23,9 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
---
{{- end }}
{{- end }}

2
charts/bitnami/mariadb/Chart.yaml
View File

@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
version: 11.4.4
version: 11.4.5

453
charts/bitnami/mariadb/README.md
View File

@ -7,10 +7,10 @@ MariaDB is an open source, community-developed SQL database server that is widel
[Overview of MariaDB](https://mariadb.org/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```bash
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/mariadb
```
@ -33,7 +33,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
```bash
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/mariadb
```
@ -45,7 +46,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati
To uninstall/delete the `my-release` deployment:
```bash
```console
$ helm delete my-release
```
@ -108,184 +109,188 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB Primary parameters
| Name | Description | Value |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.hostAliases` | Add deployment host aliases | `[]` |
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` |
| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
| Name | Description | Value |
| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.hostAliases` | Add deployment host aliases | `[]` |
| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### MariaDB Secondary parameters
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` |
| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
| Name | Description | Value |
| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.hostAliases` | Add deployment host aliases | `[]` |
| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### RBAC parameters
@ -316,47 +321,49 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters
| Name | Description | Value |
| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
| Name | Description | Value |
| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### NetworkPolicy parameters
@ -383,7 +390,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
```console
$ helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
my-repo/mariadb
@ -395,7 +402,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
```console
$ helm install my-release -f values.yaml my-repo/mariadb
```
@ -455,7 +462,7 @@ Find more information about how to deal with common errors related to Bitnami's
It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:
```bash
```console
$ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD]
```
@ -512,7 +519,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new
- Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/).
- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`:
```bash
```console
$ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
```

16
charts/bitnami/mariadb/values.yaml
View File

@ -313,12 +313,16 @@ primary:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext
## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container
## @param primary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -702,12 +706,16 @@ secondary:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext
## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container
## @param secondary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
## MariaDB secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -1081,6 +1089,8 @@ metrics:
## MariaDB metrics container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## Example:
## containerSecurityContext:
## enabled: true
@ -1090,6 +1100,8 @@ metrics:
##
containerSecurityContext:
enabled: false
privileged: false
allowPrivilegeEscalation: false
## Mysqld Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious

2
charts/bitnami/postgresql/Chart.yaml
View File

@ -32,4 +32,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
version: 12.1.11
version: 12.1.13

8
charts/bitnami/postgresql/README.md
View File

@ -102,7 +102,7 @@ $ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r28` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r30` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@ -383,7 +383,7 @@ $ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r76` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -412,7 +412,7 @@ $ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r53` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r54` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
@ -679,7 +679,7 @@ Refer to the [chart documentation for more information about how to upgrade from
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
charts/bitnami/postgresql/templates/primary/metrics-svc.yaml
View File

@ -9,6 +9,7 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.metrics.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@ -16,6 +17,7 @@ metadata:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}

6
charts/bitnami/postgresql/templates/primary/statefulset.yaml
View File

@ -12,6 +12,7 @@ metadata:
{{- if .Values.primary.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.primary.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@ -19,6 +20,7 @@ metadata:
{{- if .Values.primary.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
replicas: 1
serviceName: {{ include "postgresql.primary.svc.headless" . }}
@ -39,6 +41,7 @@ spec:
{{- if .Values.primary.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }}
annotations:
{{- if (include "postgresql.primary.createConfigmap" .) }}
checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }}
@ -49,6 +52,7 @@ spec:
{{- if .Values.primary.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.primary.extraPodSpec }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }}
@ -89,6 +93,7 @@ spec:
{{- end }}
hostNetwork: {{ .Values.primary.hostNetwork }}
hostIPC: {{ .Values.primary.hostIPC }}
{{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled)) .Values.primary.initContainers }}
initContainers:
{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
- name: copy-certs
@ -177,6 +182,7 @@ spec:
{{- if .Values.primary.initContainers }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: postgresql
image: {{ include "postgresql.image" . }}

2
charts/bitnami/postgresql/templates/primary/svc.yaml
View File

@ -8,6 +8,7 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: primary
{{- if or .Values.commonAnnotations .Values.primary.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@ -15,6 +16,7 @@ metadata:
{{- if .Values.primary.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.primary.service.type }}
{{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }}

2
charts/bitnami/postgresql/templates/read/metrics-svc.yaml
View File

@ -9,6 +9,7 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.metrics.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@ -16,6 +17,7 @@ metadata:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}

6
charts/bitnami/postgresql/templates/read/statefulset.yaml
View File

@ -13,6 +13,7 @@ metadata:
{{- if .Values.readReplicas.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.readReplicas.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@ -20,6 +21,7 @@ metadata:
{{- if .Values.readReplicas.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
replicas: {{ .Values.readReplicas.replicaCount }}
serviceName: {{ include "postgresql.readReplica.svc.headless" . }}
@ -40,6 +42,7 @@ spec:
{{- if .Values.readReplicas.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }}
{{- end }}
{{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
annotations:
{{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }}
@ -47,6 +50,7 @@ spec:
{{- if .Values.readReplicas.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.readReplicas.extraPodSpec }}
{{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }}
@ -87,6 +91,7 @@ spec:
{{- end }}
hostNetwork: {{ .Values.readReplicas.hostNetwork }}
hostIPC: {{ .Values.readReplicas.hostIPC }}
{{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }}
initContainers:
{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
- name: copy-certs
@ -175,6 +180,7 @@ spec:
{{- if .Values.readReplicas.initContainers }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: postgresql
image: {{ include "postgresql.image" . }}

2
charts/bitnami/postgresql/templates/read/svc.yaml
View File

@ -9,6 +9,7 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: read
{{- if or .Values.commonAnnotations .Values.readReplicas.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@ -16,6 +17,7 @@ metadata:
{{- if .Values.readReplicas.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.readReplicas.service.type }}
{{- if or (eq .Values.readReplicas.service.type "LoadBalancer") (eq .Values.readReplicas.service.type "NodePort") }}

6
charts/bitnami/postgresql/values.yaml
View File

@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 15.1.0-debian-11-r28
tag: 15.1.0-debian-11-r30
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1130,7 +1130,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r76
tag: 11-debian-11-r77
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1217,7 +1217,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.11.1-debian-11-r53
tag: 0.11.1-debian-11-r54
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

2
charts/bitnami/spark/Chart.yaml
View File

@ -28,4 +28,4 @@ name: spark
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/spark
- https://spark.apache.org/
version: 6.3.15
version: 6.3.16

20
charts/bitnami/spark/templates/tls-secrets.yaml
View File

@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "spark-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@ -37,12 +38,13 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}
{{- if (include "spark.createTlsSecret" . ) }}
{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "spark-internal-ca" 365 }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
@ -50,12 +52,12 @@ data:
{{- $headlessServiceName := printf "%s-headless" ( include "common.names.fullname" . ) }}
{{- $masterServiceName := printf "%s-master-svc" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-crt" (include "common.names.fullname" .) }}
name: {{ $secretName }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@ -65,7 +67,7 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -32,4 +32,4 @@ name: tomcat
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org
version: 10.5.9
version: 10.5.10

2
charts/bitnami/tomcat/README.md
View File

@ -7,7 +7,7 @@ Apache Tomcat is an open-source web server designed to host and run Java-based w
[Overview of Apache Tomcat](http://tomcat.apache.org/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console

9
charts/bitnami/tomcat/templates/tls-secrets.yaml
View File

@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "tomcat-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@ -37,8 +38,8 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

2
charts/bitnami/wordpress/Chart.yaml
View File

@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
version: 15.2.35
version: 15.2.36

9
charts/bitnami/wordpress/templates/tls-secrets.yaml
View File

@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "wordpress-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@ -37,8 +38,8 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

7
charts/bitnami/zookeeper/Chart.yaml
View File

@ -4,10 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: zookeeper
category: Infrastructure
licenses: |
- Apache-2.0
licenses: Apache-2.0
apiVersion: v2
appVersion: 3.8.0
appVersion: 3.8.1
dependencies:
- name: common
repository: file://./charts/common
@ -27,4 +26,4 @@ name: zookeeper
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
- https://zookeeper.apache.org/
version: 11.1.0
version: 11.1.2

6
charts/bitnami/zookeeper/README.md
View File

@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r74` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r0` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -255,7 +255,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r69` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -518,7 +518,7 @@ $ kubectl delete statefulset zookeeper-zookeeper --cascade=false
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

22
charts/bitnami/zookeeper/templates/tls-secrets.yaml
View File

@ -1,4 +1,5 @@
{{- if (include "zookeeper.client.createTlsSecret" .) }}
{{- $secretName := printf "%s-client-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "zookeeper-client-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
@ -6,11 +7,11 @@
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-client-crt
name: {{ $secretName }}
namespace: {{ template "zookeeper.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@ -21,11 +22,12 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- if (include "zookeeper.quorum.createTlsSecret" .) }}
{{- $secretName := printf "%s-quorum-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "zookeeper-quorum-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
@ -33,12 +35,12 @@ data:
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-quorum-crt
name: {{ $secretName }}
namespace: {{ template "zookeeper.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@ -49,7 +51,7 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $crt.Cert | b64enc | quote }}
tls.key: {{ $crt.Key | b64enc | quote }}
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}

4
charts/bitnami/zookeeper/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
tag: 3.8.0-debian-11-r74
tag: 3.8.1-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r69
tag: 11-debian-11-r77
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

4
charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=v1.16.0-0'
catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller
apiVersion: v2
appVersion: 1.28.2
appVersion: 1.29.5
description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running
as sidecar.
home: https://www.citrix.com
@ -18,4 +18,4 @@ maintainers:
name: citrix-cpx-with-ingress-controller
sources:
- https://github.com/citrix/citrix-k8s-ingress-controller
version: 1.28.2
version: 1.29.5

5
charts/citrix/citrix-cpx-with-ingress-controller/README.md
View File

@ -455,7 +455,7 @@ The following table lists the configurable parameters of the Citrix ADC CPX with
| daemonSet | Optional | False | Set this to true if Citrix ADC CPX needs to be deployed as DaemonSet. |
| cic.imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry |
| cic.imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository |
| cic.imageTag | Mandatory | `1.28.2` | The Citrix ingress controller image tag |
| cic.imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag |
| cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. |
| cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX |
| cic.resources | Optional | {} | CPU/Memory resource requests/limits for Citrix Ingress Controller container |
@ -475,6 +475,9 @@ The following table lists the configurable parameters of the Citrix ADC CPX with
| nsHTTP2ServerSide | Optional | OFF | Set this argument to `ON` for enabling HTTP2 for Citrix ADC service group configurations. |
| cpxLicenseAggregator | Optional | N/A | IP/FQDN of the CPX License Aggregator if it is being used to license the CPX. |
| nsCookieVersion | Optional | 0 | Specify the persistence cookie version (0 or 1). |
| profileSslFrontend | Optional | N/A | Specify the frontend SSL profile. For Details see [Configuration using FRONTEND_SSL_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| profileTcpFrontend | Optional | N/A | Specify the frontend TCP profile. For Details see [Configuration using FRONTEND_TCP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| profileHttpFrontend | Optional | N/A | Specify the frontend HTTP profile. For Details see [Configuration using FRONTEND_HTTP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. |
| nsProtocol | Optional | http | Protocol http or https used for the communication between Citrix Ingress Controller and CPX |
| cpxBgpRouter | Optional | false| If set to true, this CPX is deployed as daemonset in BGP controller mode wherein BGP advertisements are done for attracting external traffic to Kubernetes clusters |

2
charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
View File

@ -1815,7 +1815,7 @@ spec:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
type: object
type: string
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:

4
charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
View File

@ -129,6 +129,8 @@ spec:
name: shared-data
- mountPath: /cpx/
name: cpx-volume
- mountPath: /cpx/conf
name: cpx-volume-conf
{{- if .Values.cic.required }}
# Add cic as a sidecar
- name: cic
@ -301,6 +303,8 @@ spec:
emptyDir: {}
- name: cpx-volume
emptyDir: {}
- name: cpx-volume-conf
emptyDir: {}
{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }}
nodeSelector:
{{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }}

15
charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml
View File

@ -69,3 +69,18 @@ data:
hashFingers: {{ .Values.nsLbHashAlgo.hashFingers }}
hashAlgorithm: {{ .Values.nsLbHashAlgo.hashAlgorithm | quote }}
{{- end }}
{{- if .Values.profileSslFrontend }}
FRONTEND_SSL_PROFILE: |
{{- toYaml .Values.profileSslFrontend | nindent 4 }}
{{- end }}
{{- if .Values.profileTcpFrontend }}
FRONTEND_TCP_PROFILE: |
{{- toYaml .Values.profileTcpFrontend | nindent 4 }}
{{- end }}
{{- if .Values.profileHttpFrontend }}
FRONTEND_HTTP_PROFILE: |
{{- toYaml .Values.profileHttpFrontend | nindent 4 }}
{{- end }}

23
charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
View File

@ -5,7 +5,7 @@
# Citrix ADC CPX config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-cpx-ingress
imageTag: 13.1-30.52
imageTag: 13.1-37.38
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
@ -82,7 +82,7 @@ servicePorts: []
cic:
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
imageTag: 1.28.2
imageTag: 1.29.5
image: "{{ .Values.cic.imageRegistry }}/{{ .Values.cic.imageRepository }}:{{ .Values.cic.imageTag }}"
pullPolicy: IfNotPresent
required: true
@ -113,6 +113,25 @@ updateIngressStatus: False
logProxy:
kubernetesURL:
disableOpenshiftRoutes:
profileSslFrontend: {}
# preconfigured: my_ssl_profile
# OR
# config:
# tls13: 'ENABLED'
# hsts: 'ENABLED'
profileHttpFrontend: {}
# preconfigured: my_http_profile
# OR
# config:
# dropinvalreqs: 'ENABLED'
# websocket: 'ENABLED'
profileTcpFrontend: {}
# preconfigured: my_tcp_profile
# OR
# config:
# sack: 'ENABLED'
# nagle: 'ENABLED'
# Citrix ADM/License Server config details
ADMSettings:

4
charts/citrix/citrix-ingress-controller/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=v1.16.0-0'
catalog.cattle.io/release-name: citrix-ingress-controller
apiVersion: v2
appVersion: 1.28.2
appVersion: 1.29.5
description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX.
home: https://www.citrix.com
icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
@ -17,4 +17,4 @@ maintainers:
name: citrix-ingress-controller
sources:
- https://github.com/citrix/citrix-k8s-ingress-controller
version: 1.28.2
version: 1.29.5

5
charts/citrix/citrix-ingress-controller/README.md
View File

@ -316,7 +316,7 @@ The following table lists the mandatory and optional parameters that you can con
| license.accept | Mandatory | no | Set `yes` to accept the CIC end user license agreement. |
| imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry |
| imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository |
| imageTag | Mandatory | `1.28.2` | The Citrix ingress controller image tag |
| imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag |
| pullPolicy | Mandatory | IfNotPresent | The CIC image pull policy. |
| imagePullSecrets | Optional | N/A | Provide list of Kubernetes secrets to be used for pulling the images from a private Docker registry or repository. For more information on how to create this secret please see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). |
| nameOverride | Optional | N/A | String to partially override deployment fullname template with a string (will prepend the release name) |
@ -351,6 +351,9 @@ The following table lists the mandatory and optional parameters that you can con
| ignoreNodeExternalIP | Optional | False | While adding NodeIP, as Service group members for type LoadBalancer services or NodePort services, Citrix Ingress Controller has a selection criteria whereas it choose Node ExternalIP if available and Node InternalIP, if Node ExternalIP is not present. But some users may want to use Node InternalIP over Node ExternalIP even if Node ExternalIP is present. If this variable is set to `True`, then it prioritises the Node Internal IP to be used for service group members even if node ExternalIP is present |
| nsHTTP2ServerSide | Optional | OFF | Set this argument to `ON` for enabling HTTP2 for Citrix ADC service group configurations. |
| nsCookieVersion | Optional | 0 | Specify the persistence cookie version (0 or 1). |
| profileSslFrontend | Optional | N/A | Specify the frontend SSL profile. For Details see [Configuration using FRONTEND_SSL_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| profileTcpFrontend | Optional | N/A | Specify the frontend TCP profile. For Details see [Configuration using FRONTEND_TCP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| profileHttpFrontend | Optional | N/A | Specify the frontend HTTP profile. For Details see [Configuration using FRONTEND_HTTP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| ipam | Optional | False | Set this argument if you want to use the IPAM controller to automatically allocate an IP address to the service of type LoadBalancer. |
| disableAPIServerCertVerify | Optional | False | Set this parameter to True for disabling API Server certificate verification. |
| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. |

2
charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
View File

@ -1815,7 +1815,7 @@ spec:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
type: object
type: string
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:

15
charts/citrix/citrix-ingress-controller/templates/configmap.yaml
View File

@ -58,3 +58,18 @@ data:
hashFingers: {{ .Values.nsLbHashAlgo.hashFingers }}
hashAlgorithm: {{ .Values.nsLbHashAlgo.hashAlgorithm | quote }}
{{- end }}
{{- if .Values.profileSslFrontend }}
FRONTEND_SSL_PROFILE: |
{{- toYaml .Values.profileSslFrontend | nindent 4 }}
{{- end }}
{{- if .Values.profileTcpFrontend }}
FRONTEND_TCP_PROFILE: |
{{- toYaml .Values.profileTcpFrontend | nindent 4 }}
{{- end }}
{{- if .Values.profileHttpFrontend }}
FRONTEND_HTTP_PROFILE: |
{{- toYaml .Values.profileHttpFrontend | nindent 4 }}
{{- end }}

20
charts/citrix/citrix-ingress-controller/values.yaml
View File

@ -5,7 +5,7 @@
# Citrix Ingress Controller config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
imageTag: 1.28.2
imageTag: 1.29.5
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
@ -67,6 +67,24 @@ optimizeEndpointBinding:
routeLabels:
namespaceLabels:
disableOpenshiftRoutes:
profileSslFrontend: {}
# preconfigured: my_ssl_profile
# OR
# config:
# tls13: 'ENABLED'
# hsts: 'ENABLED'
profileHttpFrontend: {}
# preconfigured: my_http_profile
# OR
# config:
# dropinvalreqs: 'ENABLED'
# websocket: 'ENABLED'
profileTcpFrontend: {}
# preconfigured: my_tcp_profile
# OR
# config:
# sack: 'ENABLED'
# nagle: 'ENABLED'
# Exporter config details
exporter:

6
charts/crate/crate-operator/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: crate-operator-crds
repository: file://../crate-operator-crds
version: 2.20.0
digest: sha256:204873fcb33f361a558b333f431174c3b9bfcf6ea266c1f022cf5d11f24c66de
generated: "2022-12-15T15:11:32.447020049Z"
version: 2.22.0
digest: sha256:ea59e13300da29acfb32097bfb382649618e7bf503248896fc5c9a66846ee36a
generated: "2023-01-31T14:30:10.49197227Z"

6
charts/crate/crate-operator/Chart.yaml
View File

@ -3,16 +3,16 @@ annotations:
catalog.cattle.io/display-name: CrateDB Operator
catalog.cattle.io/release-name: crate-operator
apiVersion: v2
appVersion: 2.20.0
appVersion: 2.22.0
dependencies:
- condition: crate-operator-crds.enabled
name: crate-operator-crds
repository: file://./charts/crate-operator-crds
version: 2.20.0
version: 2.22.0
description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
maintainers:
- name: Crate.io
name: crate-operator
type: application
version: 2.20.0
version: 2.22.0

4
charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: 2.20.0
appVersion: 2.22.0
description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
Resource Definitions (CRDs) for the Crate Operator.
maintainers:
- name: Crate.io
name: crate-operator-crds
type: application
version: 2.20.0
version: 2.22.0

4
charts/gitlab/gitlab/CHANGELOG.md
View File

@ -2,6 +2,10 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 6.8.1 (2023-01-30)
No changes.
## 6.8.0 (2023-01-20)
### Added (4 changes)

4
charts/gitlab/gitlab/Chart.yaml
View File

@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: GitLab
catalog.cattle.io/release-name: gitlab
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: The One DevOps Platform
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
@ -15,4 +15,4 @@ maintainers:
name: gitlab
sources:
- https://gitlab.com/gitlab-org/charts/gitlab
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: GitLab Geo logcursor
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -12,4 +12,4 @@ name: geo-logcursor
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: Git RPC service for handling all the git calls made by GitLab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -13,4 +13,4 @@ name: gitaly
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
version: 6.8.0
version: 6.8.1

2
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
View File

@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter
- https://gitlab.com/gitlab-org/gitlab-exporter
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: Adapt the Grafana chart to interface to the GitLab App
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -13,4 +13,4 @@ name: gitlab-grafana
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: Daemon for serving static websites from GitLab projects
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages
- https://gitlab.com/gitlab-org/gitlab-pages
version: 6.8.0
version: 6.8.1

2
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
View File

@ -14,4 +14,4 @@ name: gitlab-shell
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell
version: 6.8.0
version: 6.8.1

2
charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
View File

@ -17,4 +17,4 @@ name: kas
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas
- https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent
version: 6.8.0
version: 6.8.1

2
charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
View File

@ -13,4 +13,4 @@ name: mailroom
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: Database migrations and other versioning tasks for upgrading Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -12,4 +12,4 @@ name: migrations
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
home: https://about.gitlab.com/
@ -16,4 +16,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
- https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: Gitlab Sidekiq for asynchronous task processing in rails
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -13,4 +13,4 @@ name: sidekiq
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq
version: 6.8.0
version: 6.8.1

2
charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
View File

@ -14,4 +14,4 @@ name: spamcheck
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck
- https://gitlab.com/gitlab-org/spamcheck
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: For manually running rake tasks through kubectl
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -13,4 +13,4 @@ name: toolbox
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox
version: 6.8.0
version: 6.8.1

4
charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.8.0
appVersion: 15.8.1
description: HTTP server for Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -14,4 +14,4 @@ name: webservice
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice
version: 6.8.0
version: 6.8.1

2
charts/gitlab/gitlab/requirements.lock
View File

@ -33,4 +33,4 @@ dependencies:
repository: ""
version: '*.*.*'
digest: sha256:c875719651c62cf5fd5d202fc90cb3519c6268e4fe37d68eddf247da2c7c317f
generated: "2023-01-22T13:24:31.4249885Z"
generated: "2023-01-31T12:08:44.946412334Z"

4
charts/instana/instana-agent/Chart.yaml
View File

@ -9,7 +9,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: instana-agent
apiVersion: v2
appVersion: 1.239.0
appVersion: 1.241.0
description: Instana Agent for Kubernetes
home: https://www.instana.com/
icon: https://agents.instana.io/helm/stan-logo-2020.png
@ -23,4 +23,4 @@ maintainers:
name: instana-agent
sources:
- https://github.com/instana/instana-agent-docker
version: 1.2.50
version: 1.2.52

33
charts/instana/instana-agent/README.md
View File

@ -45,7 +45,7 @@ As described by the [Install Using the Helm Chart](https://www.instana.com/docs/
* `agent.endpointPort`
* `agent.key`
_Note:_ You can find the options mentioned in the [configuration section below](#configuration)
_Note:_ You can find the options mentioned in the [configuration section below](#Configuration-Reference)
If your agents report into a self-managed Instana unit (also known as "on-prem"), you will also need to configure a "download key", which allows the agent to fetch its components from the Instana repository.
The download key is set via the following value:
@ -77,7 +77,7 @@ The following table lists the configurable parameters of the Instana chart and t
| Parameter | Description | Default |
|-----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent) for more details |
| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#Agent-Configuration) for more details |
| `agent.configuration.autoMountConfigEntries` | (Experimental, needs Helm 3.1+) Automatically look up the entries of the default `instana-agent` ConfigMap, and mount as agent configuration files in the `instana-agent` container under the `/opt/instana/agent/etc/instana` directory all ConfigMap entries with keys that match the `configuration-*.yaml` scheme. | `false` |
| `agent.configuration.hotreloadEnabled` | Enables hot-reload of a configuration.yaml upon changes in the `instana-agent` ConfigMap without requiring a restart of a pod | `false` |
| `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` |
@ -121,25 +121,26 @@ The following table lists the configurable parameters of the Instana chart and t
| `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` |
| `leaderElector.image.digest` | The image digest to pull; if specified, it causes `leaderElector.image.tag` to be ignored | `nil` |
| `leaderElector.image.tag` | The image tag to pull; this property is ignored if `leaderElector.image.digest` is specified | `latest` |
| `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment (tech preview) | `false` |
| `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` |
| `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` |
| `k8s_sensor.image.tag` | The image tag to pull; this property is ignored if `k8s_sensor.image.digest` is specified | `latest` |
| `k8s_sensor.deployment.pod.limits.cpu` | CPU request for the `k8sensor` pods (tech preview) | `4` |
| `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` |
| `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` |
| `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` |
| `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment (tech preview) | `false` |
| `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` |
| `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` |
| `k8s_sensor.image.tag` | The image tag to pull; this property is ignored if `k8s_sensor.image.digest` is specified | `latest` |
| `k8s_sensor.deployment.pod.limits.cpu` | CPU request for the `k8sensor` pods (tech preview) | `4` |
| `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` |
| `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` |
| `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` |
| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. |
| `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` |
| `rbac.create` | Whether RBAC resources should be created | `true` |
| `openshift` | Whether to install the Helm chart as needed in OpenShift; this setting implies `rbac.create=true` | `false` |
| `opentelemetry.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
| `prometheus.remoteWrite.enabled` | Whether to configure the agent to accept metrics over its implementation of the `remote_write` Prometheus endpoint. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
| `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `false` |
| `opentelemetry.grpc.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications via gRPC. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
| `opentelemetry.http.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications via HTTP. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
| `prometheus.remoteWrite.enabled` | Whether to configure the agent to accept metrics over its implementation of the `remote_write` Prometheus endpoint. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
| `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `false` |
| `serviceAccount.create` | Whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` |
| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installing-the-chart) for details |
| `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details |
| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#Installation) for details |
| `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details |
### Agent Modes
@ -156,7 +157,7 @@ Besides the settings listed above, there are many more settings that can be appl
An overview of the settings that can be applied is provided in the [Agent Configuration File](https://www.instana.com/docs/setup_and_manage/host_agent/configuration#agent-configuration-file) documentation.
To configure the agent, you can either:
* edit the [config map](templates/configmap.yaml), or
* edit the [config map](templates/agent-configmap.yaml), or
* provide the configuration via the `agent.configuration_yaml` parameter in [values.yaml](values.yaml)
This configuration will be used for all Instana Agents on all nodes. Visit the [agent configuration documentation](https://docs.instana.io/setup_and_manage/host_agent/#agent-configuration-file) for more details on configuration options.

8
charts/instana/instana-agent/templates/_helpers.tpl
View File

@ -329,3 +329,11 @@ failureThreshold: 3
value: {{ $value | quote }}
{{- end }}
{{- end -}}
{{/*NOTE: These are nested templates not functions, if I format this to make it readable then it won't work the way */}}
{{/*we need it to since all of the newlines and spaces will be included into the output. Helm is */}}
{{/*not fundamentally designed to do what we are doing here.*/}}
{{- define "instana-agent.opentelemetry.grpc.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "grpc" }}{{ if hasKey .Values.opentelemetry.grpc "enabled" }}{{ .Values.opentelemetry.grpc.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ if hasKey .Values.opentelemetry "enabled" }}{{ .Values.opentelemetry.enabled }}{{ else }}{{ false }}{{ end }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}}
{{- define "instana-agent.opentelemetry.http.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "http" }}{{ if hasKey .Values.opentelemetry.http "enabled" }}{{ .Values.opentelemetry.http.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ false }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}}

7
charts/instana/instana-agent/templates/agent-configmap.yaml
View File

@ -16,11 +16,10 @@ data:
{{ .Values.agent.configuration_yaml | nindent 4 }}
{{- end }}
{{- if .Values.opentelemetry.enabled }}
{{ if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }}
configuration-opentelemetry.yaml: |
com.instana.plugin.opentelemetry:
enabled: true
{{- end }}
com.instana.plugin.opentelemetry: {{ toYaml .Values.opentelemetry | nindent 6 }}
{{ end }}
{{- if .Values.prometheus.remoteWrite.enabled }}
configuration-prometheus-remote-write.yaml: |

2
charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml
View File

@ -129,7 +129,7 @@ spec:
subPath: configuration-disable-kubernetes-sensor.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml
{{- end }}
{{- if $.Values.opentelemetry.enabled }}
{{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }}
- name: configuration
subPath: configuration-opentelemetry.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml

2
charts/instana/instana-agent/templates/agent-daemonset.yaml
View File

@ -123,7 +123,7 @@ spec:
subPath: configuration-disable-kubernetes-sensor.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml
{{- end }}
{{- if .Values.opentelemetry.enabled }}
{{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }}
- name: configuration
subPath: configuration-opentelemetry.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml

11
charts/instana/instana-agent/templates/service.yaml
View File

@ -1,4 +1,4 @@
{{- if or .Values.service.create (or .Values.opentelemetry.enabled .Values.prometheus.remoteWrite.enabled ) -}}
{{- if or .Values.service.create (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) .Values.prometheus.remoteWrite.enabled -}}
---
apiVersion: v1
kind: Service
@ -16,7 +16,7 @@ spec:
protocol: TCP
port: 42699
targetPort: 42699
{{- if .Values.opentelemetry.enabled }}
{{ if eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .) }}
# OpenTelemetry original default port
- name: opentelemetry
protocol: TCP
@ -28,6 +28,13 @@ spec:
port: 4317
targetPort: 4317
{{- end -}}
{{ if eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .) }}
# OpenTelemetry HTTP port
- name: opentelemetry-http
protocol: TCP
port: 4318
targetPort: 4318
{{- end -}}
{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
{{- if (regexMatch "\\d+\\.\\d+\\.\\d+-(?:eks|gke).+" $kubeVersion) -}}

9
charts/instana/instana-agent/values.yaml
View File

@ -198,8 +198,12 @@ service:
# Note: Requires Kubernetes 1.17+, as it uses topologyKeys
create: false
opentelemetry:
enabled: false # If true, it will also apply `service.create=true`
#opentelemetry:
# enabled: false # legacy setting, will only enable grpc, defaults to false
# grpc:
# enabled: false # takes precedence over legacy settings above, defaults to true if "grpc:" is present
# http:
# enabled: false # allows to enable http endpoints, defaults to true if "http:" is present
prometheus:
remoteWrite:
@ -251,6 +255,7 @@ k8s_sensor:
memory: 1536Mi
# k8s_sensor.deployment.pod.limits.cpu sets the CPU units allocation limits for the agent pods.
cpu: 500m
kubernetes:
# Configures use of a Deployment for the Kubernetes sensor rather than as a potential member of the DaemonSet. Is only accepted if k8s_sensor.deployment.enabled=false
deployment:

10
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,11 +1,15 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
## [107.49.5] - Dec 16, 2022
## [107.49.6] - Jan 20, 2023
* Updated postgresql tag version to `13.9.0-debian-11-r11`
* Fixed make lint issue on artifactory-ha chart [GH-1714](https://github.com/jfrog/charts/issues/1714)
* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049`
* Fixed an issue for capabilities check of ingress
* Updated jfrogUrl text path in migrate.sh file
* Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723)
## [107.49.0] - Dec 14, 2022
* Updated initContainerImage and logger image to `ubi8/ubi-micro:8.7.1`
## [107.49.0] - Jan 16, 2023
* Changed logic in wait-for-primary container to use /dev/tcp instead of curl
* Added support for setting `seLinuxOptions` in `securityContext` [GH-1700](https://github.com/jfrog/charts/pull/1700)
* Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686)

4
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.49.5
appVersion: 7.49.6
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
version: 107.49.5
version: 107.49.6

Some files were not shown because too many files have changed in this diff Show More