diff --git a/assets/aquarist-labs/s3gw-0.11.0.tgz b/assets/aquarist-labs/s3gw-0.11.0.tgz
new file mode 100644
index 000000000..8b74f8714
Binary files /dev/null and b/assets/aquarist-labs/s3gw-0.11.0.tgz differ
diff --git a/assets/argo/argo-cd-5.19.12.tgz b/assets/argo/argo-cd-5.19.12.tgz
new file mode 100644
index 000000000..262e81df4
Binary files /dev/null and b/assets/argo/argo-cd-5.19.12.tgz differ
diff --git a/assets/bitnami/airflow-14.0.10.tgz b/assets/bitnami/airflow-14.0.10.tgz
new file mode 100644
index 000000000..692db6718
Binary files /dev/null and b/assets/bitnami/airflow-14.0.10.tgz differ
diff --git a/assets/bitnami/kafka-20.0.6.tgz b/assets/bitnami/kafka-20.0.6.tgz
new file mode 100644
index 000000000..a77fa6d7c
Binary files /dev/null and b/assets/bitnami/kafka-20.0.6.tgz differ
diff --git a/assets/bitnami/mariadb-11.4.5.tgz b/assets/bitnami/mariadb-11.4.5.tgz
new file mode 100644
index 000000000..a5a98443b
Binary files /dev/null and b/assets/bitnami/mariadb-11.4.5.tgz differ
diff --git a/assets/bitnami/postgresql-12.1.13.tgz b/assets/bitnami/postgresql-12.1.13.tgz
new file mode 100644
index 000000000..92d0fce02
Binary files /dev/null and b/assets/bitnami/postgresql-12.1.13.tgz differ
diff --git a/assets/bitnami/spark-6.3.16.tgz b/assets/bitnami/spark-6.3.16.tgz
new file mode 100644
index 000000000..71d7b3cd1
Binary files /dev/null and b/assets/bitnami/spark-6.3.16.tgz differ
diff --git a/assets/bitnami/tomcat-10.5.10.tgz b/assets/bitnami/tomcat-10.5.10.tgz
new file mode 100644
index 000000000..96e6de582
Binary files /dev/null and b/assets/bitnami/tomcat-10.5.10.tgz differ
diff --git a/assets/bitnami/wordpress-15.2.36.tgz b/assets/bitnami/wordpress-15.2.36.tgz
new file mode 100644
index 000000000..6ecb64719
Binary files /dev/null and b/assets/bitnami/wordpress-15.2.36.tgz differ
diff --git a/assets/bitnami/zookeeper-11.1.2.tgz b/assets/bitnami/zookeeper-11.1.2.tgz
new file mode 100644
index 000000000..6d9726d19
Binary files /dev/null and b/assets/bitnami/zookeeper-11.1.2.tgz differ
diff --git a/assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz b/assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz
new file mode 100644
index 000000000..59fb695b3
Binary files /dev/null and b/assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz differ
diff --git a/assets/citrix/citrix-ingress-controller-1.29.5.tgz b/assets/citrix/citrix-ingress-controller-1.29.5.tgz
new file mode 100644
index 000000000..c02748da6
Binary files /dev/null and b/assets/citrix/citrix-ingress-controller-1.29.5.tgz differ
diff --git a/assets/crate/crate-operator-2.22.0.tgz b/assets/crate/crate-operator-2.22.0.tgz
new file mode 100644
index 000000000..7698c1214
Binary files /dev/null and b/assets/crate/crate-operator-2.22.0.tgz differ
diff --git a/assets/gitlab/gitlab-6.8.1.tgz b/assets/gitlab/gitlab-6.8.1.tgz
new file mode 100644
index 000000000..7f8fbf966
Binary files /dev/null and b/assets/gitlab/gitlab-6.8.1.tgz differ
diff --git a/assets/instana/instana-agent-1.2.52.tgz b/assets/instana/instana-agent-1.2.52.tgz
new file mode 100644
index 000000000..8b2860f81
Binary files /dev/null and b/assets/instana/instana-agent-1.2.52.tgz differ
diff --git a/assets/jfrog/artifactory-ha-107.49.6.tgz b/assets/jfrog/artifactory-ha-107.49.6.tgz
new file mode 100644
index 000000000..4289d1c61
Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.49.6.tgz differ
diff --git a/assets/jfrog/artifactory-jcr-107.49.6.tgz b/assets/jfrog/artifactory-jcr-107.49.6.tgz
new file mode 100644
index 000000000..4b9244f3c
Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.49.6.tgz differ
diff --git a/assets/kuma/kuma-2.1.0.tgz b/assets/kuma/kuma-2.1.0.tgz
new file mode 100644
index 000000000..5c029506b
Binary files /dev/null and b/assets/kuma/kuma-2.1.0.tgz differ
diff --git a/assets/mongodb/community-operator-0.7.8.tgz b/assets/mongodb/community-operator-0.7.8.tgz
new file mode 100644
index 000000000..2923a9619
Binary files /dev/null and b/assets/mongodb/community-operator-0.7.8.tgz differ
diff --git a/assets/redpanda/redpanda-2.6.3.tgz b/assets/redpanda/redpanda-2.6.3.tgz
new file mode 100644
index 000000000..91cb74e7b
Binary files /dev/null and b/assets/redpanda/redpanda-2.6.3.tgz differ
diff --git a/charts/aquarist-labs/s3gw/Chart.yaml b/charts/aquarist-labs/s3gw/Chart.yaml
index 09c7faec9..9b5b5f8ed 100644
--- a/charts/aquarist-labs/s3gw/Chart.yaml
+++ b/charts/aquarist-labs/s3gw/Chart.yaml
@@ -26,4 +26,4 @@ sources:
- https://github.com/aquarist-labs/s3gw
- https://github.com/aquarist-labs/ceph
type: application
-version: 0.10.0
+version: 0.11.0
diff --git a/charts/aquarist-labs/s3gw/README.md b/charts/aquarist-labs/s3gw/README.md
index 5388aba7d..33fc51ad3 100644
--- a/charts/aquarist-labs/s3gw/README.md
+++ b/charts/aquarist-labs/s3gw/README.md
@@ -1,45 +1,61 @@
-# Quickstart
+# [s3gw][s3gw-url]
-To install s3gw using Helm add the chart to your Helm repos and then run `helm
-install`:
+s3gw is an S3-compatible service focused on deployments in a Kubernetes
+environment backed by any PVC, including Longhorn. Since its inception, the
+primary focus has been on cloud native deployments. However, the s3gw can be
+deployed in a myriad of scenarios, provided some form of storage is attached.
+
+s3gw is based on Ceph’s RADOSGW (RGW) but runs as a stand–alone service without
+the RADOS cluster and relies on a storage backend still under heavy development
+by the storage team at SUSE. A web-based UI for management and an object
+explorer are also part of s3gw.
+
+## Quickstart
+
+To install s3gw using Helm add the chart to your Helm repository and then run
+`helm install`:
```bash
helm add repo s3gw https://aquarist-labs.github.io/s3gw-charts/
-helm --namespace s3gw-system install s3gw s3gw/s3gw --create-namespace
-```
-
-In order to install s3gw using Helm, from this repository directly, first you
-must clone the repo:
-
-```bash
-git clone https://github.com/aquarist-labs/s3gw-charts.git
-```
-
-Before installing, familiarize yourself with the options, if necessary provide
-your own `values.yaml` file.
-Then change into the repository and install using Helm:
-
-```bash
-cd s3gw-charts
-helm install $RELEASE_NAME charts/s3gw \
- --namespace $S3GW_NAMESPACE \
+helm \
+ --namespace s3gw-system \
+ install s3gw \
+ s3gw/s3gw \
--create-namespace \
-f /path/to/your/custom/values.yaml
```
## Rancher
-Installing s3gw via the Rancher App Catalog is made easy, the steps are as follows:
+Installing s3gw via the Rancher App Catalog is made easy, the steps are as
+follows:
- Cluster -> Projects/Namespaces - create the `s3gw` namespace.
- Apps -> Repositories -> Create `s3gw` using the s3gw-charts Git URL
and the `main` branch.
- Apps -> Charts -> Install `Traefik`.
-- Apps -> Charts -> Install `s3gw`. Select the `s3gw` namespace previously created.
- A `pvc` for `s3gw` will be created automatically during installation.
+- Apps -> Charts -> Install `s3gw`. Select the `s3gw` namespace previously
+ created. A `pvc` for `s3gw` will be created automatically during installation.
## Documentation
-You can access our documentation [here][1].
+You can access our documentation [here][docs-url].
-[1]: https://s3gw-docs.readthedocs.io/en/latest/helm-charts/
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use licensed files except in compliance with the License.
+You may obtain a copy of the License at
+
+
+
+or the LICENSE file in this repository.
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+[s3gw-url]: https://s3gw.io
+[docs-url]: https://s3gw-docs.readthedocs.io/en/latest/helm-charts/
diff --git a/charts/aquarist-labs/s3gw/questions.yaml b/charts/aquarist-labs/s3gw/questions.yaml
index 3a27d305d..5733cbf86 100644
--- a/charts/aquarist-labs/s3gw/questions.yaml
+++ b/charts/aquarist-labs/s3gw/questions.yaml
@@ -101,19 +101,39 @@ questions:
type: string
group: "General"
+ - variable: defaultUserCredentialsSecret
+ default: s3gw-creds
+ description: |
+ "The name of the secret containing the
+ S3 credentials for the default user"
+ type: string
+ group: "General"
+
+ - variable: useExistingSecret
+ default: false
+ description: |
+ "Check this to use a preexisting secret
+ containing the S3 credentials for the default user"
+ type: boolean
+ group: "General"
+
- variable: accessKey
+ show_if: "useExistingSecret=false"
default: test
- description: "S3 Access Key"
+ description: |
+ "Set this as the empty string to make the Chart
+ to compute a random alphanumeric value"
label: "S3 Access Key"
- required: true
type: string
group: "General"
- variable: secretKey
+ show_if: "useExistingSecret=false"
default: test
- description: "S3 Secret Key"
+ description: |
+ "Set this as the empty string to make the Chart
+ to compute a random alphanumeric value"
label: "S3 Secret Key"
- required: true
type: string
group: "General"
diff --git a/charts/aquarist-labs/s3gw/templates/NOTES.txt b/charts/aquarist-labs/s3gw/templates/NOTES.txt
index e69de29bb..d27381295 100644
--- a/charts/aquarist-labs/s3gw/templates/NOTES.txt
+++ b/charts/aquarist-labs/s3gw/templates/NOTES.txt
@@ -0,0 +1,16 @@
+Thank you for installing {{ .Chart.Name }} {{ printf "v%s" .Chart.Version }}
+
+The S3 endpoint is available at:
+
+{{ printf "%s.%s" .Values.serviceName .Values.publicDomain | indent 4 }}
+{{ if .Values.ui.enabled}}
+and the web interface is available at:
+
+{{ printf "%s.%s" .Values.ui.serviceName .Values.ui.publicDomain | indent 4 }}
+{{- end }}
+{{ if and (not .Values.useExistingSecret) (empty .Values.accessKey) }}
+An access key has been generated: {{ include "s3gw.defaultAccessKey" . | quote }}
+{{- end }}
+{{- if and (not .Values.useExistingSecret) (empty .Values.secretKey) }}
+A secret key has been generated: {{ include "s3gw.defaultSecretKey" . | quote }}
+{{ end }}
diff --git a/charts/aquarist-labs/s3gw/templates/_helpers.tpl b/charts/aquarist-labs/s3gw/templates/_helpers.tpl
index 66a4a1f46..c22cdc683 100644
--- a/charts/aquarist-labs/s3gw/templates/_helpers.tpl
+++ b/charts/aquarist-labs/s3gw/templates/_helpers.tpl
@@ -97,3 +97,16 @@ Image Pull Secret
{{- $au := (printf "%s:%s" $un $pw | b64enc) }}
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" $rg $un $pw $em $au | b64enc}}
{{- end }}
+
+
+{{/*
+Default Access Credentials
+*/}}
+{{- define "s3gw.defaultAccessKey" -}}
+{{- $key := default (randAlphaNum 32) .Values.accessKey }}
+{{- printf "%s" $key }}
+{{- end }}
+{{- define "s3gw.defaultSecretKey" -}}
+{{- $key := default (randAlphaNum 32) .Values.secretKey }}
+{{- printf "%s" $key }}
+{{- end }}
diff --git a/charts/aquarist-labs/s3gw/templates/deployment.yaml b/charts/aquarist-labs/s3gw/templates/deployment.yaml
index 4731bafeb..500565e40 100644
--- a/charts/aquarist-labs/s3gw/templates/deployment.yaml
+++ b/charts/aquarist-labs/s3gw/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
name: s3-tls
envFrom:
- secretRef:
- name: s3gw-secret
+ name: {{ .Values.defaultUserCredentialsSecret }}
volumeMounts:
- name: s3gw-lh-store
mountPath: /data
@@ -96,5 +96,5 @@ spec:
- configMapRef:
name: s3gw-config
- secretRef:
- name: s3gw-secret
+ name: {{ .Values.defaultUserCredentialsSecret }}
{{- end }}
diff --git a/charts/aquarist-labs/s3gw/templates/secret.yaml b/charts/aquarist-labs/s3gw/templates/secret.yaml
index fd2f64aec..cdf13e1a7 100644
--- a/charts/aquarist-labs/s3gw/templates/secret.yaml
+++ b/charts/aquarist-labs/s3gw/templates/secret.yaml
@@ -1,15 +1,17 @@
+{{- if not .Values.useExistingSecret }}
---
apiVersion: v1
kind: Secret
metadata:
- name: '{{ .Chart.Name }}-secret'
+ name: '{{ .Values.defaultUserCredentialsSecret }}'
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
type: Opaque
stringData:
- RGW_DEFAULT_USER_ACCESS_KEY: {{ .Values.accessKey | quote }}
- RGW_DEFAULT_USER_SECRET_KEY: {{ .Values.secretKey | quote }}
+ RGW_DEFAULT_USER_ACCESS_KEY: {{ include "s3gw.defaultAccessKey" . | quote }}
+ RGW_DEFAULT_USER_SECRET_KEY: {{ include "s3gw.defaultSecretKey" . | quote }}
+{{- end }}
{{- if .Values.imageCredentials }}
---
apiVersion: v1
diff --git a/charts/aquarist-labs/s3gw/values.yaml b/charts/aquarist-labs/s3gw/values.yaml
index 84a33eb3d..ccdb42b4c 100644
--- a/charts/aquarist-labs/s3gw/values.yaml
+++ b/charts/aquarist-labs/s3gw/values.yaml
@@ -55,9 +55,17 @@ ui:
#
# 'serviceName' is the service name of S3GW.
serviceName: "s3gw"
-# 'accessKey' is the S3 Access Key
+# 'useExistingSecret' use an existing secret containing the S3 credentials
+# for the default user
+useExistingSecret: false
+# 'defaultUserCredentialsSecret' the name of the secret containing
+# the S3 Access Key and the S3 Secret Key for the default user.
+defaultUserCredentialsSecret: "s3gw-creds"
+# 'accessKey' is the S3 Access Key; the value is used when useExistingSecret: false.
+# Set this as the empty string to make the Chart to compute a random alphanumeric value.
accessKey: "test"
-# 'secretKey' is the S3 Secret Key
+# 'secretKey' is the S3 Secret Key; the value is used when useExistingSecret: false
+# Set this as the empty string to make the Chart to compute a random alphanumeric value.
secretKey: "test"
# 'publicDomain' is the public domain of S3GW used by the Ingress
publicDomain: "be.127.0.0.1.omg.howdoi.website"
diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml
index efc5cabb9..b366ced6c 100644
--- a/charts/argo/argo-cd/Chart.yaml
+++ b/charts/argo/argo-cd/Chart.yaml
@@ -1,12 +1,13 @@
annotations:
artifacthub.io/changes: |
- - "[Added]: Added logFormat, logLevel and extraArgs to Slack bot"
+ - kind: fixed
+ description: Align changelog structure to show changelogs on Artifact Hub
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
-appVersion: v2.5.8
+appVersion: v2.5.9
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@@ -28,4 +29,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
-version: 5.19.9
+version: 5.19.12
diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md
index 54a11752f..a7c8c287c 100644
--- a/charts/argo/argo-cd/README.md
+++ b/charts/argo/argo-cd/README.md
@@ -874,7 +874,7 @@ server:
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis.image.tag | string | `"7.0.5-alpine"` | Redis tag |
+| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.metrics.enabled | bool | `false` | Deploy metrics service |
@@ -932,7 +932,7 @@ The main options are listed here:
| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
-| redis-ha.image.tag | string | `"7.0.5-alpine"` | Redis tag |
+| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml
index 1a6bdda4e..5cff81684 100644
--- a/charts/argo/argo-cd/values.yaml
+++ b/charts/argo/argo-cd/values.yaml
@@ -987,7 +987,7 @@ redis:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
# -- Redis tag
- tag: 7.0.5-alpine
+ tag: 7.0.7-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@@ -1218,7 +1218,7 @@ redis-ha:
enabled: true
image:
# -- Redis tag
- tag: 7.0.5-alpine
+ tag: 7.0.7-alpine
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints:
diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml
index 579ad5ff5..5a39ea1f7 100644
--- a/charts/bitnami/airflow/Chart.yaml
+++ b/charts/bitnami/airflow/Chart.yaml
@@ -38,4 +38,4 @@ name: airflow
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/airflow
- https://airflow.apache.org/
-version: 14.0.9
+version: 14.0.10
diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md
index 2cb9dc461..258952cfd 100644
--- a/charts/bitnami/airflow/README.md
+++ b/charts/bitnami/airflow/README.md
@@ -703,7 +703,7 @@ Refer to the [chart documentation for more information about how to upgrade from
## License
-Copyright © 2022 Bitnami
+Copyright © 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/charts/bitnami/airflow/templates/web/tls-secrets.yaml b/charts/bitnami/airflow/templates/web/tls-secrets.yaml
index 68781fcd8..560c8b091 100644
--- a/charts/bitnami/airflow/templates/web/tls-secrets.yaml
+++ b/charts/bitnami/airflow/templates/web/tls-secrets.yaml
@@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "airflow-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
- name: {{ printf "%s-tls" .Values.ingress.hostname }}
+ name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@@ -37,8 +38,8 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- tls.crt: {{ $cert.Cert | b64enc | quote }}
- tls.key: {{ $cert.Key | b64enc | quote }}
- ca.crt: {{ $ca.Cert | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}
diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml
index f917e965a..114788e2c 100644
--- a/charts/bitnami/kafka/Chart.yaml
+++ b/charts/bitnami/kafka/Chart.yaml
@@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
-version: 20.0.5
+version: 20.0.6
diff --git a/charts/bitnami/kafka/templates/tls-secrets.yaml b/charts/bitnami/kafka/templates/tls-secrets.yaml
index fdf350e87..d6b1adc28 100644
--- a/charts/bitnami/kafka/templates/tls-secrets.yaml
+++ b/charts/bitnami/kafka/templates/tls-secrets.yaml
@@ -5,6 +5,7 @@
{{- $fullname := include "common.names.fullname" . }}
{{- $ca := genCA "kafka-ca" 365 }}
{{- range $i := until $replicaCount }}
+{{- $secretName := printf "%s-%d-tls" (include "common.names.fullname" $) $i }}
{{- $replicaHost := printf "%s-%d.%s-headless" $fullname $i $fullname }}
{{- $altNames := list (printf "%s.%s.svc.%s" $replicaHost $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $replicaHost $releaseNamespace) (printf "%s.%s" $fullname $releaseNamespace) $replicaHost $fullname }}
{{- $cert := genSignedCert $replicaHost nil $altNames 365 $ca }}
@@ -22,9 +23,9 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- ca.crt: {{ $ca.Cert | b64enc | quote }}
- tls.crt: {{ $cert.Cert | b64enc | quote }}
- tls.key: {{ $cert.Key | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
---
{{- end }}
{{- end }}
diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml
index 179e69532..d5988e4df 100644
--- a/charts/bitnami/mariadb/Chart.yaml
+++ b/charts/bitnami/mariadb/Chart.yaml
@@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
-version: 11.4.4
+version: 11.4.5
diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md
index 381149316..d9236ee13 100644
--- a/charts/bitnami/mariadb/README.md
+++ b/charts/bitnami/mariadb/README.md
@@ -7,10 +7,10 @@ MariaDB is an open source, community-developed SQL database server that is widel
[Overview of MariaDB](https://mariadb.org/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
-
+
## TL;DR
-```bash
+```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/mariadb
```
@@ -33,7 +33,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
-```bash
+```console
+$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/mariadb
```
@@ -45,7 +46,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati
To uninstall/delete the `my-release` deployment:
-```bash
+```console
$ helm delete my-release
```
@@ -108,184 +109,188 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB Primary parameters
-| Name | Description | Value |
-| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- |
-| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
-| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
-| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
-| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
-| `primary.hostAliases` | Add deployment host aliases | `[]` |
-| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
-| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
-| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
-| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
-| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
-| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
-| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
-| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
-| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
-| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
-| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
-| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
-| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
-| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
-| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
-| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
-| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
-| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
-| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
-| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
-| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
-| `primary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` |
-| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
-| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
-| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
-| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
-| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
-| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
-| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
-| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
-| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
-| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
-| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
-| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
-| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
-| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
-| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
-| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
-| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
-| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
-| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
-| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
-| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
-| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
-| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
-| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
-| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
-| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
-| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
-| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
-| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
-| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
-| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
-| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
-| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
-| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
-| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
-| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
-| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
-| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
-| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
-| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
-| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
-| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
-| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
-| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
-| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
-| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
-| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
-| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
-| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
-| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
-| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
-| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
-| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
-| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
-| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
-| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
+| Name | Description | Value |
+| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- |
+| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
+| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` |
+| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` |
+| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` |
+| `primary.hostAliases` | Add deployment host aliases | `[]` |
+| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` |
+| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` |
+| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` |
+| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` |
+| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` |
+| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` |
+| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` |
+| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
+| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` |
+| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` |
+| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` |
+| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
+| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` |
+| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` |
+| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` |
+| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` |
+| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` |
+| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
+| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` |
+| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` |
+| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
+| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
+| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
+| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
+| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
+| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
+| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
+| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
+| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
+| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
+| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
+| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
+| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
+| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
+| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
+| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` |
+| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` |
+| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` |
+| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` |
+| `primary.extraFlags` | MariaDB primary additional command line flags | `""` |
+| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` |
+| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` |
+| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` |
+| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
+| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
+| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
+| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
+| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
+| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
+| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
+| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
+| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` |
+| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` |
+| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` |
+| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` |
+| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` |
+| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` |
+| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` |
+| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` |
+| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` |
+| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
+| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
+| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` |
+| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` |
+| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` |
+| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` |
+| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` |
+| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### MariaDB Secondary parameters
-| Name | Description | Value |
-| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- |
-| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
-| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
-| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
-| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
-| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
-| `secondary.hostAliases` | Add deployment host aliases | `[]` |
-| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
-| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
-| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
-| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
-| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
-| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
-| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
-| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
-| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
-| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
-| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
-| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
-| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
-| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
-| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
-| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
-| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
-| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
-| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
-| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
-| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
-| `secondary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` |
-| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
-| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
-| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
-| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
-| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
-| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
-| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
-| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
-| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
-| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
-| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
-| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
-| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
-| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
-| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
-| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
-| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
-| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
-| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
-| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
-| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
-| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
-| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
-| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
-| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
-| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
-| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
-| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
-| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
-| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
-| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
-| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
-| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
-| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
-| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
-| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
-| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
-| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
-| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
-| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
-| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
-| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
-| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
-| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
-| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
-| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
-| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
-| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
-| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
-| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
-| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
-| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
-| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
-| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
-| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
+| Name | Description | Value |
+| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- |
+| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
+| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` |
+| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
+| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` |
+| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` |
+| `secondary.hostAliases` | Add deployment host aliases | `[]` |
+| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` |
+| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` |
+| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` |
+| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` |
+| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` |
+| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` |
+| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
+| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
+| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` |
+| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` |
+| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` |
+| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` |
+| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` |
+| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` |
+| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
+| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` |
+| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` |
+| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
+| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` |
+| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` |
+| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
+| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
+| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
+| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
+| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
+| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
+| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
+| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` |
+| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
+| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
+| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
+| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
+| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
+| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
+| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
+| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` |
+| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` |
+| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` |
+| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` |
+| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` |
+| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` |
+| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` |
+| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` |
+| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
+| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
+| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
+| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
+| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
+| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
+| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
+| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` |
+| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` |
+| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` |
+| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` |
+| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` |
+| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` |
+| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` |
+| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` |
+| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` |
+| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
+| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
+| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` |
+| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` |
+| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` |
+| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` |
+| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` |
+| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` |
### RBAC parameters
@@ -316,47 +321,49 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters
-| Name | Description | Value |
-| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
-| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
-| `metrics.image.registry` | Exporter image registry | `docker.io` |
-| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
-| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` |
-| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
-| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
-| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
-| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
-| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
-| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
-| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
-| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
-| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
-| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
-| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
-| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
-| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
-| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
-| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
-| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
-| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
-| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
-| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
-| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
-| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
-| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
-| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
-| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
-| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
-| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
-| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
-| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
-| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
-| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
-| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
-| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
-| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
-| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
+| Name | Description | Value |
+| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
+| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
+| `metrics.image.registry` | Exporter image registry | `docker.io` |
+| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
+| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` |
+| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
+| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
+| `metrics.annotations` | Annotations for the Exporter pod | `{}` |
+| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
+| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
+| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
+| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
+| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
+| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
+| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
+| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
+| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
+| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
+| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
+| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
+| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
+| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
+| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
+| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
+| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
+| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
+| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
+| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
+| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
+| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
+| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
+| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
+| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
+| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
+| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
### NetworkPolicy parameters
@@ -383,7 +390,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-```bash
+```console
$ helm install my-release \
--set auth.rootPassword=secretpassword,auth.database=app_database \
my-repo/mariadb
@@ -395,7 +402,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-```bash
+```console
$ helm install my-release -f values.yaml my-repo/mariadb
```
@@ -455,7 +462,7 @@ Find more information about how to deal with common errors related to Bitnami's
It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:
-```bash
+```console
$ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD]
```
@@ -512,7 +519,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new
- Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/).
- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`:
-```bash
+```console
$ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
```
diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml
index 5050374c6..dc40d203b 100644
--- a/charts/bitnami/mariadb/values.yaml
+++ b/charts/bitnami/mariadb/values.yaml
@@ -313,12 +313,16 @@ primary:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext
## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container
- ## @param primary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
+ ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
+ ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
+ ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
+ privileged: false
+ allowPrivilegeEscalation: false
## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -702,12 +706,16 @@ secondary:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext
## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container
- ## @param secondary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
+ ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
+ ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
+ ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
+ privileged: false
+ allowPrivilegeEscalation: false
## MariaDB secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -1081,6 +1089,8 @@ metrics:
## MariaDB metrics container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
+ ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
+ ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## Example:
## containerSecurityContext:
## enabled: true
@@ -1090,6 +1100,8 @@ metrics:
##
containerSecurityContext:
enabled: false
+ privileged: false
+ allowPrivilegeEscalation: false
## Mysqld Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml
index 1b8380966..53347d4ce 100644
--- a/charts/bitnami/postgresql/Chart.yaml
+++ b/charts/bitnami/postgresql/Chart.yaml
@@ -32,4 +32,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
-version: 12.1.11
+version: 12.1.13
diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md
index d48ef4740..d8c4fb49a 100644
--- a/charts/bitnami/postgresql/README.md
+++ b/charts/bitnami/postgresql/README.md
@@ -102,7 +102,7 @@ $ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
-| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r28` |
+| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r30` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@@ -383,7 +383,7 @@ $ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r76` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -412,7 +412,7 @@ $ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
-| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r53` |
+| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r54` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
@@ -679,7 +679,7 @@ Refer to the [chart documentation for more information about how to upgrade from
## License
-Copyright © 2022 Bitnami
+Copyright © 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml b/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml
index 75a1b81be..a38b52a8a 100644
--- a/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml
+++ b/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml
@@ -9,6 +9,7 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
+ {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -16,6 +17,7 @@ metadata:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
+ {{- end }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
diff --git a/charts/bitnami/postgresql/templates/primary/statefulset.yaml b/charts/bitnami/postgresql/templates/primary/statefulset.yaml
index 653138cde..0e312ea63 100644
--- a/charts/bitnami/postgresql/templates/primary/statefulset.yaml
+++ b/charts/bitnami/postgresql/templates/primary/statefulset.yaml
@@ -12,6 +12,7 @@ metadata:
{{- if .Values.primary.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }}
{{- end }}
+ {{- if or .Values.commonAnnotations .Values.primary.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -19,6 +20,7 @@ metadata:
{{- if .Values.primary.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }}
{{- end }}
+ {{- end }}
spec:
replicas: 1
serviceName: {{ include "postgresql.primary.svc.headless" . }}
@@ -39,6 +41,7 @@ spec:
{{- if .Values.primary.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }}
{{- end }}
+ {{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }}
annotations:
{{- if (include "postgresql.primary.createConfigmap" .) }}
checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }}
@@ -49,6 +52,7 @@ spec:
{{- if .Values.primary.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
+ {{- end }}
spec:
{{- if .Values.primary.extraPodSpec }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }}
@@ -89,6 +93,7 @@ spec:
{{- end }}
hostNetwork: {{ .Values.primary.hostNetwork }}
hostIPC: {{ .Values.primary.hostIPC }}
+ {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled)) .Values.primary.initContainers }}
initContainers:
{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
- name: copy-certs
@@ -177,6 +182,7 @@ spec:
{{- if .Values.primary.initContainers }}
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }}
{{- end }}
+ {{- end }}
containers:
- name: postgresql
image: {{ include "postgresql.image" . }}
diff --git a/charts/bitnami/postgresql/templates/primary/svc.yaml b/charts/bitnami/postgresql/templates/primary/svc.yaml
index cf184809a..6ddd55b7b 100644
--- a/charts/bitnami/postgresql/templates/primary/svc.yaml
+++ b/charts/bitnami/postgresql/templates/primary/svc.yaml
@@ -8,6 +8,7 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: primary
+ {{- if or .Values.commonAnnotations .Values.primary.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -15,6 +16,7 @@ metadata:
{{- if .Values.primary.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }}
{{- end }}
+ {{- end }}
spec:
type: {{ .Values.primary.service.type }}
{{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }}
diff --git a/charts/bitnami/postgresql/templates/read/metrics-svc.yaml b/charts/bitnami/postgresql/templates/read/metrics-svc.yaml
index b3e54974e..6f54ed243 100644
--- a/charts/bitnami/postgresql/templates/read/metrics-svc.yaml
+++ b/charts/bitnami/postgresql/templates/read/metrics-svc.yaml
@@ -9,6 +9,7 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
+ {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -16,6 +17,7 @@ metadata:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
+ {{- end }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
diff --git a/charts/bitnami/postgresql/templates/read/statefulset.yaml b/charts/bitnami/postgresql/templates/read/statefulset.yaml
index 80c8e8bba..6d35e4747 100644
--- a/charts/bitnami/postgresql/templates/read/statefulset.yaml
+++ b/charts/bitnami/postgresql/templates/read/statefulset.yaml
@@ -13,6 +13,7 @@ metadata:
{{- if .Values.readReplicas.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }}
{{- end }}
+ {{- if or .Values.commonAnnotations .Values.readReplicas.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -20,6 +21,7 @@ metadata:
{{- if .Values.readReplicas.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }}
{{- end }}
+ {{- end }}
spec:
replicas: {{ .Values.readReplicas.replicaCount }}
serviceName: {{ include "postgresql.readReplica.svc.headless" . }}
@@ -40,6 +42,7 @@ spec:
{{- if .Values.readReplicas.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }}
{{- end }}
+ {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
annotations:
{{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }}
@@ -47,6 +50,7 @@ spec:
{{- if .Values.readReplicas.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
+ {{- end }}
spec:
{{- if .Values.readReplicas.extraPodSpec }}
{{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }}
@@ -87,6 +91,7 @@ spec:
{{- end }}
hostNetwork: {{ .Values.readReplicas.hostNetwork }}
hostIPC: {{ .Values.readReplicas.hostIPC }}
+ {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }}
initContainers:
{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
- name: copy-certs
@@ -175,6 +180,7 @@ spec:
{{- if .Values.readReplicas.initContainers }}
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }}
{{- end }}
+ {{- end }}
containers:
- name: postgresql
image: {{ include "postgresql.image" . }}
diff --git a/charts/bitnami/postgresql/templates/read/svc.yaml b/charts/bitnami/postgresql/templates/read/svc.yaml
index 3eece4dbb..c308c3f60 100644
--- a/charts/bitnami/postgresql/templates/read/svc.yaml
+++ b/charts/bitnami/postgresql/templates/read/svc.yaml
@@ -9,6 +9,7 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: read
+ {{- if or .Values.commonAnnotations .Values.readReplicas.service.annotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -16,6 +17,7 @@ metadata:
{{- if .Values.readReplicas.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }}
{{- end }}
+ {{- end }}
spec:
type: {{ .Values.readReplicas.service.type }}
{{- if or (eq .Values.readReplicas.service.type "LoadBalancer") (eq .Values.readReplicas.service.type "NodePort") }}
diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml
index fbbc4c4ff..5dc54be9c 100644
--- a/charts/bitnami/postgresql/values.yaml
+++ b/charts/bitnami/postgresql/values.yaml
@@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
- tag: 15.1.0-debian-11-r28
+ tag: 15.1.0-debian-11-r30
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1130,7 +1130,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r76
+ tag: 11-debian-11-r77
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1217,7 +1217,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
- tag: 0.11.1-debian-11-r53
+ tag: 0.11.1-debian-11-r54
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml
index 61eadb7a6..94b29d45f 100644
--- a/charts/bitnami/spark/Chart.yaml
+++ b/charts/bitnami/spark/Chart.yaml
@@ -28,4 +28,4 @@ name: spark
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/spark
- https://spark.apache.org/
-version: 6.3.15
+version: 6.3.16
diff --git a/charts/bitnami/spark/templates/tls-secrets.yaml b/charts/bitnami/spark/templates/tls-secrets.yaml
index 9687b878f..08b75a650 100644
--- a/charts/bitnami/spark/templates/tls-secrets.yaml
+++ b/charts/bitnami/spark/templates/tls-secrets.yaml
@@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "spark-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
- name: {{ printf "%s-tls" .Values.ingress.hostname }}
+ name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@@ -37,12 +38,13 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- tls.crt: {{ $cert.Cert | b64enc | quote }}
- tls.key: {{ $cert.Key | b64enc | quote }}
- ca.crt: {{ $ca.Cert | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}
{{- if (include "spark.createTlsSecret" . ) }}
+{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "spark-internal-ca" 365 }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
@@ -50,12 +52,12 @@ data:
{{- $headlessServiceName := printf "%s-headless" ( include "common.names.fullname" . ) }}
{{- $masterServiceName := printf "%s-master-svc" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
---
apiVersion: v1
kind: Secret
metadata:
- name: {{ printf "%s-crt" (include "common.names.fullname" .) }}
+ name: {{ $secretName }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -65,7 +67,7 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- ca.crt: {{ $ca.Cert | b64enc | quote }}
- tls.crt: {{ $crt.Cert | b64enc | quote }}
- tls.key: {{ $crt.Key | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml
index 4e81b01e4..e17b0abcb 100644
--- a/charts/bitnami/tomcat/Chart.yaml
+++ b/charts/bitnami/tomcat/Chart.yaml
@@ -32,4 +32,4 @@ name: tomcat
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org
-version: 10.5.9
+version: 10.5.10
diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md
index 30e185aeb..0baf0b283 100644
--- a/charts/bitnami/tomcat/README.md
+++ b/charts/bitnami/tomcat/README.md
@@ -7,7 +7,7 @@ Apache Tomcat is an open-source web server designed to host and run Java-based w
[Overview of Apache Tomcat](http://tomcat.apache.org/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
-
+
## TL;DR
```console
diff --git a/charts/bitnami/tomcat/templates/tls-secrets.yaml b/charts/bitnami/tomcat/templates/tls-secrets.yaml
index 0087dd412..1dfc255a8 100644
--- a/charts/bitnami/tomcat/templates/tls-secrets.yaml
+++ b/charts/bitnami/tomcat/templates/tls-secrets.yaml
@@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "tomcat-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
- name: {{ printf "%s-tls" .Values.ingress.hostname }}
+ name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@@ -37,8 +38,8 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- tls.crt: {{ $cert.Cert | b64enc | quote }}
- tls.key: {{ $cert.Key | b64enc | quote }}
- ca.crt: {{ $ca.Cert | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}
diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml
index eb37a8879..2ffa7158e 100644
--- a/charts/bitnami/wordpress/Chart.yaml
+++ b/charts/bitnami/wordpress/Chart.yaml
@@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
-version: 15.2.35
+version: 15.2.36
diff --git a/charts/bitnami/wordpress/templates/tls-secrets.yaml b/charts/bitnami/wordpress/templates/tls-secrets.yaml
index 0aa734a2d..0805d18eb 100644
--- a/charts/bitnami/wordpress/templates/tls-secrets.yaml
+++ b/charts/bitnami/wordpress/templates/tls-secrets.yaml
@@ -21,12 +21,13 @@ data:
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
{{- $ca := genCA "wordpress-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
- name: {{ printf "%s-tls" .Values.ingress.hostname }}
+ name: {{ $secretName }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@@ -37,8 +38,8 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- tls.crt: {{ $cert.Cert | b64enc | quote }}
- tls.key: {{ $cert.Key | b64enc | quote }}
- ca.crt: {{ $ca.Cert | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}
diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml
index cf43bda42..b33976b57 100644
--- a/charts/bitnami/zookeeper/Chart.yaml
+++ b/charts/bitnami/zookeeper/Chart.yaml
@@ -4,10 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: zookeeper
category: Infrastructure
- licenses: |
- - Apache-2.0
+ licenses: Apache-2.0
apiVersion: v2
-appVersion: 3.8.0
+appVersion: 3.8.1
dependencies:
- name: common
repository: file://./charts/common
@@ -27,4 +26,4 @@ name: zookeeper
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
- https://zookeeper.apache.org/
-version: 11.1.0
+version: 11.1.2
diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md
index 7a1c17ffb..a6714635f 100644
--- a/charts/bitnami/zookeeper/README.md
+++ b/charts/bitnami/zookeeper/README.md
@@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
-| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r74` |
+| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r0` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -255,7 +255,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r69` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -518,7 +518,7 @@ $ kubectl delete statefulset zookeeper-zookeeper --cascade=false
## License
-Copyright © 2022 Bitnami
+Copyright © 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/charts/bitnami/zookeeper/templates/tls-secrets.yaml b/charts/bitnami/zookeeper/templates/tls-secrets.yaml
index a07480d55..3d7e15926 100644
--- a/charts/bitnami/zookeeper/templates/tls-secrets.yaml
+++ b/charts/bitnami/zookeeper/templates/tls-secrets.yaml
@@ -1,4 +1,5 @@
{{- if (include "zookeeper.client.createTlsSecret" .) }}
+{{- $secretName := printf "%s-client-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "zookeeper-client-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
@@ -6,11 +7,11 @@
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
- name: {{ include "common.names.fullname" . }}-client-crt
+ name: {{ $secretName }}
namespace: {{ template "zookeeper.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@@ -21,11 +22,12 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- ca.crt: {{ $ca.Cert | b64enc | quote }}
- tls.crt: {{ $crt.Cert | b64enc | quote }}
- tls.key: {{ $crt.Key | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- if (include "zookeeper.quorum.createTlsSecret" .) }}
+{{- $secretName := printf "%s-quorum-crt" (include "common.names.fullname" .) }}
{{- $ca := genCA "zookeeper-quorum-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
@@ -33,12 +35,12 @@ data:
{{- $serviceName := include "common.names.fullname" . }}
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }}
-{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
---
apiVersion: v1
kind: Secret
metadata:
- name: {{ include "common.names.fullname" . }}-quorum-crt
+ name: {{ $secretName }}
namespace: {{ template "zookeeper.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
@@ -49,7 +51,7 @@ metadata:
{{- end }}
type: kubernetes.io/tls
data:
- ca.crt: {{ $ca.Cert | b64enc | quote }}
- tls.crt: {{ $crt.Cert | b64enc | quote }}
- tls.key: {{ $crt.Key | b64enc | quote }}
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml
index b9d59000d..abfdf67ab 100644
--- a/charts/bitnami/zookeeper/values.yaml
+++ b/charts/bitnami/zookeeper/values.yaml
@@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
- tag: 3.8.0-debian-11-r74
+ tag: 3.8.1-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r69
+ tag: 11-debian-11-r77
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
index c638f45bf..c51b03e94 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=v1.16.0-0'
catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller
apiVersion: v2
-appVersion: 1.28.2
+appVersion: 1.29.5
description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running
as sidecar.
home: https://www.citrix.com
@@ -18,4 +18,4 @@ maintainers:
name: citrix-cpx-with-ingress-controller
sources:
- https://github.com/citrix/citrix-k8s-ingress-controller
-version: 1.28.2
+version: 1.29.5
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/README.md b/charts/citrix/citrix-cpx-with-ingress-controller/README.md
index a5c39557e..accfd0af3 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/README.md
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/README.md
@@ -455,7 +455,7 @@ The following table lists the configurable parameters of the Citrix ADC CPX with
| daemonSet | Optional | False | Set this to true if Citrix ADC CPX needs to be deployed as DaemonSet. |
| cic.imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry |
| cic.imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository |
-| cic.imageTag | Mandatory | `1.28.2` | The Citrix ingress controller image tag |
+| cic.imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag |
| cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. |
| cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX |
| cic.resources | Optional | {} | CPU/Memory resource requests/limits for Citrix Ingress Controller container |
@@ -475,6 +475,9 @@ The following table lists the configurable parameters of the Citrix ADC CPX with
| nsHTTP2ServerSide | Optional | OFF | Set this argument to `ON` for enabling HTTP2 for Citrix ADC service group configurations. |
| cpxLicenseAggregator | Optional | N/A | IP/FQDN of the CPX License Aggregator if it is being used to license the CPX. |
| nsCookieVersion | Optional | 0 | Specify the persistence cookie version (0 or 1). |
+| profileSslFrontend | Optional | N/A | Specify the frontend SSL profile. For Details see [Configuration using FRONTEND_SSL_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
+| profileTcpFrontend | Optional | N/A | Specify the frontend TCP profile. For Details see [Configuration using FRONTEND_TCP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
+| profileHttpFrontend | Optional | N/A | Specify the frontend HTTP profile. For Details see [Configuration using FRONTEND_HTTP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. |
| nsProtocol | Optional | http | Protocol http or https used for the communication between Citrix Ingress Controller and CPX |
| cpxBgpRouter | Optional | false| If set to true, this CPX is deployed as daemonset in BGP controller mode wherein BGP advertisements are done for attracting external traffic to Kubernetes clusters |
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
index 6ff58466f..54c7c448d 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
@@ -1815,7 +1815,7 @@ spec:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
- type: object
+ type: string
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
index 70ee6057b..815fe6bd3 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
@@ -129,6 +129,8 @@ spec:
name: shared-data
- mountPath: /cpx/
name: cpx-volume
+ - mountPath: /cpx/conf
+ name: cpx-volume-conf
{{- if .Values.cic.required }}
# Add cic as a sidecar
- name: cic
@@ -301,6 +303,8 @@ spec:
emptyDir: {}
- name: cpx-volume
emptyDir: {}
+ - name: cpx-volume-conf
+ emptyDir: {}
{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }}
nodeSelector:
{{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }}
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml
index dff57083e..ac7aab2a2 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml
@@ -69,3 +69,18 @@ data:
hashFingers: {{ .Values.nsLbHashAlgo.hashFingers }}
hashAlgorithm: {{ .Values.nsLbHashAlgo.hashAlgorithm | quote }}
{{- end }}
+
+{{- if .Values.profileSslFrontend }}
+ FRONTEND_SSL_PROFILE: |
+ {{- toYaml .Values.profileSslFrontend | nindent 4 }}
+{{- end }}
+
+{{- if .Values.profileTcpFrontend }}
+ FRONTEND_TCP_PROFILE: |
+ {{- toYaml .Values.profileTcpFrontend | nindent 4 }}
+{{- end }}
+
+{{- if .Values.profileHttpFrontend }}
+ FRONTEND_HTTP_PROFILE: |
+ {{- toYaml .Values.profileHttpFrontend | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
index cc236087c..65a8dc2ef 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
@@ -5,7 +5,7 @@
# Citrix ADC CPX config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-cpx-ingress
-imageTag: 13.1-30.52
+imageTag: 13.1-37.38
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
@@ -82,7 +82,7 @@ servicePorts: []
cic:
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
- imageTag: 1.28.2
+ imageTag: 1.29.5
image: "{{ .Values.cic.imageRegistry }}/{{ .Values.cic.imageRepository }}:{{ .Values.cic.imageTag }}"
pullPolicy: IfNotPresent
required: true
@@ -113,6 +113,25 @@ updateIngressStatus: False
logProxy:
kubernetesURL:
disableOpenshiftRoutes:
+profileSslFrontend: {}
+ # preconfigured: my_ssl_profile
+ # OR
+ # config:
+ # tls13: 'ENABLED'
+ # hsts: 'ENABLED'
+profileHttpFrontend: {}
+ # preconfigured: my_http_profile
+ # OR
+ # config:
+ # dropinvalreqs: 'ENABLED'
+ # websocket: 'ENABLED'
+profileTcpFrontend: {}
+ # preconfigured: my_tcp_profile
+ # OR
+ # config:
+ # sack: 'ENABLED'
+ # nagle: 'ENABLED'
+
# Citrix ADM/License Server config details
ADMSettings:
diff --git a/charts/citrix/citrix-ingress-controller/Chart.yaml b/charts/citrix/citrix-ingress-controller/Chart.yaml
index 0ec97ad7f..ecd39f165 100644
--- a/charts/citrix/citrix-ingress-controller/Chart.yaml
+++ b/charts/citrix/citrix-ingress-controller/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=v1.16.0-0'
catalog.cattle.io/release-name: citrix-ingress-controller
apiVersion: v2
-appVersion: 1.28.2
+appVersion: 1.29.5
description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX.
home: https://www.citrix.com
icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
@@ -17,4 +17,4 @@ maintainers:
name: citrix-ingress-controller
sources:
- https://github.com/citrix/citrix-k8s-ingress-controller
-version: 1.28.2
+version: 1.29.5
diff --git a/charts/citrix/citrix-ingress-controller/README.md b/charts/citrix/citrix-ingress-controller/README.md
index 955301483..402ca6521 100644
--- a/charts/citrix/citrix-ingress-controller/README.md
+++ b/charts/citrix/citrix-ingress-controller/README.md
@@ -316,7 +316,7 @@ The following table lists the mandatory and optional parameters that you can con
| license.accept | Mandatory | no | Set `yes` to accept the CIC end user license agreement. |
| imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry |
| imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository |
-| imageTag | Mandatory | `1.28.2` | The Citrix ingress controller image tag |
+| imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag |
| pullPolicy | Mandatory | IfNotPresent | The CIC image pull policy. |
| imagePullSecrets | Optional | N/A | Provide list of Kubernetes secrets to be used for pulling the images from a private Docker registry or repository. For more information on how to create this secret please see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). |
| nameOverride | Optional | N/A | String to partially override deployment fullname template with a string (will prepend the release name) |
@@ -351,6 +351,9 @@ The following table lists the mandatory and optional parameters that you can con
| ignoreNodeExternalIP | Optional | False | While adding NodeIP, as Service group members for type LoadBalancer services or NodePort services, Citrix Ingress Controller has a selection criteria whereas it choose Node ExternalIP if available and Node InternalIP, if Node ExternalIP is not present. But some users may want to use Node InternalIP over Node ExternalIP even if Node ExternalIP is present. If this variable is set to `True`, then it prioritises the Node Internal IP to be used for service group members even if node ExternalIP is present |
| nsHTTP2ServerSide | Optional | OFF | Set this argument to `ON` for enabling HTTP2 for Citrix ADC service group configurations. |
| nsCookieVersion | Optional | 0 | Specify the persistence cookie version (0 or 1). |
+| profileSslFrontend | Optional | N/A | Specify the frontend SSL profile. For Details see [Configuration using FRONTEND_SSL_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
+| profileTcpFrontend | Optional | N/A | Specify the frontend TCP profile. For Details see [Configuration using FRONTEND_TCP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
+| profileHttpFrontend | Optional | N/A | Specify the frontend HTTP profile. For Details see [Configuration using FRONTEND_HTTP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) |
| ipam | Optional | False | Set this argument if you want to use the IPAM controller to automatically allocate an IP address to the service of type LoadBalancer. |
| disableAPIServerCertVerify | Optional | False | Set this parameter to True for disabling API Server certificate verification. |
| logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. |
diff --git a/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml b/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
index 6ff58466f..54c7c448d 100644
--- a/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
+++ b/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
@@ -1815,7 +1815,7 @@ spec:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
- type: object
+ type: string
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:
diff --git a/charts/citrix/citrix-ingress-controller/templates/configmap.yaml b/charts/citrix/citrix-ingress-controller/templates/configmap.yaml
index a765d0005..586906391 100644
--- a/charts/citrix/citrix-ingress-controller/templates/configmap.yaml
+++ b/charts/citrix/citrix-ingress-controller/templates/configmap.yaml
@@ -58,3 +58,18 @@ data:
hashFingers: {{ .Values.nsLbHashAlgo.hashFingers }}
hashAlgorithm: {{ .Values.nsLbHashAlgo.hashAlgorithm | quote }}
{{- end }}
+
+{{- if .Values.profileSslFrontend }}
+ FRONTEND_SSL_PROFILE: |
+ {{- toYaml .Values.profileSslFrontend | nindent 4 }}
+{{- end }}
+
+{{- if .Values.profileTcpFrontend }}
+ FRONTEND_TCP_PROFILE: |
+ {{- toYaml .Values.profileTcpFrontend | nindent 4 }}
+{{- end }}
+
+{{- if .Values.profileHttpFrontend }}
+ FRONTEND_HTTP_PROFILE: |
+ {{- toYaml .Values.profileHttpFrontend | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/citrix/citrix-ingress-controller/values.yaml b/charts/citrix/citrix-ingress-controller/values.yaml
index ba6cda298..480aab871 100644
--- a/charts/citrix/citrix-ingress-controller/values.yaml
+++ b/charts/citrix/citrix-ingress-controller/values.yaml
@@ -5,7 +5,7 @@
# Citrix Ingress Controller config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
-imageTag: 1.28.2
+imageTag: 1.29.5
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
@@ -67,6 +67,24 @@ optimizeEndpointBinding:
routeLabels:
namespaceLabels:
disableOpenshiftRoutes:
+profileSslFrontend: {}
+ # preconfigured: my_ssl_profile
+ # OR
+ # config:
+ # tls13: 'ENABLED'
+ # hsts: 'ENABLED'
+profileHttpFrontend: {}
+ # preconfigured: my_http_profile
+ # OR
+ # config:
+ # dropinvalreqs: 'ENABLED'
+ # websocket: 'ENABLED'
+profileTcpFrontend: {}
+ # preconfigured: my_tcp_profile
+ # OR
+ # config:
+ # sack: 'ENABLED'
+ # nagle: 'ENABLED'
# Exporter config details
exporter:
diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock
index caec122c6..59c636bad 100644
--- a/charts/crate/crate-operator/Chart.lock
+++ b/charts/crate/crate-operator/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: crate-operator-crds
repository: file://../crate-operator-crds
- version: 2.20.0
-digest: sha256:204873fcb33f361a558b333f431174c3b9bfcf6ea266c1f022cf5d11f24c66de
-generated: "2022-12-15T15:11:32.447020049Z"
+ version: 2.22.0
+digest: sha256:ea59e13300da29acfb32097bfb382649618e7bf503248896fc5c9a66846ee36a
+generated: "2023-01-31T14:30:10.49197227Z"
diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml
index 41ce8f8a5..4d8ee0ecf 100644
--- a/charts/crate/crate-operator/Chart.yaml
+++ b/charts/crate/crate-operator/Chart.yaml
@@ -3,16 +3,16 @@ annotations:
catalog.cattle.io/display-name: CrateDB Operator
catalog.cattle.io/release-name: crate-operator
apiVersion: v2
-appVersion: 2.20.0
+appVersion: 2.22.0
dependencies:
- condition: crate-operator-crds.enabled
name: crate-operator-crds
repository: file://./charts/crate-operator-crds
- version: 2.20.0
+ version: 2.22.0
description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
maintainers:
- name: Crate.io
name: crate-operator
type: application
-version: 2.20.0
+version: 2.22.0
diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
index 7d9e0268a..a33d3041a 100644
--- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
+++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
@@ -1,9 +1,9 @@
apiVersion: v2
-appVersion: 2.20.0
+appVersion: 2.22.0
description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
Resource Definitions (CRDs) for the Crate Operator.
maintainers:
- name: Crate.io
name: crate-operator-crds
type: application
-version: 2.20.0
+version: 2.22.0
diff --git a/charts/gitlab/gitlab/CHANGELOG.md b/charts/gitlab/gitlab/CHANGELOG.md
index 18e345ae3..ceffda4bc 100644
--- a/charts/gitlab/gitlab/CHANGELOG.md
+++ b/charts/gitlab/gitlab/CHANGELOG.md
@@ -2,6 +2,10 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 6.8.1 (2023-01-30)
+
+No changes.
+
## 6.8.0 (2023-01-20)
### Added (4 changes)
diff --git a/charts/gitlab/gitlab/Chart.yaml b/charts/gitlab/gitlab/Chart.yaml
index c0207dd0f..e378aa304 100644
--- a/charts/gitlab/gitlab/Chart.yaml
+++ b/charts/gitlab/gitlab/Chart.yaml
@@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: GitLab
catalog.cattle.io/release-name: gitlab
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: The One DevOps Platform
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
@@ -15,4 +15,4 @@ maintainers:
name: gitlab
sources:
- https://gitlab.com/gitlab-org/charts/gitlab
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
index 4d12be815..45a2e9a68 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: GitLab Geo logcursor
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -12,4 +12,4 @@ name: geo-logcursor
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
index 01c4160fe..0409d89dd 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: Git RPC service for handling all the git calls made by GitLab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: gitaly
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
index 8201d3f34..b9b05f2ff 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
@@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter
- https://gitlab.com/gitlab-org/gitlab-exporter
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
index f0bfe6f7b..0ac621b2d 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: Adapt the Grafana chart to interface to the GitLab App
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: gitlab-grafana
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
index 1022812dc..47cb17dc7 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: Daemon for serving static websites from GitLab projects
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages
- https://gitlab.com/gitlab-org/gitlab-pages
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
index 9119fd2eb..56f6b494d 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
@@ -14,4 +14,4 @@ name: gitlab-shell
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
index 8996fadeb..8fe68eb86 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
@@ -17,4 +17,4 @@ name: kas
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas
- https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
index 92fd174af..b7cc6d800 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
@@ -13,4 +13,4 @@ name: mailroom
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
index fe1ca3d6c..b879453d9 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: Database migrations and other versioning tasks for upgrading Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -12,4 +12,4 @@ name: migrations
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
index 025ffe32d..e7f16f78c 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
home: https://about.gitlab.com/
@@ -16,4 +16,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
- https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
index 9fe1f9a3d..b881de0c8 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: Gitlab Sidekiq for asynchronous task processing in rails
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: sidekiq
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
index 9085ef4ee..95a42323f 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
@@ -14,4 +14,4 @@ name: spamcheck
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck
- https://gitlab.com/gitlab-org/spamcheck
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
index 4280919ad..3faf4e51d 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: For manually running rake tasks through kubectl
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: toolbox
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
index 817a85b99..d7d95569b 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.8.0
+appVersion: 15.8.1
description: HTTP server for Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ name: webservice
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice
-version: 6.8.0
+version: 6.8.1
diff --git a/charts/gitlab/gitlab/requirements.lock b/charts/gitlab/gitlab/requirements.lock
index aa6e51848..19440d32e 100644
--- a/charts/gitlab/gitlab/requirements.lock
+++ b/charts/gitlab/gitlab/requirements.lock
@@ -33,4 +33,4 @@ dependencies:
repository: ""
version: '*.*.*'
digest: sha256:c875719651c62cf5fd5d202fc90cb3519c6268e4fe37d68eddf247da2c7c317f
-generated: "2023-01-22T13:24:31.4249885Z"
+generated: "2023-01-31T12:08:44.946412334Z"
diff --git a/charts/instana/instana-agent/Chart.yaml b/charts/instana/instana-agent/Chart.yaml
index 8e7351321..e3109793d 100644
--- a/charts/instana/instana-agent/Chart.yaml
+++ b/charts/instana/instana-agent/Chart.yaml
@@ -9,7 +9,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: instana-agent
apiVersion: v2
-appVersion: 1.239.0
+appVersion: 1.241.0
description: Instana Agent for Kubernetes
home: https://www.instana.com/
icon: https://agents.instana.io/helm/stan-logo-2020.png
@@ -23,4 +23,4 @@ maintainers:
name: instana-agent
sources:
- https://github.com/instana/instana-agent-docker
-version: 1.2.50
+version: 1.2.52
diff --git a/charts/instana/instana-agent/README.md b/charts/instana/instana-agent/README.md
index 726beb35f..e0fb5aa96 100644
--- a/charts/instana/instana-agent/README.md
+++ b/charts/instana/instana-agent/README.md
@@ -45,7 +45,7 @@ As described by the [Install Using the Helm Chart](https://www.instana.com/docs/
* `agent.endpointPort`
* `agent.key`
-_Note:_ You can find the options mentioned in the [configuration section below](#configuration)
+_Note:_ You can find the options mentioned in the [configuration section below](#Configuration-Reference)
If your agents report into a self-managed Instana unit (also known as "on-prem"), you will also need to configure a "download key", which allows the agent to fetch its components from the Instana repository.
The download key is set via the following value:
@@ -77,7 +77,7 @@ The following table lists the configurable parameters of the Instana chart and t
| Parameter | Description | Default |
|-----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
-| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent) for more details |
+| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#Agent-Configuration) for more details |
| `agent.configuration.autoMountConfigEntries` | (Experimental, needs Helm 3.1+) Automatically look up the entries of the default `instana-agent` ConfigMap, and mount as agent configuration files in the `instana-agent` container under the `/opt/instana/agent/etc/instana` directory all ConfigMap entries with keys that match the `configuration-*.yaml` scheme. | `false` |
| `agent.configuration.hotreloadEnabled` | Enables hot-reload of a configuration.yaml upon changes in the `instana-agent` ConfigMap without requiring a restart of a pod | `false` |
| `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` |
@@ -121,25 +121,26 @@ The following table lists the configurable parameters of the Instana chart and t
| `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` |
| `leaderElector.image.digest` | The image digest to pull; if specified, it causes `leaderElector.image.tag` to be ignored | `nil` |
| `leaderElector.image.tag` | The image tag to pull; this property is ignored if `leaderElector.image.digest` is specified | `latest` |
-| `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment (tech preview) | `false` |
-| `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` |
-| `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` |
-| `k8s_sensor.image.tag` | The image tag to pull; this property is ignored if `k8s_sensor.image.digest` is specified | `latest` |
-| `k8s_sensor.deployment.pod.limits.cpu` | CPU request for the `k8sensor` pods (tech preview) | `4` |
-| `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` |
-| `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` |
-| `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` |
+| `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment (tech preview) | `false` |
+| `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` |
+| `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` |
+| `k8s_sensor.image.tag` | The image tag to pull; this property is ignored if `k8s_sensor.image.digest` is specified | `latest` |
+| `k8s_sensor.deployment.pod.limits.cpu` | CPU request for the `k8sensor` pods (tech preview) | `4` |
+| `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` |
+| `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` |
+| `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` |
| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. |
| `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` |
| `rbac.create` | Whether RBAC resources should be created | `true` |
| `openshift` | Whether to install the Helm chart as needed in OpenShift; this setting implies `rbac.create=true` | `false` |
-| `opentelemetry.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
-| `prometheus.remoteWrite.enabled` | Whether to configure the agent to accept metrics over its implementation of the `remote_write` Prometheus endpoint. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
-| `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `false` |
+| `opentelemetry.grpc.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications via gRPC. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
+| `opentelemetry.http.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications via HTTP. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
+| `prometheus.remoteWrite.enabled` | Whether to configure the agent to accept metrics over its implementation of the `remote_write` Prometheus endpoint. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` |
+| `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `false` |
| `serviceAccount.create` | Whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` |
-| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installing-the-chart) for details |
-| `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details |
+| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#Installation) for details |
+| `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details |
### Agent Modes
@@ -156,7 +157,7 @@ Besides the settings listed above, there are many more settings that can be appl
An overview of the settings that can be applied is provided in the [Agent Configuration File](https://www.instana.com/docs/setup_and_manage/host_agent/configuration#agent-configuration-file) documentation.
To configure the agent, you can either:
-* edit the [config map](templates/configmap.yaml), or
+* edit the [config map](templates/agent-configmap.yaml), or
* provide the configuration via the `agent.configuration_yaml` parameter in [values.yaml](values.yaml)
This configuration will be used for all Instana Agents on all nodes. Visit the [agent configuration documentation](https://docs.instana.io/setup_and_manage/host_agent/#agent-configuration-file) for more details on configuration options.
diff --git a/charts/instana/instana-agent/templates/_helpers.tpl b/charts/instana/instana-agent/templates/_helpers.tpl
index e555eaf67..0df653d03 100644
--- a/charts/instana/instana-agent/templates/_helpers.tpl
+++ b/charts/instana/instana-agent/templates/_helpers.tpl
@@ -329,3 +329,11 @@ failureThreshold: 3
value: {{ $value | quote }}
{{- end }}
{{- end -}}
+
+{{/*NOTE: These are nested templates not functions, if I format this to make it readable then it won't work the way */}}
+{{/*we need it to since all of the newlines and spaces will be included into the output. Helm is */}}
+{{/*not fundamentally designed to do what we are doing here.*/}}
+
+{{- define "instana-agent.opentelemetry.grpc.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "grpc" }}{{ if hasKey .Values.opentelemetry.grpc "enabled" }}{{ .Values.opentelemetry.grpc.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ if hasKey .Values.opentelemetry "enabled" }}{{ .Values.opentelemetry.enabled }}{{ else }}{{ false }}{{ end }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}}
+
+{{- define "instana-agent.opentelemetry.http.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "http" }}{{ if hasKey .Values.opentelemetry.http "enabled" }}{{ .Values.opentelemetry.http.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ false }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}}
diff --git a/charts/instana/instana-agent/templates/agent-configmap.yaml b/charts/instana/instana-agent/templates/agent-configmap.yaml
index 9a7479083..e6b396855 100644
--- a/charts/instana/instana-agent/templates/agent-configmap.yaml
+++ b/charts/instana/instana-agent/templates/agent-configmap.yaml
@@ -16,11 +16,10 @@ data:
{{ .Values.agent.configuration_yaml | nindent 4 }}
{{- end }}
- {{- if .Values.opentelemetry.enabled }}
+ {{ if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }}
configuration-opentelemetry.yaml: |
- com.instana.plugin.opentelemetry:
- enabled: true
- {{- end }}
+ com.instana.plugin.opentelemetry: {{ toYaml .Values.opentelemetry | nindent 6 }}
+ {{ end }}
{{- if .Values.prometheus.remoteWrite.enabled }}
configuration-prometheus-remote-write.yaml: |
diff --git a/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml b/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml
index ccd433836..2253cdb18 100644
--- a/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml
+++ b/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml
@@ -129,7 +129,7 @@ spec:
subPath: configuration-disable-kubernetes-sensor.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml
{{- end }}
- {{- if $.Values.opentelemetry.enabled }}
+ {{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }}
- name: configuration
subPath: configuration-opentelemetry.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml
diff --git a/charts/instana/instana-agent/templates/agent-daemonset.yaml b/charts/instana/instana-agent/templates/agent-daemonset.yaml
index c24254db8..c056c8a99 100644
--- a/charts/instana/instana-agent/templates/agent-daemonset.yaml
+++ b/charts/instana/instana-agent/templates/agent-daemonset.yaml
@@ -123,7 +123,7 @@ spec:
subPath: configuration-disable-kubernetes-sensor.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml
{{- end }}
- {{- if .Values.opentelemetry.enabled }}
+ {{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }}
- name: configuration
subPath: configuration-opentelemetry.yaml
mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml
diff --git a/charts/instana/instana-agent/templates/service.yaml b/charts/instana/instana-agent/templates/service.yaml
index b507c8c89..f4957a46f 100644
--- a/charts/instana/instana-agent/templates/service.yaml
+++ b/charts/instana/instana-agent/templates/service.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.service.create (or .Values.opentelemetry.enabled .Values.prometheus.remoteWrite.enabled ) -}}
+{{- if or .Values.service.create (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) .Values.prometheus.remoteWrite.enabled -}}
---
apiVersion: v1
kind: Service
@@ -16,7 +16,7 @@ spec:
protocol: TCP
port: 42699
targetPort: 42699
- {{- if .Values.opentelemetry.enabled }}
+ {{ if eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .) }}
# OpenTelemetry original default port
- name: opentelemetry
protocol: TCP
@@ -28,6 +28,13 @@ spec:
port: 4317
targetPort: 4317
{{- end -}}
+ {{ if eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .) }}
+ # OpenTelemetry HTTP port
+ - name: opentelemetry-http
+ protocol: TCP
+ port: 4318
+ targetPort: 4318
+ {{- end -}}
{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
{{- if (regexMatch "\\d+\\.\\d+\\.\\d+-(?:eks|gke).+" $kubeVersion) -}}
diff --git a/charts/instana/instana-agent/values.yaml b/charts/instana/instana-agent/values.yaml
index d017c6028..f30bc3e93 100644
--- a/charts/instana/instana-agent/values.yaml
+++ b/charts/instana/instana-agent/values.yaml
@@ -198,8 +198,12 @@ service:
# Note: Requires Kubernetes 1.17+, as it uses topologyKeys
create: false
-opentelemetry:
- enabled: false # If true, it will also apply `service.create=true`
+#opentelemetry:
+# enabled: false # legacy setting, will only enable grpc, defaults to false
+# grpc:
+# enabled: false # takes precedence over legacy settings above, defaults to true if "grpc:" is present
+# http:
+# enabled: false # allows to enable http endpoints, defaults to true if "http:" is present
prometheus:
remoteWrite:
@@ -251,6 +255,7 @@ k8s_sensor:
memory: 1536Mi
# k8s_sensor.deployment.pod.limits.cpu sets the CPU units allocation limits for the agent pods.
cpu: 500m
+
kubernetes:
# Configures use of a Deployment for the Kubernetes sensor rather than as a potential member of the DaemonSet. Is only accepted if k8s_sensor.deployment.enabled=false
deployment:
diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md
index 5c33c3061..4750ee067 100644
--- a/charts/jfrog/artifactory-ha/CHANGELOG.md
+++ b/charts/jfrog/artifactory-ha/CHANGELOG.md
@@ -1,11 +1,15 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
-## [107.49.5] - Dec 16, 2022
+## [107.49.6] - Jan 20, 2023
* Updated postgresql tag version to `13.9.0-debian-11-r11`
+* Fixed make lint issue on artifactory-ha chart [GH-1714](https://github.com/jfrog/charts/issues/1714)
+* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049`
+* Fixed an issue for capabilities check of ingress
+* Updated jfrogUrl text path in migrate.sh file
+* Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723)
-## [107.49.0] - Dec 14, 2022
-* Updated initContainerImage and logger image to `ubi8/ubi-micro:8.7.1`
+## [107.49.0] - Jan 16, 2023
* Changed logic in wait-for-primary container to use /dev/tcp instead of curl
* Added support for setting `seLinuxOptions` in `securityContext` [GH-1700](https://github.com/jfrog/charts/pull/1700)
* Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686)
diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml
index 44af8054a..6f33c054b 100644
--- a/charts/jfrog/artifactory-ha/Chart.yaml
+++ b/charts/jfrog/artifactory-ha/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
-appVersion: 7.49.5
+appVersion: 7.49.6
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.49.5
+version: 107.49.6
diff --git a/charts/jfrog/artifactory-ha/files/migrate.sh b/charts/jfrog/artifactory-ha/files/migrate.sh
index 8997fd5d5..c07985b26 100644
--- a/charts/jfrog/artifactory-ha/files/migrate.sh
+++ b/charts/jfrog/artifactory-ha/files/migrate.sh
@@ -186,7 +186,7 @@ PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip"
KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP"
MESSAGE_JFROGURL(){
- echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)"
+ echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Administration > User Management > Settings > Connection details)"
}
PROMPT_JFROGURL="JFrog URL"
KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL"
diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml
new file mode 100644
index 000000000..2c1eeac1a
--- /dev/null
+++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml
@@ -0,0 +1,51 @@
+{{- if gt (.Values.artifactory.node.replicaCount | int) 0 -}}
+# Internal service for Artifactory primary node only!
+# Used by member nodes to check readiness of primary node before starting up
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "artifactory-ha.primary.name" . }}
+ labels:
+ app: {{ template "artifactory-ha.name" . }}
+ chart: {{ template "artifactory-ha.chart" . }}
+ component: {{ .Values.artifactory.name }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ {{- with .Values.artifactory.primary.labels }}
+{{ toYaml . | indent 4 }}
+ {{- end }}
+spec:
+ # Statically setting service type to ClusterIP since this is an internal only service
+ type: ClusterIP
+ {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
+ clusterIP: {{ .Values.artifactory.service.clusterIP }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.artifactory.externalPort }}
+ targetPort: {{ .Values.artifactory.internalPort }}
+ protocol: TCP
+ name: http-router
+ - port: {{ .Values.artifactory.externalArtifactoryPort }}
+ targetPort: {{ .Values.artifactory.internalArtifactoryPort }}
+ protocol: TCP
+ name: http-artifactory
+ {{- if .Values.artifactory.ssh.enabled }}
+ - port: {{ .Values.artifactory.ssh.externalPort }}
+ targetPort: {{ .Values.artifactory.ssh.internalPort }}
+ protocol: TCP
+ name: tcp-ssh
+ {{- end }}
+ {{- with .Values.artifactory.primary.javaOpts.jmx }}
+ {{- if .enabled }}
+ - port: {{ .port }}
+ targetPort: {{ .port }}
+ protocol: TCP
+ name: tcp-jmx
+ {{- end }}
+ {{- end }}
+ selector:
+ role: {{ template "artifactory-ha.primary.name" . }}
+ app: {{ template "artifactory-ha.name" . }}
+ component: "{{ .Values.artifactory.name }}"
+ release: {{ .Release.Name }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml
index 4caa82a71..5e294a8f3 100644
--- a/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml
+++ b/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml
@@ -60,55 +60,3 @@ spec:
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
----
-{{- if gt (.Values.artifactory.node.replicaCount | int) 0 -}}
-# Internal service for Artifactory primary node only!
-# Used by member nodes to check readiness of primary node before starting up
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ template "artifactory-ha.primary.name" . }}
- labels:
- app: {{ template "artifactory-ha.name" . }}
- chart: {{ template "artifactory-ha.chart" . }}
- component: {{ .Values.artifactory.name }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
- {{- with .Values.artifactory.primary.labels }}
-{{ toYaml . | indent 4 }}
- {{- end }}
-spec:
- # Statically setting service type to ClusterIP since this is an internal only service
- type: ClusterIP
- {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
- clusterIP: {{ .Values.artifactory.service.clusterIP }}
- {{- end }}
- ports:
- - port: {{ .Values.artifactory.externalPort }}
- targetPort: {{ .Values.artifactory.internalPort }}
- protocol: TCP
- name: http-router
- - port: {{ .Values.artifactory.externalArtifactoryPort }}
- targetPort: {{ .Values.artifactory.internalArtifactoryPort }}
- protocol: TCP
- name: http-artifactory
- {{- if .Values.artifactory.ssh.enabled }}
- - port: {{ .Values.artifactory.ssh.externalPort }}
- targetPort: {{ .Values.artifactory.ssh.internalPort }}
- protocol: TCP
- name: tcp-ssh
- {{- end }}
- {{- with .Values.artifactory.primary.javaOpts.jmx }}
- {{- if .enabled }}
- - port: {{ .port }}
- targetPort: {{ .port }}
- protocol: TCP
- name: tcp-jmx
- {{- end }}
- {{- end }}
- selector:
- role: {{ template "artifactory-ha.primary.name" . }}
- app: {{ template "artifactory-ha.name" . }}
- component: "{{ .Values.artifactory.name }}"
- release: {{ .Release.Name }}
-{{- end -}}
\ No newline at end of file
diff --git a/charts/jfrog/artifactory-ha/templates/ingress.yaml b/charts/jfrog/artifactory-ha/templates/ingress.yaml
index 26a8459cd..cc98dac1a 100644
--- a/charts/jfrog/artifactory-ha/templates/ingress.yaml
+++ b/charts/jfrog/artifactory-ha/templates/ingress.yaml
@@ -3,7 +3,7 @@
{{- $servicePort := .Values.artifactory.externalPort -}}
{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}}
{{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}}
-{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
@@ -30,7 +30,7 @@ spec:
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
@@ -44,7 +44,7 @@ spec:
{{- end }}
rules:
{{- if .Values.ingress.hosts }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host | quote }}
http:
@@ -90,7 +90,7 @@ spec:
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }}
---
{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
@@ -114,7 +114,7 @@ spec:
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
@@ -128,7 +128,7 @@ spec:
{{- end }}
rules:
{{- if .Values.artifactory.replicator.ingress.hosts }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
@@ -172,7 +172,7 @@ spec:
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }}
---
{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
@@ -196,7 +196,7 @@ spec:
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
@@ -210,7 +210,7 @@ spec:
{{- end }}
rules:
{{- if .Values.artifactory.replicator.trackerIngress.hosts }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml
index 829e4eacd..ac00deb91 100644
--- a/charts/jfrog/artifactory-ha/values.yaml
+++ b/charts/jfrog/artifactory-ha/values.yaml
@@ -41,7 +41,7 @@ global:
## String to fully override artifactory-ha.fullname template
##
# fullnameOverride:
-initContainerImage: releases-docker.jfrog.io/ubi8/ubi-micro:8.7.1
+initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049
installer:
type:
platform:
@@ -201,8 +201,8 @@ database:
logger:
image:
registry: releases-docker.jfrog.io
- repository: ubi8/ubi-micro
- tag: 8.7.1
+ repository: ubi8/ubi-minimal
+ tag: 8.7.1049
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws:
@@ -359,12 +359,9 @@ artifactory:
enabled: false
path:
# Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup
+ # Note : From 107.46.x chart versions, copyOnEveryStartup is not needed for binarystore.xml, it is always copied via initContainers
copyOnEveryStartup:
# # Absolute path
- # - source: /artifactory_bootstrap/binarystore.xml
- # # Relative to ARTIFACTORY_HOME/
- # target: etc/artifactory/
- # # Absolute path
# - source: /artifactory_bootstrap/artifactory.cluster.license
# # Relative to ARTIFACTORY_HOME/
# target: etc/artifactory/
diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md
index e3d5044ba..8f2e9f1d5 100644
--- a/charts/jfrog/artifactory-jcr/CHANGELOG.md
+++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md
@@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
-## [107.49.5] - Aug 25, 2022
+## [107.49.6] - Aug 25, 2022
* Included event service as mandatory and remove the flag from values.yaml
## [107.41.0] - Jul 22, 2022
diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml
index 83dec913c..388bee279 100644
--- a/charts/jfrog/artifactory-jcr/Chart.yaml
+++ b/charts/jfrog/artifactory-jcr/Chart.yaml
@@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
-appVersion: 7.49.5
+appVersion: 7.49.6
dependencies:
- name: artifactory
repository: file://./charts/artifactory
- version: 107.49.5
+ version: 107.49.6
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.49.5
+version: 107.49.6
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
index 7ee48c6ab..d997b27f3 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
@@ -1,11 +1,14 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
-## [107.49.5] - Dec 16, 2022
+## [107.49.6] - Jan 20, 2023
* Updated postgresql tag version to `13.9.0-debian-11-11`
+* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049`
+* Fixed an issue for capabilities check of ingress
+* Updated jfrogUrl text path in migrate.sh file
+* Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723)
-## [107.49.0] - Dec 14, 2022
-* Updated initContainerImage and logger image to `ubi8/ubi-micro:8.7.1`
+## [107.49.0] - Jan 16, 2023
* Added support for setting `seLinuxOptions` in `securityContext` [GH-1699](https://github.com/jfrog/charts/pull/1699)
* Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686)
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
index b38e34163..50b52ad1a 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 7.49.5
+appVersion: 7.49.6
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.49.5
+version: 107.49.6
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh b/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh
index 8997fd5d5..c07985b26 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh
@@ -186,7 +186,7 @@ PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip"
KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP"
MESSAGE_JFROGURL(){
- echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)"
+ echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Administration > User Management > Settings > Connection details)"
}
PROMPT_JFROGURL="JFrog URL"
KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL"
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml
index 8af7a9f9c..a19c05047 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml
@@ -3,7 +3,7 @@
{{- $servicePort := .Values.artifactory.externalPort -}}
{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}}
{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}}
-{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
@@ -30,7 +30,7 @@ spec:
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
@@ -44,7 +44,7 @@ spec:
{{- end }}
rules:
{{- if .Values.ingress.hosts }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host | quote }}
http:
@@ -91,7 +91,7 @@ spec:
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }}
---
{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
@@ -115,7 +115,7 @@ spec:
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
@@ -129,7 +129,7 @@ spec:
{{- end }}
rules:
{{- if .Values.artifactory.replicator.ingress.hosts }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
@@ -173,7 +173,7 @@ spec:
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }}
---
{{- $replicatorTrackerIngressName := default ( include "artifactory.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
@@ -197,7 +197,7 @@ spec:
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
@@ -211,7 +211,7 @@ spec:
{{- end }}
rules:
{{- if .Values.artifactory.replicator.trackerIngress.hosts }}
- {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
index 97461688f..de51ecd35 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
@@ -42,7 +42,7 @@ global:
## String to fully override artifactory.fullname template
##
# fullnameOverride:
-initContainerImage: releases-docker.jfrog.io/ubi8/ubi-micro:8.7.1
+initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049
# Init containers
initContainers:
resources:
@@ -160,8 +160,8 @@ autoscaling:
logger:
image:
registry: releases-docker.jfrog.io
- repository: ubi8/ubi-micro
- tag: 8.7.1
+ repository: ubi8/ubi-minimal
+ tag: 8.7.1049
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws:
@@ -335,12 +335,9 @@ artifactory:
enabled: false
path:
# Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup
+ # Note : From 107.46.x chart versions, copyOnEveryStartup is not needed for binarystore.xml, it is always copied via initContainers
copyOnEveryStartup:
# # Absolute path
- # - source: /artifactory_bootstrap/binarystore.xml
- # # Relative to ARTIFACTORY_HOME/
- # target: etc/artifactory/
- # # Absolute path
# - source: /artifactory_bootstrap/artifactory.lic
# # Relative to ARTIFACTORY_HOME/
# target: etc/artifactory/
diff --git a/charts/jfrog/artifactory-jcr/values.yaml b/charts/jfrog/artifactory-jcr/values.yaml
index 17d2b8d9d..b26042c5f 100644
--- a/charts/jfrog/artifactory-jcr/values.yaml
+++ b/charts/jfrog/artifactory-jcr/values.yaml
@@ -70,5 +70,5 @@ router:
tag: 7.56.0
logger:
image:
- tag: 8.7.1
-initContainerImage: releases-docker.jfrog.io/ubi8/ubi-micro:8.7.1
+ tag: 8.7.1049
+initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049
diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml
index be9e98b4b..a747a9c39 100644
--- a/charts/kuma/kuma/Chart.yaml
+++ b/charts/kuma/kuma/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/namespace: kuma-system
catalog.cattle.io/release-name: kuma
apiVersion: v2
-appVersion: 2.0.2
+appVersion: 2.1.0
description: A Helm chart for the Kuma Control Plane
home: https://github.com/kumahq/kuma
icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
@@ -20,4 +20,4 @@ maintainers:
name: nickolaev
name: kuma
type: application
-version: 2.0.2
+version: 2.1.0
diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md
index 6f93c6811..9626f7308 100644
--- a/charts/kuma/kuma/README.md
+++ b/charts/kuma/kuma/README.md
@@ -2,7 +2,7 @@
A Helm chart for the Kuma Control Plane
-  
+  
**Homepage:**
@@ -29,6 +29,7 @@ A Helm chart for the Kuma Control Plane
| controlPlane.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used |
| controlPlane.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2beta, use metrics |
| controlPlane.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for the Kuma Control Plane pods |
+| controlPlane.tolerations | list | `[]` | Tolerations for the Kuma Control Plane pods |
| controlPlane.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget |
| controlPlane.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget |
| controlPlane.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["{{ include \"kuma.name\" . }}-control-plane"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Control Plane pods. This is rendered as a template, so you can reference other helm variables or includes. |
@@ -85,6 +86,7 @@ A Helm chart for the Kuma Control Plane
| cni.confName | string | `"kuma-cni.conf"` | Set the CNI configuration name |
| cni.logLevel | string | `"info"` | CNI log level: one of off,info,debug |
| cni.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the CNI pods |
+| cni.tolerations | list | `[]` | Tolerations for the CNI pods |
| cni.podAnnotations | object | `{}` | Additional pod annotations |
| cni.image.registry | string | `"docker.io/kumahq"` | CNI image registry |
| cni.image.repository | string | `"install-cni"` | CNI image repository |
@@ -125,6 +127,7 @@ A Helm chart for the Kuma Control Plane
| ingress.annotations | object | `{}` | Additional pod annotations (deprecated favor `podAnnotations`) |
| ingress.podAnnotations | object | `{}` | Additional pod annotations |
| ingress.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the Ingress pods |
+| ingress.tolerations | list | `[]` | Tolerations for the Ingress pods |
| ingress.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget |
| ingress.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget |
| ingress.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["kuma-ingress"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Ingress pods This is rendered as a template, so you can reference other helm variables or includes. |
@@ -149,6 +152,7 @@ A Helm chart for the Kuma Control Plane
| egress.annotations | object | `{}` | Additional pod annotations (deprecated favor `podAnnotations`) |
| egress.podAnnotations | object | `{}` | Additional pod annotations |
| egress.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the Egress pods |
+| egress.tolerations | list | `[]` | Tolerations for the Egress pods |
| egress.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget |
| egress.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget |
| egress.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["kuma-egress"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Egress pods. This is rendered as a template, so you can reference other helm variables or includes. |
@@ -161,6 +165,7 @@ A Helm chart for the Kuma Control Plane
| kubectl.image.repository | string | `"kubectl"` | The kubectl image repository |
| kubectl.image.tag | string | `"v1.20.15"` | The kubectl image tag |
| hooks.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for the HELM hooks |
+| hooks.tolerations | list | `[]` | Tolerations for the HELM hooks |
| hooks.podSecurityContext | object | `{}` | Security context at the pod level for crd/webhook/ns |
| hooks.containerSecurityContext | object | `{}` | Security context at the container level for crd/webhook/ns |
| experimental.gatewayAPI | bool | `false` | If true, it installs experimental Gateway API support |
diff --git a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml
index 74ba6fe10..e9d7d0dc7 100644
--- a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: circuitbreakers.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml
index b6e4dc285..02a01ba9e 100644
--- a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: containerpatches.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml
index 74e31e4d0..8d8c47115 100644
--- a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: dataplaneinsights.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml
index cfae5488e..a375c527d 100644
--- a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: dataplanes.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml
index 6ec680c84..5c3b082ee 100644
--- a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: externalservices.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml
index d7219a344..d8a927d79 100644
--- a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: faultinjections.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml
index 19eb98a47..dae84517e 100644
--- a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: healthchecks.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml
index b2e76b0dd..d7b1d8519 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshaccesslogs.kuma.io
spec:
@@ -65,6 +65,8 @@ spec:
type: string
type: object
type: array
+ omitEmptyValues:
+ type: boolean
plain:
type: string
type: object
@@ -72,6 +74,8 @@ spec:
description: Path to a file that logs will be
written to
type: string
+ required:
+ - path
type: object
tcp:
description: TCPBackend defines a TCP logging backend.
@@ -92,12 +96,15 @@ spec:
type: string
type: object
type: array
+ omitEmptyValues:
+ type: boolean
plain:
type: string
type: object
+ required:
+ - address
type: object
type: object
- nullable: true
type: array
type: object
targetRef:
@@ -129,6 +136,8 @@ spec:
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
+ required:
+ - targetRef
type: object
type: array
targetRef:
@@ -189,6 +198,8 @@ spec:
type: string
type: object
type: array
+ omitEmptyValues:
+ type: boolean
plain:
type: string
type: object
@@ -196,6 +207,8 @@ spec:
description: Path to a file that logs will be
written to
type: string
+ required:
+ - path
type: object
tcp:
description: TCPBackend defines a TCP logging backend.
@@ -216,12 +229,15 @@ spec:
type: string
type: object
type: array
+ omitEmptyValues:
+ type: boolean
plain:
type: string
type: object
+ required:
+ - address
type: object
type: object
- nullable: true
type: array
type: object
targetRef:
@@ -253,8 +269,12 @@ spec:
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
+ required:
+ - targetRef
type: object
type: array
+ required:
+ - targetRef
type: object
type: object
served: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml
new file mode 100644
index 000000000..bdb9f29d6
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml
@@ -0,0 +1,652 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshcircuitbreakers.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshCircuitBreaker
+ listKind: MeshCircuitBreakerList
+ plural: meshcircuitbreakers
+ singular: meshcircuitbreaker
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshCircuitBreaker
+ resource.
+ properties:
+ from:
+ description: From list makes a match between clients and corresponding
+ configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of destinations referenced in 'targetRef'
+ properties:
+ connectionLimits:
+ description: ConnectionLimits contains configuration of
+ each circuit breaking limit, which when exceeded makes
+ the circuit breaker to become open (no traffic is allowed
+ like no current is allowed in the circuits when physical
+ circuit breaker ir open)
+ properties:
+ maxConnectionPools:
+ description: The maximum number of connection pools
+ per cluster that are concurrently supported at once.
+ Set this for clusters which create a large number
+ of connection pools.
+ format: int32
+ type: integer
+ maxConnections:
+ description: The maximum number of connections allowed
+ to be made to the upstream cluster.
+ format: int32
+ type: integer
+ maxPendingRequests:
+ description: The maximum number of pending requests
+ that are allowed to the upstream cluster. This limit
+ is applied as a connection limit for non-HTTP traffic.
+ format: int32
+ type: integer
+ maxRequests:
+ description: The maximum number of parallel requests
+ that are allowed to be made to the upstream cluster.
+ This limit does not apply to non-HTTP traffic.
+ format: int32
+ type: integer
+ maxRetries:
+ description: The maximum number of parallel retries
+ that will be allowed to the upstream cluster.
+ format: int32
+ type: integer
+ type: object
+ outlierDetection:
+ description: OutlierDetection contains the configuration
+ of the process of dynamically determining whether some
+ number of hosts in an upstream cluster are performing
+ unlike the others and removing them from the healthy load
+ balancing set. Performance might be along different axes
+ such as consecutive failures, temporal success rate, temporal
+ latency, etc. Outlier detection is a form of passive health
+ checking.
+ properties:
+ baseEjectionTime:
+ description: The base time that a host is ejected for.
+ The real time is equal to the base time multiplied
+ by the number of times the host has been ejected.
+ type: string
+ detectors:
+ description: Contains configuration for supported outlier
+ detectors
+ properties:
+ failurePercentage:
+ description: Failure Percentage based outlier detection
+ functions similarly to success rate detection,
+ in that it relies on success rate data from each
+ host in a cluster. However, rather than compare
+ those values to the mean success rate of the cluster
+ as a whole, they are compared to a flat user-configured
+ threshold. This threshold is configured via the
+ outlierDetection.failurePercentageThreshold field.
+ The other configuration fields for failure percentage
+ based detection are similar to the fields for
+ success rate detection. As with success rate detection,
+ detection will not be performed for a host if
+ its request volume over the aggregation interval
+ is less than the outlierDetection.detectors.failurePercentage.requestVolume
+ value. Detection also will not be performed for
+ a cluster if the number of hosts with the minimum
+ required request volume in an interval is less
+ than the outlierDetection.detectors.failurePercentage.minimumHosts
+ value.
+ properties:
+ minimumHosts:
+ description: The minimum number of hosts in
+ a cluster in order to perform failure percentage-based
+ ejection. If the total number of hosts in
+ the cluster is less than this value, failure
+ percentage-based ejection will not be performed.
+ format: int32
+ type: integer
+ requestVolume:
+ description: The minimum number of total requests
+ that must be collected in one interval (as
+ defined by the interval duration above) to
+ perform failure percentage-based ejection
+ for this host. If the volume is lower than
+ this setting, failure percentage-based ejection
+ will not be performed for this host.
+ format: int32
+ type: integer
+ threshold:
+ description: The failure percentage to use when
+ determining failure percentage-based outlier
+ detection. If the failure percentage of a
+ given host is greater than or equal to this
+ value, it will be ejected.
+ format: int32
+ type: integer
+ type: object
+ gatewayFailures:
+ description: In the default mode (outlierDetection.splitExternalLocalOriginErrors
+ is false) this detection type takes into account
+ a subset of 5xx errors, called "gateway errors"
+ (502, 503 or 504 status code) and local origin
+ failures, such as timeout, TCP reset etc. In split
+ mode (outlierDetection.splitExternalLocalOriginErrors
+ is true) this detection type takes into account
+ a subset of 5xx errors, called "gateway errors"
+ (502, 503 or 504 status code) and is supported
+ only by the http router.
+ properties:
+ consecutive:
+ description: The number of consecutive gateway
+ failures (502, 503, 504 status codes) before
+ a consecutive gateway failure ejection occurs.
+ format: int32
+ type: integer
+ type: object
+ localOriginFailures:
+ description: 'This detection type is enabled only
+ when outlierDetection.splitExternalLocalOriginErrors
+ is true and takes into account only locally originated
+ errors (timeout, reset, etc). If Envoy repeatedly
+ cannot connect to an upstream host or communication
+ with the upstream host is repeatedly interrupted,
+ it will be ejected. Various locally originated
+ problems are detected: timeout, TCP reset, ICMP
+ errors, etc. This detection type is supported
+ by http router and tcp proxy.'
+ properties:
+ consecutive:
+ description: The number of consecutive locally
+ originated failures before ejection occurs.
+ Parameter takes effect only when splitExternalAndLocalErrors
+ is set to true.
+ format: int32
+ type: integer
+ type: object
+ successRate:
+ description: 'Success Rate based outlier detection
+ aggregates success rate data from every host in
+ a cluster. Then at given intervals ejects hosts
+ based on statistical outlier detection. Success
+ Rate outlier detection will not be calculated
+ for a host if its request volume over the aggregation
+ interval is less than the outlierDetection.detectors.successRate.requestVolume
+ value. Moreover, detection will not be performed
+ for a cluster if the number of hosts with the
+ minimum required request volume in an interval
+ is less than the outlierDetection.detectors.successRate.minimumHosts
+ value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors
+ is false) this detection type takes into account
+ all types of errors: locally and externally originated.
+ In split mode (outlierDetection.splitExternalLocalOriginErrors
+ is true), locally originated errors and externally
+ originated (transaction) errors are counted and
+ treated separately.'
+ properties:
+ minimumHosts:
+ description: The number of hosts in a cluster
+ that must have enough request volume to detect
+ success rate outliers. If the number of hosts
+ is less than this setting, outlier detection
+ via success rate statistics is not performed
+ for any host in the cluster.
+ format: int32
+ type: integer
+ requestVolume:
+ description: The minimum number of total requests
+ that must be collected in one interval (as
+ defined by the interval duration configured
+ in outlierDetection section) to include this
+ host in success rate based outlier detection.
+ If the volume is lower than this setting,
+ outlier detection via success rate statistics
+ is not performed for that host.
+ format: int32
+ type: integer
+ standardDeviationFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'This factor is used to determine
+ the ejection threshold for success rate outlier
+ ejection. The ejection threshold is the difference
+ between the mean success rate, and the product
+ of this factor and the standard deviation
+ of the mean success rate: mean - (standard_deviation
+ * success_rate_standard_deviation_factor).
+ Either int or decimal represented as string.'
+ x-kubernetes-int-or-string: true
+ type: object
+ totalFailures:
+ description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors
+ is false) this detection type takes into account
+ all generated errors: locally originated and externally
+ originated (transaction) errors. In split mode
+ (outlierDetection.splitExternalLocalOriginErrors
+ is true) this detection type takes into account
+ only externally originated (transaction) errors,
+ ignoring locally originated errors. If an upstream
+ host is an HTTP-server, only 5xx types of error
+ are taken into account (see Consecutive Gateway
+ Failure for exceptions). Properly formatted responses,
+ even when they carry an operational error (like
+ index not found, access denied) are not taken
+ into account.'
+ properties:
+ consecutive:
+ description: The number of consecutive server-side
+ error responses (for HTTP traffic, 5xx responses;
+ for TCP traffic, connection failures; for
+ Redis, failure to respond PONG; etc.) before
+ a consecutive total failure ejection occurs.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ disabled:
+ description: When set to true, outlierDetection configuration
+ won't take any effect
+ type: boolean
+ interval:
+ description: The time interval between ejection analysis
+ sweeps. This can result in both new ejections and
+ hosts being returned to service.
+ type: string
+ maxEjectionPercent:
+ description: The maximum % of an upstream cluster that
+ can be ejected due to outlier detection. Defaults
+ to 10% but will eject at least one host regardless
+ of the value.
+ format: int32
+ type: integer
+ splitExternalAndLocalErrors:
+ description: 'Determines whether to distinguish local
+ origin failures from external errors. If set to true
+ the following configuration parameters are taken into
+ account: detectors.localOriginFailures.consecutive'
+ type: boolean
+ type: object
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined in place.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ to:
+ description: To list makes a match between the consumed services and
+ corresponding configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of destinations referenced in 'targetRef'
+ properties:
+ connectionLimits:
+ description: ConnectionLimits contains configuration of
+ each circuit breaking limit, which when exceeded makes
+ the circuit breaker to become open (no traffic is allowed
+ like no current is allowed in the circuits when physical
+ circuit breaker ir open)
+ properties:
+ maxConnectionPools:
+ description: The maximum number of connection pools
+ per cluster that are concurrently supported at once.
+ Set this for clusters which create a large number
+ of connection pools.
+ format: int32
+ type: integer
+ maxConnections:
+ description: The maximum number of connections allowed
+ to be made to the upstream cluster.
+ format: int32
+ type: integer
+ maxPendingRequests:
+ description: The maximum number of pending requests
+ that are allowed to the upstream cluster. This limit
+ is applied as a connection limit for non-HTTP traffic.
+ format: int32
+ type: integer
+ maxRequests:
+ description: The maximum number of parallel requests
+ that are allowed to be made to the upstream cluster.
+ This limit does not apply to non-HTTP traffic.
+ format: int32
+ type: integer
+ maxRetries:
+ description: The maximum number of parallel retries
+ that will be allowed to the upstream cluster.
+ format: int32
+ type: integer
+ type: object
+ outlierDetection:
+ description: OutlierDetection contains the configuration
+ of the process of dynamically determining whether some
+ number of hosts in an upstream cluster are performing
+ unlike the others and removing them from the healthy load
+ balancing set. Performance might be along different axes
+ such as consecutive failures, temporal success rate, temporal
+ latency, etc. Outlier detection is a form of passive health
+ checking.
+ properties:
+ baseEjectionTime:
+ description: The base time that a host is ejected for.
+ The real time is equal to the base time multiplied
+ by the number of times the host has been ejected.
+ type: string
+ detectors:
+ description: Contains configuration for supported outlier
+ detectors
+ properties:
+ failurePercentage:
+ description: Failure Percentage based outlier detection
+ functions similarly to success rate detection,
+ in that it relies on success rate data from each
+ host in a cluster. However, rather than compare
+ those values to the mean success rate of the cluster
+ as a whole, they are compared to a flat user-configured
+ threshold. This threshold is configured via the
+ outlierDetection.failurePercentageThreshold field.
+ The other configuration fields for failure percentage
+ based detection are similar to the fields for
+ success rate detection. As with success rate detection,
+ detection will not be performed for a host if
+ its request volume over the aggregation interval
+ is less than the outlierDetection.detectors.failurePercentage.requestVolume
+ value. Detection also will not be performed for
+ a cluster if the number of hosts with the minimum
+ required request volume in an interval is less
+ than the outlierDetection.detectors.failurePercentage.minimumHosts
+ value.
+ properties:
+ minimumHosts:
+ description: The minimum number of hosts in
+ a cluster in order to perform failure percentage-based
+ ejection. If the total number of hosts in
+ the cluster is less than this value, failure
+ percentage-based ejection will not be performed.
+ format: int32
+ type: integer
+ requestVolume:
+ description: The minimum number of total requests
+ that must be collected in one interval (as
+ defined by the interval duration above) to
+ perform failure percentage-based ejection
+ for this host. If the volume is lower than
+ this setting, failure percentage-based ejection
+ will not be performed for this host.
+ format: int32
+ type: integer
+ threshold:
+ description: The failure percentage to use when
+ determining failure percentage-based outlier
+ detection. If the failure percentage of a
+ given host is greater than or equal to this
+ value, it will be ejected.
+ format: int32
+ type: integer
+ type: object
+ gatewayFailures:
+ description: In the default mode (outlierDetection.splitExternalLocalOriginErrors
+ is false) this detection type takes into account
+ a subset of 5xx errors, called "gateway errors"
+ (502, 503 or 504 status code) and local origin
+ failures, such as timeout, TCP reset etc. In split
+ mode (outlierDetection.splitExternalLocalOriginErrors
+ is true) this detection type takes into account
+ a subset of 5xx errors, called "gateway errors"
+ (502, 503 or 504 status code) and is supported
+ only by the http router.
+ properties:
+ consecutive:
+ description: The number of consecutive gateway
+ failures (502, 503, 504 status codes) before
+ a consecutive gateway failure ejection occurs.
+ format: int32
+ type: integer
+ type: object
+ localOriginFailures:
+ description: 'This detection type is enabled only
+ when outlierDetection.splitExternalLocalOriginErrors
+ is true and takes into account only locally originated
+ errors (timeout, reset, etc). If Envoy repeatedly
+ cannot connect to an upstream host or communication
+ with the upstream host is repeatedly interrupted,
+ it will be ejected. Various locally originated
+ problems are detected: timeout, TCP reset, ICMP
+ errors, etc. This detection type is supported
+ by http router and tcp proxy.'
+ properties:
+ consecutive:
+ description: The number of consecutive locally
+ originated failures before ejection occurs.
+ Parameter takes effect only when splitExternalAndLocalErrors
+ is set to true.
+ format: int32
+ type: integer
+ type: object
+ successRate:
+ description: 'Success Rate based outlier detection
+ aggregates success rate data from every host in
+ a cluster. Then at given intervals ejects hosts
+ based on statistical outlier detection. Success
+ Rate outlier detection will not be calculated
+ for a host if its request volume over the aggregation
+ interval is less than the outlierDetection.detectors.successRate.requestVolume
+ value. Moreover, detection will not be performed
+ for a cluster if the number of hosts with the
+ minimum required request volume in an interval
+ is less than the outlierDetection.detectors.successRate.minimumHosts
+ value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors
+ is false) this detection type takes into account
+ all types of errors: locally and externally originated.
+ In split mode (outlierDetection.splitExternalLocalOriginErrors
+ is true), locally originated errors and externally
+ originated (transaction) errors are counted and
+ treated separately.'
+ properties:
+ minimumHosts:
+ description: The number of hosts in a cluster
+ that must have enough request volume to detect
+ success rate outliers. If the number of hosts
+ is less than this setting, outlier detection
+ via success rate statistics is not performed
+ for any host in the cluster.
+ format: int32
+ type: integer
+ requestVolume:
+ description: The minimum number of total requests
+ that must be collected in one interval (as
+ defined by the interval duration configured
+ in outlierDetection section) to include this
+ host in success rate based outlier detection.
+ If the volume is lower than this setting,
+ outlier detection via success rate statistics
+ is not performed for that host.
+ format: int32
+ type: integer
+ standardDeviationFactor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'This factor is used to determine
+ the ejection threshold for success rate outlier
+ ejection. The ejection threshold is the difference
+ between the mean success rate, and the product
+ of this factor and the standard deviation
+ of the mean success rate: mean - (standard_deviation
+ * success_rate_standard_deviation_factor).
+ Either int or decimal represented as string.'
+ x-kubernetes-int-or-string: true
+ type: object
+ totalFailures:
+ description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors
+ is false) this detection type takes into account
+ all generated errors: locally originated and externally
+ originated (transaction) errors. In split mode
+ (outlierDetection.splitExternalLocalOriginErrors
+ is true) this detection type takes into account
+ only externally originated (transaction) errors,
+ ignoring locally originated errors. If an upstream
+ host is an HTTP-server, only 5xx types of error
+ are taken into account (see Consecutive Gateway
+ Failure for exceptions). Properly formatted responses,
+ even when they carry an operational error (like
+ index not found, access denied) are not taken
+ into account.'
+ properties:
+ consecutive:
+ description: The number of consecutive server-side
+ error responses (for HTTP traffic, 5xx responses;
+ for TCP traffic, connection failures; for
+ Redis, failure to respond PONG; etc.) before
+ a consecutive total failure ejection occurs.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ disabled:
+ description: When set to true, outlierDetection configuration
+ won't take any effect
+ type: boolean
+ interval:
+ description: The time interval between ejection analysis
+ sweeps. This can result in both new ejections and
+ hosts being returned to service.
+ type: string
+ maxEjectionPercent:
+ description: The maximum % of an upstream cluster that
+ can be ejected due to outlier detection. Defaults
+ to 10% but will eject at least one host regardless
+ of the value.
+ format: int32
+ type: integer
+ splitExternalAndLocalErrors:
+ description: 'Determines whether to distinguish local
+ origin failures from external errors. If set to true
+ the following configuration parameters are taken into
+ account: detectors.localOriginFailures.consecutive'
+ type: boolean
+ type: object
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ required:
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshes.yaml b/charts/kuma/kuma/crds/kuma.io_meshes.yaml
index c047f726a..65cde9401 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshes.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshes.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml
new file mode 100644
index 000000000..403d8afa9
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml
@@ -0,0 +1,189 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshfaultinjections.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshFaultInjection
+ listKind: MeshFaultInjectionList
+ plural: meshfaultinjections
+ singular: meshfaultinjection
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshFaultInjection
+ resource.
+ properties:
+ from:
+ description: From list makes a match between clients and corresponding
+ configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of destinations referenced in 'targetRef'
+ properties:
+ http:
+ description: Http allows to define list of Http faults between
+ dataplanes.
+ items:
+ description: FaultInjection defines the configuration
+ of faults between dataplanes.
+ properties:
+ abort:
+ description: Abort defines a configuration of not
+ delivering requests to destination service and replacing
+ the responses from destination dataplane by predefined
+ status code
+ properties:
+ httpStatus:
+ description: HTTP status code which will be returned
+ to source side
+ format: int32
+ type: integer
+ percentage:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Percentage of requests on which abort
+ will be injected, has to be either int or decimal
+ represented as string.
+ x-kubernetes-int-or-string: true
+ required:
+ - httpStatus
+ - percentage
+ type: object
+ delay:
+ description: Delay defines configuration of delaying
+ a response from a destination
+ properties:
+ percentage:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Percentage of requests on which delay
+ will be injected, has to be either int or decimal
+ represented as string.
+ x-kubernetes-int-or-string: true
+ value:
+ description: The duration during which the response
+ will be delayed
+ type: string
+ required:
+ - percentage
+ - value
+ type: object
+ responseBandwidth:
+ description: ResponseBandwidth defines a configuration
+ to limit the speed of responding to the requests
+ properties:
+ limit:
+ description: Limit is represented by value measure
+ in gbps, mbps, kbps or bps, e.g. 10kbps
+ type: string
+ percentage:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Percentage of requests on which response
+ bandwidth limit will be either int or decimal
+ represented as string.
+ x-kubernetes-int-or-string: true
+ required:
+ - limit
+ - percentage
+ type: object
+ type: object
+ type: array
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml
index 71b6e7ba2..76fd21dfc 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshgatewayinstances.kuma.io
spec:
@@ -51,6 +51,26 @@ spec:
description: Resources specifies the compute resources for the proxy
container. The default can be set in the control plane config.
properties:
+ claims:
+ description: "Claims lists the names of resources, defined in
+ spec.resourceClaims, that are used by this container. \n This
+ is an alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml
index 217572cf0..843dec889 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshgatewayroutes.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml
index f34fa7acf..73135c196 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshgateways.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml
new file mode 100644
index 000000000..4eafcbe76
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml
@@ -0,0 +1,303 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshhealthchecks.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshHealthCheck
+ listKind: MeshHealthCheckList
+ plural: meshhealthchecks
+ singular: meshhealthcheck
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshHealthCheck resource.
+ properties:
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ to:
+ description: To list makes a match between the consumed services and
+ corresponding configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of destinations referenced in 'targetRef'
+ properties:
+ alwaysLogHealthCheckFailures:
+ description: If set to true, health check failure events
+ will always be logged. If set to false, only the initial
+ health check failure event will be logged. The default
+ value is false.
+ type: boolean
+ eventLogPath:
+ description: Specifies the path to the file where Envoy
+ can log health check events. If empty, no event log will
+ be written.
+ type: string
+ failTrafficOnPanic:
+ description: If set to true, Envoy will not consider any
+ hosts when the cluster is in 'panic mode'. Instead, the
+ cluster will fail all requests as if all hosts are unhealthy.
+ This can help avoid potentially overwhelming a failing
+ service.
+ type: boolean
+ grpc:
+ description: GrpcHealthCheck defines gRPC configuration
+ which will instruct the service the health check will
+ be made for is a gRPC service.
+ properties:
+ authority:
+ description: The value of the :authority header in the
+ gRPC health check request, by default name of the
+ cluster this health check is associated with
+ type: string
+ disabled:
+ description: If true the GrpcHealthCheck is disabled
+ type: boolean
+ serviceName:
+ description: Service name parameter which will be sent
+ to gRPC service
+ type: string
+ type: object
+ healthyPanicThreshold:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Allows to configure panic threshold for Envoy
+ cluster. If not specified, the default is 50%. To disable
+ panic mode, set to 0%. Either int or decimal represented
+ as string.
+ x-kubernetes-int-or-string: true
+ healthyThreshold:
+ default: 1
+ description: Number of consecutive healthy checks before
+ considering a host healthy.
+ format: int32
+ type: integer
+ http:
+ description: HttpHealthCheck defines HTTP configuration
+ which will instruct the service the health check will
+ be made for is an HTTP service.
+ properties:
+ disabled:
+ description: If true the HttpHealthCheck is disabled
+ type: boolean
+ expectedStatuses:
+ description: List of HTTP response statuses which are
+ considered healthy
+ items:
+ format: int32
+ type: integer
+ type: array
+ path:
+ default: /
+ description: The HTTP path which will be requested during
+ the health check (ie. /health)
+ type: string
+ requestHeadersToAdd:
+ description: The list of HTTP headers which should be
+ added to each health check request
+ properties:
+ add:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ set:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ initialJitter:
+ description: If specified, Envoy will start health checking
+ after a random time in ms between 0 and initialJitter.
+ This only applies to the first health check.
+ type: string
+ interval:
+ default: 1m
+ description: Interval between consecutive health checks.
+ type: string
+ intervalJitter:
+ description: If specified, during every interval Envoy will
+ add IntervalJitter to the wait time.
+ type: string
+ intervalJitterPercent:
+ description: If specified, during every interval Envoy will
+ add IntervalJitter * IntervalJitterPercent / 100 to the
+ wait time. If IntervalJitter and IntervalJitterPercent
+ are both set, both of them will be used to increase the
+ wait time.
+ format: int32
+ type: integer
+ noTrafficInterval:
+ description: The "no traffic interval" is a special health
+ check interval that is used when a cluster has never had
+ traffic routed to it. This lower interval allows cluster
+ information to be kept up to date, without sending a potentially
+ large amount of active health checking traffic for no
+ reason. Once a cluster has been used for traffic routing,
+ Envoy will shift back to using the standard health check
+ interval that is defined. Note that this interval takes
+ precedence over any other. The default value for "no traffic
+ interval" is 60 seconds.
+ type: string
+ reuseConnection:
+ description: Reuse health check connection between health
+ checks. Default is true.
+ type: boolean
+ tcp:
+ description: TcpHealthCheck defines configuration for specifying
+ bytes to send and expected response during the health
+ check
+ properties:
+ disabled:
+ description: If true the TcpHealthCheck is disabled
+ type: boolean
+ receive:
+ description: List of Base64 encoded blocks of strings
+ expected as a response. When checking the response,
+ "fuzzy" matching is performed such that each block
+ must be found, and in the order specified, but not
+ necessarily contiguous. If not provided or empty,
+ checks will be performed as "connect only" and be
+ marked as successful when TCP connection is successfully
+ established.
+ items:
+ type: string
+ type: array
+ send:
+ description: Base64 encoded content of the message which
+ will be sent during the health check to the target
+ type: string
+ type: object
+ timeout:
+ default: 15s
+ description: Maximum time to wait for a health check response.
+ type: string
+ unhealthyThreshold:
+ default: 5
+ description: Number of consecutive unhealthy checks before
+ considering a host unhealthy.
+ format: int32
+ type: integer
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ required:
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml
new file mode 100644
index 000000000..f9245237c
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml
@@ -0,0 +1,403 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshhttproutes.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshHTTPRoute
+ listKind: MeshHTTPRouteList
+ plural: meshhttproutes
+ singular: meshhttproute
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshHTTPRoute resource.
+ properties:
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ to:
+ description: To matches destination services of requests and holds
+ configuration.
+ items:
+ properties:
+ rules:
+ description: Rules contains the routing rules applies to a combination
+ of top-level targetRef and the targetRef in this entry.
+ items:
+ properties:
+ default:
+ description: Default holds routing rules that can be merged
+ with rules from other policies.
+ properties:
+ backendRefs:
+ items:
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use
+ to identify cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource.
+ Can only be used with kinds: `MeshService`,
+ `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of
+ proxies by tags. Can only be used with kinds
+ `MeshSubset` and `MeshServiceSubset`
+ type: object
+ weight:
+ minimum: 0
+ type: integer
+ type: object
+ type: array
+ filters:
+ items:
+ properties:
+ requestHeaderModifier:
+ description: Only one action is supported per
+ header name. Configuration to set or add multiple
+ values for a header must use RFC 7230 header
+ value formatting, separating each value with
+ a comma.
+ properties:
+ add:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ remove:
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ set:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ requestRedirect:
+ properties:
+ hostname:
+ description: "PreciseHostname is the fully
+ qualified domain name of a network host.
+ This matches the RFC 1123 definition of
+ a hostname with 1 notable exception that
+ numeric IP addresses are not allowed.
+ \n Note that as per RFC1035 and RFC1123,
+ a *label* must consist of lower case alphanumeric
+ characters or '-', and must start and
+ end with an alphanumeric character. No
+ other punctuation is allowed."
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ port:
+ description: Port is the port to be used
+ in the value of the `Location` header
+ in the response. When empty, port (if
+ specified) of the request is used.
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ scheme:
+ enum:
+ - http
+ - https
+ type: string
+ statusCode:
+ default: 302
+ description: StatusCode is the HTTP status
+ code to be used in response.
+ enum:
+ - 301
+ - 302
+ - 303
+ - 307
+ - 308
+ type: integer
+ type: object
+ responseHeaderModifier:
+ description: Only one action is supported per
+ header name. Configuration to set or add multiple
+ values for a header must use RFC 7230 header
+ value formatting, separating each value with
+ a comma.
+ properties:
+ add:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ remove:
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ set:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ enum:
+ - RequestHeaderModifier
+ - ResponseHeaderModifier
+ - RequestRedirect
+ - URLRewrite
+ type: string
+ urlRewrite:
+ properties:
+ hostname:
+ description: "PreciseHostname is the fully
+ qualified domain name of a network host.
+ This matches the RFC 1123 definition of
+ a hostname with 1 notable exception that
+ numeric IP addresses are not allowed.
+ \n Note that as per RFC1035 and RFC1123,
+ a *label* must consist of lower case alphanumeric
+ characters or '-', and must start and
+ end with an alphanumeric character. No
+ other punctuation is allowed."
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ path:
+ properties:
+ replaceFullPath:
+ type: string
+ replacePrefixMatch:
+ type: string
+ type:
+ enum:
+ - ReplaceFullPath
+ - ReplacePrefixMatch
+ type: string
+ required:
+ - type
+ type: object
+ type: object
+ required:
+ - type
+ type: object
+ type: array
+ type: object
+ matches:
+ items:
+ properties:
+ method:
+ enum:
+ - CONNECT
+ - DELETE
+ - GET
+ - HEAD
+ - OPTIONS
+ - PATCH
+ - POST
+ - PUT
+ - TRACE
+ type: string
+ path:
+ properties:
+ type:
+ enum:
+ - Exact
+ - Prefix
+ - RegularExpression
+ type: string
+ value:
+ description: Exact or prefix matches must be
+ an absolute path. A prefix matches only if
+ separated by a slash or the entire path.
+ minLength: 1
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ queryParams:
+ description: QueryParams matches based on HTTP URL
+ query parameters. Multiple matches are ANDed together
+ such that all listed matches must succeed.
+ items:
+ properties:
+ name:
+ minLength: 1
+ type: string
+ type:
+ enum:
+ - Exact
+ - RegularExpression
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - type
+ - value
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - default
+ - matches
+ type: object
+ type: array
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of request destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml
index 86bf21612..1581092d5 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshinsights.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml
new file mode 100644
index 000000000..19478a4b6
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml
@@ -0,0 +1,343 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshproxypatches.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshProxyPatch
+ listKind: MeshProxyPatchList
+ plural: meshproxypatches
+ singular: meshproxypatch
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshProxyPatch resource.
+ properties:
+ default:
+ description: Default is a configuration specific to the group of destinations
+ referenced in 'targetRef'.
+ properties:
+ appendModifications:
+ description: AppendModifications is a list of modifications applied
+ on the selected proxy.
+ items:
+ properties:
+ cluster:
+ description: Cluster is a modification of Envoy's Cluster
+ resource.
+ properties:
+ match:
+ description: Match is a set of conditions that have
+ to be matched for modification operation to happen.
+ properties:
+ name:
+ description: Name of the cluster to match.
+ type: string
+ origin:
+ description: "Origin is the name of the component
+ or plugin that generated the resource. \n Here
+ is the list of well-known origins: inbound - resources
+ generated for handling incoming traffic. outbound
+ - resources generated for handling outgoing traffic.
+ transparent - resources generated for transparent
+ proxy functionality. prometheus - resources generated
+ when Prometheus metrics are enabled. direct-access
+ - resources generated for Direct Access functionality.
+ ingress - resources generated for Zone Ingress.
+ egress - resources generated for Zone Egress.
+ gateway - resources generated for MeshGateway.
+ \n The list is not complete, because policy plugins
+ can introduce new resources. For example MeshTrace
+ plugin can create Cluster with \"mesh-trace\"
+ origin."
+ type: string
+ type: object
+ operation:
+ description: Operation to execute on matched cluster.
+ enum:
+ - Add
+ - Remove
+ - Patch
+ type: string
+ value:
+ description: Value of xDS resource in YAML format to
+ add or patch.
+ type: string
+ required:
+ - operation
+ type: object
+ httpFilter:
+ description: HTTPFilter is a modification of Envoy HTTP
+ Filter available in HTTP Connection Manager in a Listener
+ resource.
+ properties:
+ match:
+ description: Match is a set of conditions that have
+ to be matched for modification operation to happen.
+ properties:
+ listenerName:
+ description: Name of the listener to match.
+ type: string
+ listenerTags:
+ additionalProperties:
+ type: string
+ description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]
+ type: object
+ name:
+ description: Name of the HTTP filter. For example
+ "envoy.filters.http.local_ratelimit"
+ type: string
+ origin:
+ description: "Origin is the name of the component
+ or plugin that generated the resource. \n Here
+ is the list of well-known origins: inbound - resources
+ generated for handling incoming traffic. outbound
+ - resources generated for handling outgoing traffic.
+ transparent - resources generated for transparent
+ proxy functionality. prometheus - resources generated
+ when Prometheus metrics are enabled. direct-access
+ - resources generated for Direct Access functionality.
+ ingress - resources generated for Zone Ingress.
+ egress - resources generated for Zone Egress.
+ gateway - resources generated for MeshGateway.
+ \n The list is not complete, because policy plugins
+ can introduce new resources. For example MeshTrace
+ plugin can create Cluster with \"mesh-trace\"
+ origin."
+ type: string
+ type: object
+ operation:
+ description: Operation to execute on matched listener.
+ enum:
+ - Remove
+ - Patch
+ - AddFirst
+ - AddBefore
+ - AddAfter
+ - AddLast
+ type: string
+ value:
+ description: Value of xDS resource in YAML format to
+ add or patch.
+ type: string
+ required:
+ - operation
+ type: object
+ listener:
+ description: Listener is a modification of Envoy's Listener
+ resource.
+ properties:
+ match:
+ description: Match is a set of conditions that have
+ to be matched for modification operation to happen.
+ properties:
+ name:
+ description: Name of the listener to match.
+ type: string
+ origin:
+ description: "Origin is the name of the component
+ or plugin that generated the resource. \n Here
+ is the list of well-known origins: inbound - resources
+ generated for handling incoming traffic. outbound
+ - resources generated for handling outgoing traffic.
+ transparent - resources generated for transparent
+ proxy functionality. prometheus - resources generated
+ when Prometheus metrics are enabled. direct-access
+ - resources generated for Direct Access functionality.
+ ingress - resources generated for Zone Ingress.
+ egress - resources generated for Zone Egress.
+ gateway - resources generated for MeshGateway.
+ \n The list is not complete, because policy plugins
+ can introduce new resources. For example MeshTrace
+ plugin can create Cluster with \"mesh-trace\"
+ origin."
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]
+ type: object
+ type: object
+ operation:
+ description: Operation to execute on matched listener.
+ enum:
+ - Add
+ - Remove
+ - Patch
+ type: string
+ value:
+ description: Value of xDS resource in YAML format to
+ add or patch.
+ type: string
+ required:
+ - operation
+ type: object
+ networkFilter:
+ description: NetworkFilter is a modification of Envoy Listener's
+ filter.
+ properties:
+ match:
+ description: Match is a set of conditions that have
+ to be matched for modification operation to happen.
+ properties:
+ listenerName:
+ description: Name of the listener to match.
+ type: string
+ listenerTags:
+ additionalProperties:
+ type: string
+ description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]
+ type: object
+ name:
+ description: Name of the network filter. For example
+ "envoy.filters.network.ratelimit"
+ type: string
+ origin:
+ description: "Origin is the name of the component
+ or plugin that generated the resource. \n Here
+ is the list of well-known origins: inbound - resources
+ generated for handling incoming traffic. outbound
+ - resources generated for handling outgoing traffic.
+ transparent - resources generated for transparent
+ proxy functionality. prometheus - resources generated
+ when Prometheus metrics are enabled. direct-access
+ - resources generated for Direct Access functionality.
+ ingress - resources generated for Zone Ingress.
+ egress - resources generated for Zone Egress.
+ gateway - resources generated for MeshGateway.
+ \n The list is not complete, because policy plugins
+ can introduce new resources. For example MeshTrace
+ plugin can create Cluster with \"mesh-trace\"
+ origin."
+ type: string
+ type: object
+ operation:
+ description: Operation to execute on matched listener.
+ enum:
+ - Remove
+ - Patch
+ - AddFirst
+ - AddBefore
+ - AddAfter
+ - AddLast
+ type: string
+ value:
+ description: Value of xDS resource in YAML format to
+ add or patch.
+ type: string
+ required:
+ - operation
+ type: object
+ virtualHost:
+ description: VirtualHost is a modification of Envoy's VirtualHost
+ referenced in HTTP Connection Manager in a Listener resource.
+ properties:
+ match:
+ description: Match is a set of conditions that have
+ to be matched for modification operation to happen.
+ properties:
+ name:
+ description: Name of the VirtualHost to match.
+ type: string
+ origin:
+ description: "Origin is the name of the component
+ or plugin that generated the resource. \n Here
+ is the list of well-known origins: inbound - resources
+ generated for handling incoming traffic. outbound
+ - resources generated for handling outgoing traffic.
+ transparent - resources generated for transparent
+ proxy functionality. prometheus - resources generated
+ when Prometheus metrics are enabled. direct-access
+ - resources generated for Direct Access functionality.
+ ingress - resources generated for Zone Ingress.
+ egress - resources generated for Zone Egress.
+ gateway - resources generated for MeshGateway.
+ \n The list is not complete, because policy plugins
+ can introduce new resources. For example MeshTrace
+ plugin can create Cluster with \"mesh-trace\"
+ origin."
+ type: string
+ routeConfigurationName:
+ description: Name of the RouteConfiguration resource
+ to match.
+ type: string
+ type: object
+ operation:
+ description: Operation to execute on matched listener.
+ enum:
+ - Add
+ - Remove
+ - Patch
+ type: string
+ value:
+ description: Value of xDS resource in YAML format to
+ add or patch.
+ type: string
+ required:
+ - match
+ - operation
+ type: object
+ type: object
+ type: array
+ required:
+ - appendModifications
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - default
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml
new file mode 100644
index 000000000..99b92ea73
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml
@@ -0,0 +1,227 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshratelimits.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshRateLimit
+ listKind: MeshRateLimitList
+ plural: meshratelimits
+ singular: meshratelimit
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshRateLimit resource.
+ properties:
+ from:
+ description: From list makes a match between clients and corresponding
+ configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of clients referenced in 'targetRef'
+ properties:
+ local:
+ description: LocalConf defines local http or/and tcp rate
+ limit configuration
+ properties:
+ http:
+ description: LocalHTTP defines confguration of local
+ HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter
+ properties:
+ disabled:
+ description: Define if rate limiting should be disabled.
+ type: boolean
+ onRateLimit:
+ description: Describes the actions to take on a
+ rate limit event
+ properties:
+ headers:
+ description: The Headers to be added to the
+ HTTP response on a rate limit event
+ properties:
+ add:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ set:
+ items:
+ properties:
+ name:
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ status:
+ description: The HTTP status code to be set
+ on a rate limit event
+ format: int32
+ type: integer
+ type: object
+ requestRate:
+ description: Defines how many requests are allowed
+ per interval.
+ properties:
+ interval:
+ description: The interval the number of units
+ is accounted for.
+ type: string
+ num:
+ description: Number of units per interval (depending
+ on usage it can be a number of requests, or
+ a number of connections).
+ format: int32
+ type: integer
+ required:
+ - interval
+ - num
+ type: object
+ type: object
+ tcp:
+ description: LocalTCP defines confguration of local
+ TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter
+ properties:
+ connectionRate:
+ description: Defines how many connections are allowed
+ per interval.
+ properties:
+ interval:
+ description: The interval the number of units
+ is accounted for.
+ type: string
+ num:
+ description: Number of units per interval (depending
+ on usage it can be a number of requests, or
+ a number of connections).
+ format: int32
+ type: integer
+ required:
+ - interval
+ - num
+ type: object
+ disabled:
+ description: 'Define if rate limiting should be
+ disabled. Default: false'
+ type: boolean
+ type: object
+ type: object
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of clients.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshretries.yaml b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml
new file mode 100644
index 000000000..9f8d950f0
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml
@@ -0,0 +1,362 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshretries.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshRetry
+ listKind: MeshRetryList
+ plural: meshretries
+ singular: meshretry
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshRetry resource.
+ properties:
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ to:
+ description: To list makes a match between the consumed services and
+ corresponding configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of destinations referenced in 'targetRef'
+ properties:
+ grpc:
+ description: GRPC defines a configuration of retries for
+ GRPC traffic
+ properties:
+ backOff:
+ description: BackOff is a configuration of durations
+ which will be used in exponential backoff strategy
+ between retries.
+ properties:
+ baseInterval:
+ description: BaseInterval is an amount of time which
+ should be taken between retries. Must be greater
+ than zero. Values less than 1 ms are rounded up
+ to 1 ms. Default is 25ms.
+ type: string
+ maxInterval:
+ description: MaxInterval is a maximal amount of
+ time which will be taken between retries. Default
+ is 10 times the "BaseInterval".
+ type: string
+ type: object
+ numRetries:
+ description: NumRetries is the number of attempts that
+ will be made on failed (and retriable) requests.
+ format: int32
+ type: integer
+ perTryTimeout:
+ description: PerTryTimeout is the amount of time after
+ which retry attempt should timeout. Setting this timeout
+ to 0 will disable it. Default is 15s.
+ type: string
+ rateLimitedBackOff:
+ description: RateLimitedBackOff is a configuration of
+ backoff which will be used when the upstream returns
+ one of the headers configured.
+ properties:
+ maxInterval:
+ description: MaxInterval is a maximal amount of
+ time which will be taken between retries. Default
+ is 300 seconds.
+ type: string
+ resetHeaders:
+ description: ResetHeaders specifies the list of
+ headers (like Retry-After or X-RateLimit-Reset)
+ to match against the response. Headers are tried
+ in order, and matched case-insensitive. The first
+ header to be parsed successfully is used. If no
+ headers match the default exponential BackOff
+ is used instead.
+ items:
+ properties:
+ format:
+ description: The format of the reset header,
+ either Seconds or UnixTimestamp.
+ enum:
+ - Seconds
+ - UnixTimestamp
+ type: string
+ name:
+ description: The Name of the reset header.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ required:
+ - format
+ - name
+ type: object
+ type: array
+ type: object
+ retryOn:
+ description: 'RetryOn is a list of conditions which
+ will cause a retry. Available values are: [Canceled,
+ DeadlineExceeded, Internal, ResourceExhausted, Unavailable].'
+ items:
+ type: string
+ type: array
+ type: object
+ http:
+ description: HTTP defines a configuration of retries for
+ HTTP traffic
+ properties:
+ backOff:
+ description: BackOff is a configuration of durations
+ which will be used in exponential backoff strategy
+ between retries
+ properties:
+ baseInterval:
+ description: BaseInterval is an amount of time which
+ should be taken between retries. Must be greater
+ than zero. Values less than 1 ms are rounded up
+ to 1 ms. Default is 25ms.
+ type: string
+ maxInterval:
+ description: MaxInterval is a maximal amount of
+ time which will be taken between retries. Default
+ is 10 times the "BaseInterval".
+ type: string
+ type: object
+ numRetries:
+ description: NumRetries is the number of attempts that
+ will be made on failed (and retriable) requests
+ format: int32
+ type: integer
+ perTryTimeout:
+ description: PerTryTimeout is the amount of time after
+ which retry attempt should timeout. Setting this timeout
+ to 0 will disable it. Default is 15s.
+ type: string
+ rateLimitedBackOff:
+ description: RateLimitedBackOff is a configuration of
+ backoff which will be used when the upstream returns
+ one of the headers configured.
+ properties:
+ maxInterval:
+ description: MaxInterval is a maximal amount of
+ time which will be taken between retries. Default
+ is 300 seconds.
+ type: string
+ resetHeaders:
+ description: ResetHeaders specifies the list of
+ headers (like Retry-After or X-RateLimit-Reset)
+ to match against the response. Headers are tried
+ in order, and matched case-insensitive. The first
+ header to be parsed successfully is used. If no
+ headers match the default exponential BackOff
+ is used instead.
+ items:
+ properties:
+ format:
+ description: The format of the reset header,
+ either Seconds or UnixTimestamp.
+ enum:
+ - Seconds
+ - UnixTimestamp
+ type: string
+ name:
+ description: The Name of the reset header.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ required:
+ - format
+ - name
+ type: object
+ type: array
+ type: object
+ retriableRequestHeaders:
+ description: RetriableRequestHeaders is an HTTP headers
+ which must be present in the request for retries to
+ be attempted.
+ items:
+ description: HTTPHeaderMatch describes how to select
+ a HTTP route by matching HTTP request headers.
+ properties:
+ name:
+ description: Name is the name of the HTTP Header
+ to be matched. Name MUST be lower case as they
+ will be handled with case insensitivity (See
+ https://tools.ietf.org/html/rfc7230#section-3.2).
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ type:
+ default: Exact
+ description: Type specifies how to match against
+ the value of the header.
+ enum:
+ - Exact
+ - Present
+ - RegularExpression
+ - Absent
+ - Prefix
+ type: string
+ value:
+ description: Value is the value of HTTP Header
+ to be matched.
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ retriableResponseHeaders:
+ description: RetriableResponseHeaders is an HTTP response
+ headers that trigger a retry if present in the response.
+ A retry will be triggered if any of the header matches
+ match the upstream response headers.
+ items:
+ description: HTTPHeaderMatch describes how to select
+ a HTTP route by matching HTTP request headers.
+ properties:
+ name:
+ description: Name is the name of the HTTP Header
+ to be matched. Name MUST be lower case as they
+ will be handled with case insensitivity (See
+ https://tools.ietf.org/html/rfc7230#section-3.2).
+ maxLength: 256
+ minLength: 1
+ pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ type:
+ default: Exact
+ description: Type specifies how to match against
+ the value of the header.
+ enum:
+ - Exact
+ - Present
+ - RegularExpression
+ - Absent
+ - Prefix
+ type: string
+ value:
+ description: Value is the value of HTTP Header
+ to be matched.
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ retryOn:
+ description: 'RetryOn is a list of conditions which
+ will cause a retry. Available values are: [5XX, GatewayError,
+ Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited,
+ RefusedStream, Http3PostConnectFailure, HttpMethodConnect,
+ HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions,
+ HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace].
+ Also, any HTTP status code (500, 503, etc).'
+ items:
+ type: string
+ type: array
+ type: object
+ tcp:
+ description: TCP defines a configuration of retries for
+ TCP traffic
+ properties:
+ maxConnectAttempt:
+ description: MaxConnectAttempt is a maximal amount of
+ TCP connection attempts which will be made before
+ giving up
+ format: int32
+ type: integer
+ type: object
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ required:
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml
new file mode 100644
index 000000000..da628f22e
--- /dev/null
+++ b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml
@@ -0,0 +1,243 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: meshtimeouts.kuma.io
+spec:
+ group: kuma.io
+ names:
+ categories:
+ - kuma
+ kind: MeshTimeout
+ listKind: MeshTimeoutList
+ plural: meshtimeouts
+ singular: meshtimeout
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec is the specification of the Kuma MeshTimeout resource.
+ properties:
+ from:
+ description: From list makes a match between clients and corresponding
+ configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of clients referenced in 'targetRef'
+ properties:
+ connectionTimeout:
+ description: ConnectionTimeout specifies the amount of time
+ proxy will wait for an TCP connection to be established.
+ Default value is 5 seconds. Cannot be set to 0.
+ type: string
+ http:
+ description: Http provides configuration for HTTP specific
+ timeouts
+ properties:
+ maxConnectionDuration:
+ description: MaxConnectionDuration is the time after
+ which a connection will be drained and/or closed,
+ starting from when it was first established. Setting
+ this timeout to 0 will disable it. Disabled by default.
+ type: string
+ maxStreamDuration:
+ description: MaxStreamDuration is the maximum time that
+ a stream’s lifetime will span. Setting this timeout
+ to 0 will disable it. Disabled by default.
+ type: string
+ requestTimeout:
+ description: RequestTimeout The amount of time that
+ proxy will wait for the entire request to be received.
+ The timer is activated when the request is initiated,
+ and is disarmed when the last byte of the request
+ is sent, OR when the response is initiated. Setting
+ this timeout to 0 will disable it. Default is 15s.
+ type: string
+ streamIdleTimeout:
+ description: StreamIdleTimeout is the amount of time
+ that proxy will allow a stream to exist with no activity.
+ Setting this timeout to 0 will disable it. Default
+ is 30m
+ type: string
+ type: object
+ idleTimeout:
+ description: IdleTimeout is defined as the period in which
+ there are no bytes sent or received on connection Setting
+ this timeout to 0 will disable it. Be cautious when disabling
+ it because it can lead to connection leaking. Default
+ value is 1h.
+ type: string
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of clients.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ targetRef:
+ description: TargetRef is a reference to the resource the policy takes
+ an effect on. The resource could be either a real store object or
+ virtual resource defined inplace.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify cross
+ mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only be used
+ with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by tags.
+ Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ to:
+ description: To list makes a match between the consumed services and
+ corresponding configurations
+ items:
+ properties:
+ default:
+ description: Default is a configuration specific to the group
+ of destinations referenced in 'targetRef'
+ properties:
+ connectionTimeout:
+ description: ConnectionTimeout specifies the amount of time
+ proxy will wait for an TCP connection to be established.
+ Default value is 5 seconds. Cannot be set to 0.
+ type: string
+ http:
+ description: Http provides configuration for HTTP specific
+ timeouts
+ properties:
+ maxConnectionDuration:
+ description: MaxConnectionDuration is the time after
+ which a connection will be drained and/or closed,
+ starting from when it was first established. Setting
+ this timeout to 0 will disable it. Disabled by default.
+ type: string
+ maxStreamDuration:
+ description: MaxStreamDuration is the maximum time that
+ a stream’s lifetime will span. Setting this timeout
+ to 0 will disable it. Disabled by default.
+ type: string
+ requestTimeout:
+ description: RequestTimeout The amount of time that
+ proxy will wait for the entire request to be received.
+ The timer is activated when the request is initiated,
+ and is disarmed when the last byte of the request
+ is sent, OR when the response is initiated. Setting
+ this timeout to 0 will disable it. Default is 15s.
+ type: string
+ streamIdleTimeout:
+ description: StreamIdleTimeout is the amount of time
+ that proxy will allow a stream to exist with no activity.
+ Setting this timeout to 0 will disable it. Default
+ is 30m
+ type: string
+ type: object
+ idleTimeout:
+ description: IdleTimeout is defined as the period in which
+ there are no bytes sent or received on connection Setting
+ this timeout to 0 will disable it. Be cautious when disabling
+ it because it can lead to connection leaking. Default
+ value is 1h.
+ type: string
+ type: object
+ targetRef:
+ description: TargetRef is a reference to the resource that represents
+ a group of destinations.
+ properties:
+ kind:
+ description: Kind of the referenced resource
+ enum:
+ - Mesh
+ - MeshSubset
+ - MeshService
+ - MeshServiceSubset
+ - MeshGatewayRoute
+ type: string
+ mesh:
+ description: Mesh is reserved for future use to identify
+ cross mesh resources.
+ type: string
+ name:
+ description: 'Name of the referenced resource. Can only
+ be used with kinds: `MeshService`, `MeshServiceSubset`
+ and `MeshGatewayRoute`'
+ type: string
+ tags:
+ additionalProperties:
+ type: string
+ description: Tags used to select a subset of proxies by
+ tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
+ type: object
+ type: object
+ required:
+ - targetRef
+ type: object
+ type: array
+ required:
+ - targetRef
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml
index 9aff71fa3..69fbf29e5 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshtraces.kuma.io
spec:
@@ -64,13 +64,19 @@ spec:
description: Address of Datadog collector, only host
and port are allowed (no paths, fragments etc.)
type: string
+ required:
+ - url
type: object
zipkin:
description: Zipkin backend configuration.
properties:
apiVersion:
+ default: httpJson
description: 'Version of the API. values: httpJson,
httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66'
+ enum:
+ - httpJson
+ - httpProto
type: string
sharedSpanContext:
description: 'Determines whether client and server spans
@@ -82,9 +88,10 @@ spec:
url:
description: Address of Zipkin collector.
type: string
+ required:
+ - url
type: object
type: object
- nullable: true
type: array
sampling:
description: Sampling configuration. Sampling is the process by
@@ -92,12 +99,18 @@ spec:
or not.
properties:
client:
+ anyOf:
+ - type: integer
+ - type: string
description: 'Target percentage of requests that will be force
traced if the ''x-client-trace-id'' header is set. Default:
- 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133'
- format: int32
- type: integer
+ 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133
+ Either int or decimal represented as string.'
+ x-kubernetes-int-or-string: true
overall:
+ anyOf:
+ - type: integer
+ - type: string
description: 'Target percentage of requests will be traced
after all other sampling checks have been applied (client,
force tracing, random sampling). This field functions as
@@ -105,16 +118,19 @@ spec:
instance, setting client_sampling to 100% but overall_sampling
to 1% will result in only 1% of client requests with the
appropriate headers to be force traced. Default: 100% Mirror
- of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150'
- format: int32
- type: integer
+ of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150
+ Either int or decimal represented as string.'
+ x-kubernetes-int-or-string: true
random:
+ anyOf:
+ - type: integer
+ - type: string
description: 'Target percentage of requests that will be randomly
selected for trace generation, if not requested by the client
or not forced. Default: 100% Mirror of random_sampling in
- Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140'
- format: int32
- type: integer
+ Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140
+ Either int or decimal represented as string.'
+ x-kubernetes-int-or-string: true
type: object
tags:
description: Custom tags configuration. You can add custom tags
@@ -134,6 +150,8 @@ spec:
name:
description: Name of the header.
type: string
+ required:
+ - name
type: object
literal:
description: Tag taken from literal value.
@@ -141,8 +159,9 @@ spec:
name:
description: Name of the tag.
type: string
+ required:
+ - name
type: object
- nullable: true
type: array
type: object
targetRef:
@@ -174,6 +193,8 @@ spec:
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
+ required:
+ - targetRef
type: object
type: object
served: true
diff --git a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml
index e3b161779..02f3882e4 100644
--- a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: meshtrafficpermissions.kuma.io
spec:
@@ -50,9 +50,9 @@ spec:
description: 'Action defines a behavior for the specified
group of clients:'
enum:
- - ALLOW
- - DENY
- - ALLOW_WITH_SHADOW_DENY
+ - Allow
+ - Deny
+ - AllowWithShadowDeny
type: string
type: object
targetRef:
@@ -84,6 +84,8 @@ spec:
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
+ required:
+ - targetRef
type: object
type: array
targetRef:
@@ -115,6 +117,8 @@ spec:
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
+ required:
+ - targetRef
type: object
type: object
served: true
diff --git a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml
index 799806772..2aeae6078 100644
--- a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: proxytemplates.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml
index 899c46003..7c50a9dd1 100644
--- a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: ratelimits.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_retries.yaml b/charts/kuma/kuma/crds/kuma.io_retries.yaml
index ef2bee871..e2b50cc9f 100644
--- a/charts/kuma/kuma/crds/kuma.io_retries.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_retries.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: retries.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml
index 9e44aef59..ba266b6ff 100644
--- a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: serviceinsights.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml
index 7b0cb5659..268eec1e4 100644
--- a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: timeouts.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml
index d1dbd032c..50a7c23b9 100644
--- a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: trafficlogs.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml
index 7cb6a6fa3..74e9ac557 100644
--- a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: trafficpermissions.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml
index 5b4dca9ce..5f539139f 100644
--- a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: trafficroutes.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml
index eeaf34613..8c09731c0 100644
--- a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: traffictraces.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml
index 99e8caaf3..241a24648 100644
--- a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: virtualoutbounds.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml
index 5d99a9fee..38eb83ee1 100644
--- a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: zoneegresses.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml
index 4b390ca5a..76c36f737 100644
--- a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: zoneegressinsights.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml
index 083590670..41b2928e6 100644
--- a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: zoneingresses.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml
index c8dfec19c..1898e0aec 100644
--- a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: zoneingressinsights.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml
index 52183838f..9d5237d86 100644
--- a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: zoneinsights.kuma.io
spec:
diff --git a/charts/kuma/kuma/crds/kuma.io_zones.yaml b/charts/kuma/kuma/crds/kuma.io_zones.yaml
index 79dd3d815..40970ab6a 100644
--- a/charts/kuma/kuma/crds/kuma.io_zones.yaml
+++ b/charts/kuma/kuma/crds/kuma.io_zones.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
+ controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: zones.kuma.io
spec:
diff --git a/charts/kuma/kuma/templates/_helpers.tpl b/charts/kuma/kuma/templates/_helpers.tpl
index 2e47ec350..d5589bc17 100644
--- a/charts/kuma/kuma/templates/_helpers.tpl
+++ b/charts/kuma/kuma/templates/_helpers.tpl
@@ -169,6 +169,9 @@ returns: formatted image string
{{- printf "%s/%s:%s" $registry $repo $tag -}}
{{- end -}}
+{{- define "kuma.parentEnv" -}}
+{{- end -}}
+
{{- define "kuma.defaultEnv" -}}
{{ if not (or (eq .Values.controlPlane.mode "zone") (eq .Values.controlPlane.mode "global") (eq .Values.controlPlane.mode "standalone")) }}
{{ $msg := printf "controlPlane.mode invalid got:'%s' supported values: global,zone,standalone" .Values.controlPlane.mode }}
@@ -196,6 +199,7 @@ returns: formatted image string
{{ end }}
{{ end }}
env:
+{{ include "kuma.parentEnv" . }}
- name: KUMA_ENVIRONMENT
value: "kubernetes"
- name: KUMA_STORE_TYPE
diff --git a/charts/kuma/kuma/templates/cni-daemonset.yaml b/charts/kuma/kuma/templates/cni-daemonset.yaml
index 16193bce5..df4161ba8 100644
--- a/charts/kuma/kuma/templates/cni-daemonset.yaml
+++ b/charts/kuma/kuma/templates/cni-daemonset.yaml
@@ -32,6 +32,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.cni.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
hostNetwork: true
tolerations:
# Make sure kuma-cni-node gets scheduled on all nodes.
@@ -61,7 +65,7 @@ spec:
command:
- cat
- /tmp/ready
- command: [ "/bin/sh", "-c", "--" ]
+ command: [ "sh", "-c", "--" ]
args: [ "sleep {{.Values.cni.delayStartupSeconds}} && exec /install-cni" ]
{{- else if .Values.experimental.ebpf.enabled }}
{{- with .Values.cni.experimental.imageEbpf }}
diff --git a/charts/kuma/kuma/templates/cp-deployment.yaml b/charts/kuma/kuma/templates/cp-deployment.yaml
index ef39087bd..a2cbaff7c 100644
--- a/charts/kuma/kuma/templates/cp-deployment.yaml
+++ b/charts/kuma/kuma/templates/cp-deployment.yaml
@@ -58,6 +58,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.controlPlane.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
hostNetwork: {{ .Values.controlPlane.hostNetwork }}
terminationGracePeriodSeconds: {{ .Values.controlPlane.terminationGracePeriodSeconds }}
containers:
@@ -88,10 +92,10 @@ spec:
name: {{ $element.Secret }}
key: {{ $element.Key }}
{{- end }}
- - name: POD_NAME
+ - name: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS
valueFrom:
fieldRef:
- fieldPath: metadata.name
+ fieldPath: status.podIP
args:
- run
- --log-level={{ .Values.controlPlane.logLevel }}
diff --git a/charts/kuma/kuma/templates/cp-rbac.yaml b/charts/kuma/kuma/templates/cp-rbac.yaml
index 75ef172c5..7285c5a17 100644
--- a/charts/kuma/kuma/templates/cp-rbac.yaml
+++ b/charts/kuma/kuma/templates/cp-rbac.yaml
@@ -35,6 +35,7 @@ rules:
- "apps"
resources:
- deployments
+ - replicasets
verbs:
- create
- delete
@@ -43,6 +44,14 @@ rules:
- patch
- update
- watch
+ - apiGroups:
+ - "batch"
+ resources:
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
- apiGroups:
- gateway.networking.k8s.io
resources:
@@ -133,7 +142,7 @@ rules:
{{- if .Values.experimental.gatewayAPI }}
- meshgatewayconfigs
{{- end }}
- {{- range $idx, $policy := .Values.plugins.policies }}
+ {{- range $policy, $empty := .Values.plugins.policies }}
- {{ $policy }}
{{- end}}
verbs:
diff --git a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml
index 5c66b039d..5da8b1f3b 100644
--- a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml
+++ b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml
@@ -73,7 +73,7 @@ webhooks:
- UPDATE
resources:
- meshes
- {{- range $idx, $policy := .Values.plugins.policies }}
+ {{- range $policy, $empty := .Values.plugins.policies }}
- {{ $policy }}
{{- end}}
sideEffects: None
@@ -109,7 +109,7 @@ webhooks:
- trafficroutes
- traffictraces
- virtualoutbounds
- {{- range $idx, $policy := .Values.plugins.policies }}
+ {{- range $policy, $empty := .Values.plugins.policies }}
- {{ $policy }}
{{- end}}
{{ .Values.controlPlane.webhooks.ownerReference.additionalRules | nindent 6 }}
@@ -225,7 +225,7 @@ webhooks:
- virtualoutbounds
- zones
- containerpatches
- {{- range $idx, $policy := .Values.plugins.policies }}
+ {{- range $policy, $empty := .Values.plugins.policies }}
- {{ $policy }}
{{- end}}
{{ .Values.controlPlane.webhooks.validator.additionalRules | nindent 6 }}
diff --git a/charts/kuma/kuma/templates/egress-deployment.yaml b/charts/kuma/kuma/templates/egress-deployment.yaml
index f8d8493ac..6b7b65a94 100644
--- a/charts/kuma/kuma/templates/egress-deployment.yaml
+++ b/charts/kuma/kuma/templates/egress-deployment.yaml
@@ -42,6 +42,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.egress.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
containers:
- name: egress
image: {{ include "kuma.formatImage" (dict "image" .Values.dataPlane.image "root" $) | quote }}
diff --git a/charts/kuma/kuma/templates/ingress-deployment.yaml b/charts/kuma/kuma/templates/ingress-deployment.yaml
index f3e01ac0c..a66985f1e 100644
--- a/charts/kuma/kuma/templates/ingress-deployment.yaml
+++ b/charts/kuma/kuma/templates/ingress-deployment.yaml
@@ -42,6 +42,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.ingress.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
terminationGracePeriodSeconds: {{ .Values.ingress.terminationGracePeriodSeconds }}
containers:
- name: ingress
diff --git a/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml b/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml
index 07ac05ee7..daee57c17 100644
--- a/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml
+++ b/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml
@@ -92,6 +92,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.hooks.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
restartPolicy: OnFailure
{{- if .Values.hooks.podSecurityContext }}
securityContext:
diff --git a/charts/kuma/kuma/templates/pre-delete-webhooks.yaml b/charts/kuma/kuma/templates/pre-delete-webhooks.yaml
index ed5113962..858cc31fc 100644
--- a/charts/kuma/kuma/templates/pre-delete-webhooks.yaml
+++ b/charts/kuma/kuma/templates/pre-delete-webhooks.yaml
@@ -80,6 +80,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.hooks.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
restartPolicy: OnFailure
{{- if .Values.hooks.podSecurityContext }}
securityContext:
diff --git a/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml b/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml
index 9b5cfdc09..9f38fb4de 100644
--- a/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml
+++ b/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml
@@ -81,6 +81,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.hooks.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
restartPolicy: OnFailure
{{- if .Values.hooks.podSecurityContext }}
securityContext:
diff --git a/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml b/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml
index d0e577b96..7a864b753 100644
--- a/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml
+++ b/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml
@@ -79,8 +79,6 @@ data:
echo "/kuma/missing/crds.yaml not found or empty, it looks like there is no missing crds"
fi
save_missing_crds.sh: |
- #!/usr/bin/env sh
-
missing_crds="$(kumactl install crds --only-missing {{ if .Values.experimental.gatewayAPI }}--experimental-gatewayapi{{end}})"
if [ -n "${missing_crds}" ]; then
@@ -110,6 +108,10 @@ spec:
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.hooks.tolerations }}
+ tolerations:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
restartPolicy: OnFailure
{{- if .Values.hooks.podSecurityContext }}
securityContext:
@@ -158,7 +160,7 @@ spec:
- mountPath: /kuma/scripts
name: scripts
readOnly: true
- command:
+ args:
- '/kuma/scripts/save_missing_crds.sh'
volumes:
- name: scripts
diff --git a/charts/kuma/kuma/values.yaml b/charts/kuma/kuma/values.yaml
index 3680a429d..2bbb39963 100644
--- a/charts/kuma/kuma/values.yaml
+++ b/charts/kuma/kuma/values.yaml
@@ -64,6 +64,9 @@ controlPlane:
nodeSelector:
kubernetes.io/os: linux
+ # -- Tolerations for the Kuma Control Plane pods
+ tolerations: []
+
podDisruptionBudget:
# -- Whether to create a pod disruption budget
enabled: false
@@ -311,6 +314,8 @@ cni:
# -- Node Selector for the CNI pods
nodeSelector:
kubernetes.io/os: linux
+ # -- Tolerations for the CNI pods
+ tolerations: []
# -- Additional pod annotations
podAnnotations: { }
@@ -453,7 +458,8 @@ ingress:
# -- Node Selector for the Ingress pods
nodeSelector:
kubernetes.io/os: linux
-
+ # -- Tolerations for the Ingress pods
+ tolerations: []
podDisruptionBudget:
# -- Whether to create a pod disruption budget
enabled: false
@@ -564,7 +570,8 @@ egress:
# -- Node Selector for the Egress pods
nodeSelector:
kubernetes.io/os: linux
-
+ # -- Tolerations for the Egress pods
+ tolerations: []
podDisruptionBudget:
# -- Whether to create a pod disruption budget
enabled: false
@@ -644,7 +651,8 @@ hooks:
# -- Node selector for the HELM hooks
nodeSelector:
kubernetes.io/os: linux
-
+ # -- Tolerations for the HELM hooks
+ tolerations: []
# -- Security context at the pod level for crd/webhook/ns
podSecurityContext: {}
# # The values below are examples. More values can be added as needed, since the field resolves as free form.
@@ -694,6 +702,14 @@ experimental:
# @ignored for helm-docs
plugins:
policies:
- - meshaccesslogs
- - meshtraces
- - meshtrafficpermissions
+ meshaccesslogs: {}
+ meshcircuitbreakers: {}
+ meshfaultinjections: {}
+ meshhealthchecks: {}
+ meshhttproutes: {}
+ meshproxypatches: {}
+ meshratelimits: {}
+ meshretries: {}
+ meshtimeouts: {}
+ meshtraces: {}
+ meshtrafficpermissions: {}
diff --git a/charts/mongodb/community-operator/Chart.lock b/charts/mongodb/community-operator/Chart.lock
index 1451b07ca..08e8e21f5 100644
--- a/charts/mongodb/community-operator/Chart.lock
+++ b/charts/mongodb/community-operator/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: community-operator-crds
repository: https://mongodb.github.io/helm-charts
- version: 0.7.7
-digest: sha256:b9572658c463827912234b6e4837f9b30ddad7b7e4759283eee4eea98991aad5
-generated: "2023-01-10T16:44:14.781274016Z"
+ version: 0.7.8
+digest: sha256:8e7705672eefdf0c4d53629c122d643a5aad42c26c85171d089a268e5f140186
+generated: "2023-01-30T12:57:52.51061305Z"
diff --git a/charts/mongodb/community-operator/Chart.yaml b/charts/mongodb/community-operator/Chart.yaml
index 924817a27..c7be6349c 100644
--- a/charts/mongodb/community-operator/Chart.yaml
+++ b/charts/mongodb/community-operator/Chart.yaml
@@ -4,12 +4,12 @@ annotations:
catalog.cattle.io/kube-version: '>=1.16-0'
catalog.cattle.io/release-name: community-operator
apiVersion: v2
-appVersion: 0.7.7
+appVersion: 0.7.8
dependencies:
- condition: community-operator-crds.enabled
name: community-operator-crds
repository: file://./charts/community-operator-crds
- version: 0.7.7
+ version: 0.7.8
description: MongoDB Kubernetes Community Operator
home: https://github.com/mongodb/mongodb-kubernetes-operator
icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
@@ -23,4 +23,4 @@ maintainers:
name: MongoDB
name: community-operator
type: application
-version: 0.7.7
+version: 0.7.8
diff --git a/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml b/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml
index 920da6c21..bed14d1da 100644
--- a/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml
+++ b/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 0.7.7
+appVersion: 0.7.8
description: MongoDB Kubernetes Community Operator - CRDs
home: https://github.com/mongodb/mongodb-kubernetes-operator
icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
@@ -13,4 +13,4 @@ maintainers:
name: MongoDB
name: community-operator-crds
type: application
-version: 0.7.7
+version: 0.7.8
diff --git a/charts/mongodb/community-operator/values.yaml b/charts/mongodb/community-operator/values.yaml
index e19fbdc20..9f2f8c482 100644
--- a/charts/mongodb/community-operator/values.yaml
+++ b/charts/mongodb/community-operator/values.yaml
@@ -11,7 +11,7 @@ operator:
deploymentName: mongodb-kubernetes-operator
# Version of mongodb-kubernetes-operator
- version: 0.7.6
+ version: 0.7.8
# Uncomment this line to watch all namespaces
# watchNamespace: "*"
diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml
index 2a8000a3c..9faccc350 100644
--- a/charts/redpanda/redpanda/Chart.yaml
+++ b/charts/redpanda/redpanda/Chart.yaml
@@ -26,4 +26,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
-version: 2.6.1
+version: 2.6.3
diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl
index 819e178a8..cf7ad2256 100644
--- a/charts/redpanda/redpanda/templates/_helpers.tpl
+++ b/charts/redpanda/redpanda/templates/_helpers.tpl
@@ -407,9 +407,9 @@ runAsUser: {{ dig "podSecurityContext" "runAsUser" .Values.statefulset.securityC
runAsGroup: {{ dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset }}
{{- end -}}
-{{- define "tls-curl-flags" -}}
+{{- define "admin-tls-curl-flags" -}}
{{- $result := "" -}}
- {{- if (include "tls-enabled" . | fromJson).bool -}}
+ {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}}
{{- $path := (printf "/etc/tls/certs/%s" .Values.listeners.admin.tls.cert) -}}
{{- $result = (printf "--cacert %s/tls.crt" $path) -}}
{{- if .Values.listeners.admin.tls.requireClientAuth -}}
@@ -419,9 +419,9 @@ runAsGroup: {{ dig "podSecurityContext" "fsGroup" .Values.statefulset.securityCo
{{- $result -}}
{{- end -}}
-{{- define "http-protocol" -}}
+{{- define "admin-http-protocol" -}}
{{- $result := "http" -}}
- {{- if (include "tls-enabled" . | fromJson).bool -}}
+ {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}}
{{- $result = "https" -}}
{{- end -}}
{{- $result -}}
diff --git a/charts/redpanda/redpanda/templates/rbac.yaml b/charts/redpanda/redpanda/templates/rbac.yaml
index 253018795..cbfdda0eb 100644
--- a/charts/redpanda/redpanda/templates/rbac.yaml
+++ b/charts/redpanda/redpanda/templates/rbac.yaml
@@ -43,6 +43,42 @@ rules:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "redpanda.fullname" . }}-rpk-bundle
+ labels:
+ helm.sh/chart: {{ template "redpanda.chart" . }}
+ app.kubernetes.io/name: {{ template "redpanda.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/component: {{ template "redpanda.name" . }}
+ {{- with .Values.commonLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - events
+ - limitranges
+ - persistentvolumeclaims
+ - pods
+ - pods/log
+ - replicationcontrollers
+ - resourcequotas
+ - serviceaccounts
+ - services
+ verbs:
+ - get
+ - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "redpanda.fullname" . }}
@@ -67,4 +103,30 @@ subjects:
- kind: ServiceAccount
name: {{ include "redpanda.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
-{{- end }}
\ No newline at end of file
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "redpanda.fullname" . }}-rpk-bundle
+ labels:
+ helm.sh/chart: {{ template "redpanda.chart" . }}
+ app.kubernetes.io/name: {{ template "redpanda.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/component: {{ template "redpanda.name" . }}
+ {{- with .Values.commonLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "redpanda.fullname" . }}-rpk-bundle
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "redpanda.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/redpanda/redpanda/templates/secret.yaml b/charts/redpanda/redpanda/templates/secret.yaml
index 5f6334480..f65c2a5d8 100644
--- a/charts/redpanda/redpanda/templates/secret.yaml
+++ b/charts/redpanda/redpanda/templates/secret.yaml
@@ -16,14 +16,14 @@ stringData:
#!/usr/bin/env bash
# the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME
- CURL_URL="{{ (include "http-protocol" . ) }}://${SERVICE_NAME}.{{ template "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.listeners.admin.port }}"
+ CURL_URL="{{ include "admin-http-protocol" . }}://${SERVICE_NAME}.{{ template "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.listeners.admin.port }}"
# commands used throughout
- CURL_NODE_ID_CMD="curl --silent --fail {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/node_config"
+ CURL_NODE_ID_CMD="curl --silent --fail {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/node_config"
- CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"'
+ CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"'
CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"'
- CURL_MAINTENANCE_GET_CMD="curl -X GET --silent {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/maintenance"
+ CURL_MAINTENANCE_GET_CMD="curl -X GET --silent {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/maintenance"
postStart.sh: |-
#!/usr/bin/env bash
@@ -33,14 +33,14 @@ stringData:
# path below should match the path defined on the statefulset
source /var/lifecycle/common.sh
- set -e
-
+ set -ex
+
until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do
sleep 0.5
done
-
+
echo "Clearing maintenance mode on node ${NODE_ID}"
- CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"
+ CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"
# a 400 here would mean not in maintenance mode
until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do
status=$(${CURL_MAINTENANCE_DELETE_CMD})
@@ -51,23 +51,23 @@ stringData:
#!/usr/bin/env bash
# This code should be similar if not exactly the same as that found in the panda-operator, see
# https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go
-
+
# path below should match the path defined on the statefulset
source /var/lifecycle/common.sh
- set -e
+ set -ex
until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do
sleep 0.5
done
-
- echo "Setting maintenance mode on node ${NODE_ID}"
- CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"
+
+ echo "Setting maintenance mode on node ${NODE_ID}"
+ CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"
until [ "${status:-}" = '"200"' ]; do
status=$(${CURL_MAINTENANCE_PUT_CMD})
sleep 0.5
done
-
+
until [ "${finished:-}" = "true" ] || [ "${draining:-}" = "false" ]; do
res=$(${CURL_MAINTENANCE_GET_CMD})
finished=$(echo $res | grep -o '\"finished\":[^,}]*' | grep -o '[^: ]*$')
diff --git a/index.yaml b/index.yaml
index 492d3043d..f6dec6f2f 100644
--- a/index.yaml
+++ b/index.yaml
@@ -80,6 +80,51 @@ entries:
- assets/datawiza/access-broker-0.1.1.tgz
version: 0.1.1
airflow:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Airflow
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: airflow
+ category: WorkFlow
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 2.5.1
+ created: "2023-01-31T17:19:02.561710053Z"
+ dependencies:
+ - condition: redis.enabled
+ name: redis
+ repository: file://./charts/redis
+ version: 17.x.x
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 12.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Airflow is a tool to express and execute workflows as directed
+ acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task
+ progress and handle task dependencies.
+ digest: f0f724d331fb22ba41eb50549fbe891d99b3f0744805b8feae5db4705349ff27
+ home: https://github.com/bitnami/charts/tree/main/bitnami/airflow
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg
+ keywords:
+ - apache
+ - airflow
+ - workflow
+ - dag
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: airflow
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/airflow
+ - https://airflow.apache.org/
+ urls:
+ - assets/bitnami/airflow-14.0.10.tgz
+ version: 14.0.10
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Airflow
@@ -556,6 +601,42 @@ entries:
- assets/ambassador/ambassador-6.7.1100.tgz
version: 6.7.1100
argo-cd:
+ - annotations:
+ artifacthub.io/changes: |
+ - kind: fixed
+ description: Align changelog structure to show changelogs on Artifact Hub
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Argo CD
+ catalog.cattle.io/kube-version: '>=1.22.0-0'
+ catalog.cattle.io/release-name: argo-cd
+ apiVersion: v2
+ appVersion: v2.5.9
+ created: "2023-01-31T17:19:02.014032882Z"
+ dependencies:
+ - condition: redis-ha.enabled
+ name: redis-ha
+ repository: file://./charts/redis-ha
+ version: 4.22.4
+ description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery
+ tool for Kubernetes.
+ digest: 4ba993841e6b0165409af2f453d79c3651fab02cdc76e55899089e43ff5f4f92
+ home: https://github.com/argoproj/argo-helm
+ icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
+ keywords:
+ - argoproj
+ - argocd
+ - gitops
+ kubeVersion: '>=1.22.0-0'
+ maintainers:
+ - name: argoproj
+ url: https://argoproj.github.io/
+ name: argo-cd
+ sources:
+ - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
+ - https://github.com/argoproj/argo-cd
+ urls:
+ - assets/argo/argo-cd-5.19.12.tgz
+ version: 5.19.12
- annotations:
artifacthub.io/changes: |
- "[Added]: Added logFormat, logLevel and extraArgs to Slack bot"
@@ -1472,6 +1553,39 @@ entries:
- assets/argo/argo-cd-5.8.0.tgz
version: 5.8.0
artifactory-ha:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: JFrog Artifactory HA
+ catalog.cattle.io/kube-version: '>= 1.14.0-0'
+ catalog.cattle.io/release-name: artifactory-ha
+ apiVersion: v2
+ appVersion: 7.49.6
+ created: "2023-01-31T17:19:05.25887462Z"
+ dependencies:
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 10.3.18
+ description: Universal Repository Manager supporting all major packaging formats,
+ build tools and CI servers.
+ digest: b34e0e1af71fd9620589e2e3f507bd5c3da5e8961f560c4a83fef4a18ac75dcd
+ home: https://www.jfrog.com/artifactory/
+ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png
+ keywords:
+ - artifactory
+ - jfrog
+ - devops
+ kubeVersion: '>= 1.14.0-0'
+ maintainers:
+ - email: installers@jfrog.com
+ name: Chart Maintainers at JFrog
+ name: artifactory-ha
+ sources:
+ - https://github.com/jfrog/charts
+ type: application
+ urls:
+ - assets/jfrog/artifactory-ha-107.49.6.tgz
+ version: 107.49.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
@@ -1928,6 +2042,40 @@ entries:
- assets/jfrog/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: JFrog Container Registry
+ catalog.cattle.io/kube-version: '>= 1.14.0-0'
+ catalog.cattle.io/release-name: artifactory-jcr
+ apiVersion: v2
+ appVersion: 7.49.6
+ created: "2023-01-31T17:19:05.464375452Z"
+ dependencies:
+ - name: artifactory
+ repository: file://./charts/artifactory
+ version: 107.49.6
+ description: JFrog Container Registry
+ digest: 6b67a492bf23866f5013c97440e9912723126653a2e0c3f3159da2c4f9b493d3
+ home: https://jfrog.com/container-registry/
+ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
+ keywords:
+ - artifactory
+ - jfrog
+ - container
+ - registry
+ - devops
+ - jfrog-container-registry
+ kubeVersion: '>= 1.14.0-0'
+ maintainers:
+ - email: helm@jfrog.com
+ name: Chart Maintainers at JFrog
+ name: artifactory-jcr
+ sources:
+ - https://github.com/jfrog/charts
+ type: application
+ urls:
+ - assets/jfrog/artifactory-jcr-107.49.6.tgz
+ version: 107.49.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
@@ -4008,6 +4156,31 @@ entries:
- assets/citrix/citrix-cpx-istio-sidecar-injector-1.11.0.tgz
version: 1.11.0
citrix-cpx-with-ingress-controller:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller
+ catalog.cattle.io/kube-version: '>=v1.16.0-0'
+ catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller
+ apiVersion: v2
+ appVersion: 1.29.5
+ created: "2023-01-31T17:19:03.595225298Z"
+ description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running
+ as sidecar.
+ digest: 4ba2b04429dc71e584c981fb01452b03ecdad399a8de57092711fdd1a46587b7
+ home: https://www.citrix.com
+ icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
+ kubeVersion: '>=v1.16.0-0'
+ maintainers:
+ - email: priyanka.sharma@citrix.com
+ name: priyankash-citrix
+ - email: subash.dangol@citrix.com
+ name: subashd
+ name: citrix-cpx-with-ingress-controller
+ sources:
+ - https://github.com/citrix/citrix-k8s-ingress-controller
+ urls:
+ - assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz
+ version: 1.29.5
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller
@@ -4081,6 +4254,30 @@ entries:
- assets/citrix/citrix-cpx-with-ingress-controller-1.8.2800.tgz
version: 1.8.2800
citrix-ingress-controller:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Citrix Ingress Controller
+ catalog.cattle.io/kube-version: '>=v1.16.0-0'
+ catalog.cattle.io/release-name: citrix-ingress-controller
+ apiVersion: v2
+ appVersion: 1.29.5
+ created: "2023-01-31T17:19:03.605897645Z"
+ description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX.
+ digest: 5dd112bd395139c089286c8b678dc0b71cb35e51f221e746405fce7c630a98ac
+ home: https://www.citrix.com
+ icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
+ kubeVersion: '>=v1.16.0-0'
+ maintainers:
+ - email: priyanka.sharma@citrix.com
+ name: priyankash-citrix
+ - email: subash.dangol@citrix.com
+ name: subashd
+ name: citrix-ingress-controller
+ sources:
+ - https://github.com/citrix/citrix-k8s-ingress-controller
+ urls:
+ - assets/citrix/citrix-ingress-controller-1.29.5.tgz
+ version: 1.29.5
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Citrix Ingress Controller
@@ -4469,6 +4666,36 @@ entries:
- assets/cockroach-labs/cockroachdb-4.1.200.tgz
version: 4.1.200
community-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: MongoDB Community Operator
+ catalog.cattle.io/kube-version: '>=1.16-0'
+ catalog.cattle.io/release-name: community-operator
+ apiVersion: v2
+ appVersion: 0.7.8
+ created: "2023-01-31T17:19:06.050565728Z"
+ dependencies:
+ - condition: community-operator-crds.enabled
+ name: community-operator-crds
+ repository: file://./charts/community-operator-crds
+ version: 0.7.8
+ description: MongoDB Kubernetes Community Operator
+ digest: 34dbf87a12f93768e51a01294642a4414060139c0bfe767106bd0b89865936ca
+ home: https://github.com/mongodb/mongodb-kubernetes-operator
+ icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png
+ keywords:
+ - mongodb
+ - database
+ - nosql
+ kubeVersion: '>=1.16-0'
+ maintainers:
+ - email: support@mongodb.com
+ name: MongoDB
+ name: community-operator
+ type: application
+ urls:
+ - assets/mongodb/community-operator-0.7.8.tgz
+ version: 0.7.8
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: MongoDB Community Operator
@@ -4989,6 +5216,28 @@ entries:
- assets/kubecost/cost-analyzer-1.70.000.tgz
version: 1.70.000
crate-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: CrateDB Operator
+ catalog.cattle.io/release-name: crate-operator
+ apiVersion: v2
+ appVersion: 2.22.0
+ created: "2023-01-31T17:19:03.700627151Z"
+ dependencies:
+ - condition: crate-operator-crds.enabled
+ name: crate-operator-crds
+ repository: file://./charts/crate-operator-crds
+ version: 2.22.0
+ description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
+ digest: 28fd1cfd52017f6dd4fc2eb898e2355fe5dfabc2f73702ff145872b3efba64a1
+ icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
+ maintainers:
+ - name: Crate.io
+ name: crate-operator
+ type: application
+ urls:
+ - assets/crate/crate-operator-2.22.0.tgz
+ version: 2.22.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: CrateDB Operator
@@ -7449,6 +7698,70 @@ entries:
- assets/inaccel/fpga-operator-2.5.201.tgz
version: 2.5.201
gitlab:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: GitLab
+ catalog.cattle.io/release-name: gitlab
+ apiVersion: v1
+ appVersion: 15.8.1
+ created: "2023-01-31T17:19:04.802677835Z"
+ dependencies:
+ - name: gitlab
+ repository: ""
+ version: '*.*.*'
+ - name: certmanager-issuer
+ repository: ""
+ version: '*.*.*'
+ - name: minio
+ repository: ""
+ version: '*.*.*'
+ - name: registry
+ repository: ""
+ version: '*.*.*'
+ - alias: certmanager
+ condition: certmanager.install
+ name: cert-manager
+ repository: https://charts.jetstack.io/
+ version: 1.5.4
+ - condition: prometheus.install
+ name: prometheus
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 15.0.4
+ - condition: postgresql.install
+ name: postgresql
+ repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami
+ version: 8.9.4
+ - condition: gitlab-runner.install
+ name: gitlab-runner
+ repository: https://charts.gitlab.io/
+ version: 0.48.1
+ - condition: global.grafana.enabled
+ name: grafana
+ repository: https://grafana.github.io/helm-charts
+ version: 6.11.0
+ - condition: redis.install
+ name: redis
+ repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami
+ version: 11.3.4
+ - condition: nginx-ingress.enabled
+ name: nginx-ingress
+ repository: ""
+ version: '*.*.*'
+ description: The One DevOps Platform
+ digest: f1a2c78a9b3f772c4c83b87c03b7f47f26196a6bbdf05863d70df4d09bef7922
+ home: https://about.gitlab.com/
+ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
+ keywords:
+ - gitlab
+ maintainers:
+ - email: support@gitlab.com
+ name: GitLab Inc.
+ name: gitlab
+ sources:
+ - https://gitlab.com/gitlab-org/charts/gitlab
+ urls:
+ - assets/gitlab/gitlab-6.8.1.tgz
+ version: 6.8.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: GitLab
@@ -9169,6 +9482,36 @@ entries:
- assets/hpe/hpe-flexvolume-driver-3.1.000.tgz
version: 3.1.000
instana-agent:
+ - annotations:
+ artifacthub.io/links: |
+ - name: Instana website
+ url: https://www.instana.com
+ - name: Instana Helm charts
+ url: https://github.com/instana/helm-charts
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Instana Agent
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: instana-agent
+ apiVersion: v2
+ appVersion: 1.241.0
+ created: "2023-01-31T17:19:05.018442908Z"
+ description: Instana Agent for Kubernetes
+ digest: 37d15c89f734fbe7a0ff86bc451dc8c865146c4e3d59a501fe574ba38bf82641
+ home: https://www.instana.com/
+ icon: https://agents.instana.io/helm/stan-logo-2020.png
+ maintainers:
+ - email: felix.marx@ibm.com
+ name: FelixMarxIBM
+ - email: henning.treu@ibm.com
+ name: htreu
+ - email: torsten.kohn@ibm.com
+ name: tkohn
+ name: instana-agent
+ sources:
+ - https://github.com/instana/instana-agent-docker
+ urls:
+ - assets/instana/instana-agent-1.2.52.tgz
+ version: 1.2.52
- annotations:
artifacthub.io/links: |
- name: Instana website
@@ -11225,6 +11568,48 @@ entries:
- assets/k10/k10-4.5.900.tgz
version: 4.5.900
kafka:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Kafka
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: kafka
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.3.2
+ created: "2023-01-31T17:19:02.919427487Z"
+ dependencies:
+ - condition: zookeeper.enabled
+ name: zookeeper
+ repository: file://./charts/zookeeper
+ version: 11.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Kafka is a distributed streaming platform designed to build
+ real-time pipelines and can be used as a message broker or as a replacement
+ for a log aggregation solution for big data applications.
+ digest: 55196d7aa1115f198f5eae95bbc66d29078e711d942c9b2cee0676698bd57dd3
+ home: https://github.com/bitnami/charts/tree/main/bitnami/kafka
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg
+ keywords:
+ - kafka
+ - zookeeper
+ - streaming
+ - producer
+ - consumer
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: kafka
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/kafka
+ - https://kafka.apache.org/
+ urls:
+ - assets/bitnami/kafka-20.0.6.tgz
+ version: 20.0.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Kafka
@@ -12248,6 +12633,33 @@ entries:
- assets/avesha/kubeslice-worker-0.4.5.tgz
version: 0.4.5
kuma:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Kuma
+ catalog.cattle.io/namespace: kuma-system
+ catalog.cattle.io/release-name: kuma
+ apiVersion: v2
+ appVersion: 2.1.0
+ created: "2023-01-31T17:19:06.028496924Z"
+ description: A Helm chart for the Kuma Control Plane
+ digest: be47b1ea8083ba8d11ba3ece38d7ea2de9e502a9cb2010d301abb286b97ffdd1
+ home: https://github.com/kumahq/kuma
+ icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
+ keywords:
+ - service mesh
+ - control plane
+ maintainers:
+ - email: austin.cawley@gmail.com
+ name: austince
+ - email: jakub.dyszkiewicz@konghq.com
+ name: jakubdyszkiewicz
+ - email: nikolay.nikolaev@konghq.com
+ name: nickolaev
+ name: kuma
+ type: application
+ urls:
+ - assets/kuma/kuma-2.1.0.tgz
+ version: 2.1.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Kuma
@@ -12537,6 +12949,45 @@ entries:
- assets/elastic/logstash-7.17.3.tgz
version: 7.17.3
mariadb:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: MariaDB
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: mariadb
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 10.6.11
+ created: "2023-01-31T17:19:02.962174076Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: MariaDB is an open source, community-developed SQL database server
+ that is widely in use around the world due to its enterprise features, flexibility,
+ and collaboration with leading tech firms.
+ digest: 0541941c15e6a888464f1bd1095394f5cc235282bc72b303907ef8d06d6db8c6
+ home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
+ icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png
+ keywords:
+ - mariadb
+ - mysql
+ - database
+ - sql
+ - prometheus
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: mariadb
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/mariadb
+ - https://github.com/prometheus/mysqld_exporter
+ - https://mariadb.org
+ urls:
+ - assets/bitnami/mariadb-11.4.5.tgz
+ version: 11.4.5
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: MariaDB
@@ -15440,6 +15891,45 @@ entries:
- assets/portworx/portworx-essentials-2.9.100.tgz
version: 2.9.100
postgresql:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: PostgreSQL
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: postgresql
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 15.1.0
+ created: "2023-01-31T17:19:03.036241897Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: PostgreSQL (Postgres) is an open source object-relational database
+ known for reliability and data integrity. ACID-compliant, it supports foreign
+ keys, joins, views, triggers and stored procedures.
+ digest: d9ce79d690607ee5e625808814c12630e4e77fa974754f4b7c752d939d0b6784
+ home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
+ icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg
+ keywords:
+ - postgresql
+ - postgres
+ - database
+ - sql
+ - replication
+ - cluster
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: postgresql
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/postgresql
+ - https://www.postgresql.org/
+ urls:
+ - assets/bitnami/postgresql-12.1.13.tgz
+ version: 12.1.13
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: PostgreSQL
@@ -16632,6 +17122,39 @@ entries:
- assets/bitnami/redis-17.3.7.tgz
version: 17.3.7
redpanda:
+ - annotations:
+ artifacthub.io/images: |
+ - name: redpanda
+ image: vectorized/redpanda:v22.3.10
+ - name: busybox
+ image: busybox:latest
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/links: |
+ - name: Documentation
+ url: https://docs.redpanda.com
+ - name: "Helm (>= 3.6.0)"
+ url: https://helm.sh/docs/intro/install/
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Redpanda
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: redpanda
+ apiVersion: v2
+ appVersion: v22.3.10
+ created: "2023-01-31T17:19:06.455286505Z"
+ description: Redpanda is the real-time engine for modern apps.
+ digest: 0caf22ef303e272e6b3a147fb741e69b89b09f00cda63e331ee3561ce83d6262
+ icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
+ kubeVersion: '>=1.21-0'
+ maintainers:
+ - name: redpanda-data
+ url: https://github.com/orgs/redpanda-data/people
+ name: redpanda
+ sources:
+ - https://github.com/redpanda-data/helm-charts
+ type: application
+ urls:
+ - assets/redpanda/redpanda-2.6.3.tgz
+ version: 2.6.3
- annotations:
artifacthub.io/images: |
- name: redpanda
@@ -17346,6 +17869,39 @@ entries:
- assets/redpanda/redpanda-2.1.7.tgz
version: 2.1.7
s3gw:
+ - annotations:
+ app.aquarist-labs.io/name: s3gw
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: S3 Gateway
+ catalog.cattle.io/experimental: "true"
+ catalog.cattle.io/kube-version: '>=1.14'
+ catalog.cattle.io/namespace: s3gw
+ catalog.cattle.io/release-name: s3gw
+ apiVersion: v2
+ appVersion: latest
+ created: "2023-01-31T17:19:01.715240151Z"
+ description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s
+ Kubernetes. '
+ digest: 37c3d885aab46174c2b894dff0c3b30bb92c01ed40e47085b676ce4ace58d6b0
+ home: https://github.com/aquarist-labs/s3gw
+ icon: https://raw.githubusercontent.com/aquarist-labs/aquarium-website/gh-pages/images/logo-xl.png
+ keywords:
+ - storage
+ - s3
+ kubeVersion: '>=1.14'
+ maintainers:
+ - email: s3gw@suse.com
+ name: s3gw maintainers
+ url: https://github.com/orgs/aquarist-labs/projects/5
+ name: s3gw
+ sources:
+ - https://github.com/aquarist-labs/s3gw-charts
+ - https://github.com/aquarist-labs/s3gw
+ - https://github.com/aquarist-labs/ceph
+ type: application
+ urls:
+ - assets/aquarist-labs/s3gw-0.11.0.tgz
+ version: 0.11.0
- annotations:
app.aquarist-labs.io/name: s3gw
catalog.cattle.io/certified: partner
@@ -17775,6 +18331,41 @@ entries:
- assets/shipa/shipa-1.4.0.tgz
version: 1.4.0
spark:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Spark
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: spark
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.3.1
+ created: "2023-01-31T17:19:03.224744394Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Spark is a high-performance engine for large-scale computing
+ tasks, such as data processing, machine learning and real-time data streaming.
+ It includes APIs for Java, Python, Scala and R.
+ digest: 9d8da6521bfc9c1e11e411008b29a1e7ac194f3865c326eb05177a52460e027b
+ home: https://github.com/bitnami/charts/tree/main/bitnami/spark
+ icon: https://www.apache.org/logos/res/spark/default.png
+ keywords:
+ - apache
+ - spark
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: spark
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/spark
+ - https://spark.apache.org/
+ urls:
+ - assets/bitnami/spark-6.3.16.tgz
+ version: 6.3.16
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Spark
@@ -19037,6 +19628,45 @@ entries:
- assets/intel/tcs-issuer-0.1.0.tgz
version: 0.1.0
tomcat:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Tomcat
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: tomcat
+ category: ApplicationServer
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 10.1.5
+ created: "2023-01-31T17:19:03.251024556Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Tomcat is an open-source web server designed to host and run
+ Java-based web applications. It is a lightweight server with a good performance
+ for applications running in production environments.
+ digest: 9096ea510f1d9aeba7128720c6f1dfb305f75e6c895c54a3660adc5f9e0822a9
+ home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg
+ keywords:
+ - tomcat
+ - java
+ - http
+ - web
+ - application server
+ - jsp
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: tomcat
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/tomcat
+ - http://tomcat.apache.org
+ urls:
+ - assets/bitnami/tomcat-10.5.10.tgz
+ version: 10.5.10
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Tomcat
@@ -20107,7 +20737,7 @@ entries:
urls:
- assets/universal-crossplane/universal-crossplane-1.2.200100.tgz
version: 1.2.200100
- vals-operator:
+ vals-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Vals-Operator
@@ -20359,6 +20989,54 @@ entries:
- assets/hashicorp/vault-0.22.0.tgz
version: 0.22.0
wordpress:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: WordPress
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: wordpress
+ category: CMS
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 6.1.1
+ created: "2023-01-31T17:19:03.485199982Z"
+ dependencies:
+ - condition: memcached.enabled
+ name: memcached
+ repository: file://./charts/memcached
+ version: 6.x.x
+ - condition: mariadb.enabled
+ name: mariadb
+ repository: file://./charts/mariadb
+ version: 11.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: WordPress is the world's most popular blogging and content management
+ platform. Powerful yet simple, everyone from students to global corporations
+ use it to build beautiful, functional websites.
+ digest: ec88d91bc86d99b958092111a6080c133d69f661cba9b05c5a1bd82edc6a1459
+ home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress
+ icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png
+ keywords:
+ - application
+ - blog
+ - cms
+ - http
+ - php
+ - web
+ - wordpress
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: wordpress
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/wordpress
+ - https://wordpress.org/
+ urls:
+ - assets/bitnami/wordpress-15.2.36.tgz
+ version: 15.2.36
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: WordPress
@@ -21404,6 +22082,39 @@ entries:
- assets/netfoundry/ziti-host-1.5.1.tgz
version: 1.5.1
zookeeper:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Zookeeper
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: zookeeper
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.8.1
+ created: "2023-01-31T17:19:03.563092456Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache ZooKeeper provides a reliable, centralized register of configuration
+ data and services for distributed applications.
+ digest: 71feb7318511ace3c77fee89c2ae2fd991abe8d2b61271c2debe07c3c6350f0d
+ home: https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg
+ keywords:
+ - zookeeper
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: zookeeper
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
+ - https://zookeeper.apache.org/
+ urls:
+ - assets/bitnami/zookeeper-11.1.2.tgz
+ version: 11.1.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Zookeeper