andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  amd/amd-gpu:
    - 0.10.0
  argo/argo-cd:
    - 5.51.0
  bitnami/airflow:
    - 16.1.0
  bitnami/cassandra:
    - 10.6.0
  bitnami/kafka:
    - 26.2.1
  bitnami/mysql:
    - 9.14.2
  bitnami/postgresql:
    - 13.2.1
  bitnami/redis:
    - 18.2.1
  bitnami/spark:
    - 8.1.0
  bitnami/tomcat:
    - 10.11.0
  bitnami/wordpress:
    - 18.1.3
  bitnami/zookeeper:
    - 12.3.0
  crowdstrike/falcon-sensor:
    - 1.23.1
  datadog/datadog:
    - 3.43.1
  f5/nginx-ingress:
    - 1.0.2
  haproxy/haproxy:
    - 1.34.0
  harbor/harbor:
    - 1.13.1
  hashicorp/consul:
    - 1.2.3
  kasten/k10:
    - 6.0.12
  kong/kong:
    - 2.31.0
  kubecost/cost-analyzer:
    - 1.107.0
  nats/nats:
    - 1.1.4
  redpanda/redpanda:
    - 5.6.38
  speedscale/speedscale-operator:
    - 1.4.0
  sysdig/sysdig:
    - 1.16.20
  weka/csi-wekafsplugin:
    - 2.3.1
```
pull/934/head
github-actions[bot] 2023-11-06 14:48:59 +00:00
parent f4bff192fd
commit 9360591e81
295 changed files with 6849 additions and 2062 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/amd/amd-gpu-0.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.49.0.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.51.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-10.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-26.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.14.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-13.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-18.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-8.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-18.1.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-12.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/crowdstrike/falcon-sensor-1.23.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.43.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.34.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/harbor/harbor-1.13.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/consul-1.2.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.0.1201.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.31.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.4.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.107.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-1.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.6.38.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.4.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.20.tgz Normal file
View File

Binary file not shown.

BIN
assets/weka/csi-wekafsplugin-2.3.1.tgz Normal file
View File

Binary file not shown.

6
charts/amd/amd-gpu/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: node-feature-discovery - name: node-feature-discovery
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
version: 0.13.3 version: 0.14.3
digest: sha256:a4f46d22c9ecd5b82cc2ed17da0c34b0e4936f6365bb61b474ec2780e9af3636 digest: sha256:a1651e3e727f3f60f286930ab341af1009cce742b181d19b9ec75d392c5c339b
generated: "2023-08-23T02:41:44.856348249Z" generated: "2023-11-03T05:15:42.351779792Z"

4
charts/amd/amd-gpu/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.18.0-0' catalog.cattle.io/kube-version: '>= 1.18.0-0'
catalog.cattle.io/release-name: amd-gpu catalog.cattle.io/release-name: amd-gpu
apiVersion: v2 apiVersion: v2
appVersion: 1.25.2.4 appVersion: 1.25.2.5
dependencies: dependencies:
- condition: nfd.enabled - condition: nfd.enabled
name: node-feature-discovery name: node-feature-discovery
@ -25,4 +25,4 @@ name: amd-gpu
sources: sources:
- https://github.com/RadeonOpenCompute/k8s-device-plugin - https://github.com/RadeonOpenCompute/k8s-device-plugin
type: application type: application
version: 0.9.0 version: 0.10.0

2
charts/amd/amd-gpu/README.md
View File

@ -1,6 +1,6 @@
# AMD GPU Helm Chart # AMD GPU Helm Chart
![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.4](https://img.shields.io/badge/AppVersion-1.25.2.4-informational?style=flat-square) ![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.5](https://img.shields.io/badge/AppVersion-1.25.2.5-informational?style=flat-square)
A Helm chart for deploying Kubernetes AMD GPU device plugin A Helm chart for deploying Kubernetes AMD GPU device plugin

4
charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: v0.13.3 appVersion: v0.14.3
description: 'Detects hardware features available on each node in a Kubernetes cluster, description: 'Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels. ' and advertises those features using node labels. '
home: https://github.com/kubernetes-sigs/node-feature-discovery home: https://github.com/kubernetes-sigs/node-feature-discovery
@ -11,4 +11,4 @@ name: node-feature-discovery
sources: sources:
- https://github.com/kubernetes-sigs/node-feature-discovery - https://github.com/kubernetes-sigs/node-feature-discovery
type: application type: application
version: 0.13.3 version: 0.14.3

2
charts/amd/amd-gpu/charts/node-feature-discovery/README.md
View File

@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs. range of vendor and application specific node labeling needs.
See See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.13/deployment/helm.html) [NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.14/deployment/helm.html)
for deployment instructions. for deployment instructions.

6
charts/amd/amd-gpu/charts/node-feature-discovery/crds/nfd-api-crds.yaml
View File

@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.12.1
creationTimestamp: null
name: nodefeatures.nfd.k8s-sigs.io name: nodefeatures.nfd.k8s-sigs.io
spec: spec:
group: nfd.k8s-sigs.io group: nfd.k8s-sigs.io
@ -114,8 +113,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.12.1
creationTimestamp: null
name: nodefeaturerules.nfd.k8s-sigs.io name: nodefeaturerules.nfd.k8s-sigs.io
spec: spec:
group: nfd.k8s-sigs.io group: nfd.k8s-sigs.io

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/_helpers.tpl
View File

@ -96,12 +96,12 @@ Create the name of the service account which topologyUpdater will use
{{- end -}} {{- end -}}
{{/* {{/*
Create the name of the service account which topologyGC will use Create the name of the service account which nfd-gc will use
*/}} */}}
{{- define "node-feature-discovery.topologyGC.serviceAccountName" -}} {{- define "node-feature-discovery.gc.serviceAccountName" -}}
{{- if .Values.topologyGC.serviceAccount.create -}} {{- if .Values.gc.serviceAccount.create -}}
{{ default (printf "%s-topology-gc" (include "node-feature-discovery.fullname" .)) .Values.topologyGC.serviceAccount.name }} {{ default (printf "%s-gc" (include "node-feature-discovery.fullname" .)) .Values.gc.serviceAccount.name }}
{{- else -}} {{- else -}}
{{ default "default" .Values.topologyGC.serviceAccount.name }} {{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

28
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrole.yaml
View File

@ -25,10 +25,25 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
{{- end }} {{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
@ -65,12 +80,12 @@ rules:
- update - update
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
--- ---
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:
@ -94,4 +109,11 @@ rules:
verbs: verbs:
- delete - delete
- list - list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
{{- end }} {{- end }}

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrolebinding.yaml
View File

@ -15,8 +15,8 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -33,20 +33,20 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
--- ---
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }} name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}

26
charts/amd/amd-gpu/charts/node-feature-discovery/templates/master.yaml
View File

@ -6,8 +6,10 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: master role: master
{{- with .Values.master.deploymentAnnotations }}
annotations: annotations:
{{- toYaml .Values.master.deploymentAnnotations | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.master.replicaCount }} replicas: {{ .Values.master.replicaCount }}
selector: selector:
@ -19,8 +21,10 @@ spec:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: master role: master
{{- with .Values.master.annotations }}
annotations: annotations:
{{- toYaml .Values.master.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
@ -66,6 +70,8 @@ spec:
ports: ports:
- containerPort: {{ .Values.master.port | default "8080" }} - containerPort: {{ .Values.master.port | default "8080" }}
name: grpc name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
env: env:
- name: NODE_NAME - name: NODE_NAME
valueFrom: valueFrom:
@ -80,8 +86,10 @@ spec:
- "-instance={{ .Values.master.instance }}" - "-instance={{ .Values.master.instance }}"
{{- end }} {{- end }}
- "-port={{ .Values.master.port | default "8080" }}" - "-port={{ .Values.master.port | default "8080" }}"
{{- if .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api" - "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election"
{{- end }} {{- end }}
{{- if .Values.master.extraLabelNs | empty | not }} {{- if .Values.master.extraLabelNs | empty | not }}
- "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}" - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
@ -99,16 +107,23 @@ spec:
- "-crd-controller={{ .Values.master.crdController }}" - "-crd-controller={{ .Values.master.crdController }}"
{{- else }} {{- else }}
## By default, disable crd controller for other than the default instances ## By default, disable crd controller for other than the default instances
- "-featurerules-controller={{ .Values.master.instance | empty }}" - "-crd-controller={{ .Values.master.instance | empty }}"
{{- end }} {{- end }}
{{- if .Values.master.featureRulesController | kindIs "invalid" | not }} {{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
- "-featurerules-controller={{ .Values.master.featureRulesController }}" - "-featurerules-controller={{ .Values.master.featureRulesController }}"
{{- end }} {{- end }}
{{- if .Values.master.resyncPeriod }}
- "-resync-period={{ .Values.master.resyncPeriod }}"
{{- end }}
{{- if .Values.master.nfdApiParallelism | empty | not }}
- "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
{{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }} {{- end }}
- "-metrics={{ .Values.master.metricsPort | default "8081" }}"
volumeMounts: volumeMounts:
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- name: nfd-master-cert - name: nfd-master-cert
@ -130,7 +145,6 @@ spec:
items: items:
- key: nfd-master.conf - key: nfd-master.conf
path: nfd-master.conf path: nfd-master.conf
{{- with .Values.master.nodeSelector }} {{- with .Values.master.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

46
charts/amd/amd-gpu/charts/node-feature-discovery/templates/topology-gc.yaml → charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-gc.yaml
View File

@ -1,36 +1,42 @@
{{- if and .Values.topologyGC.enable .Values.topologyUpdater.enable -}} {{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: topology-gc role: gc
{{- with .Values.gc.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.topologyGC.replicaCount | default 1 }} replicas: {{ .Values.gc.replicaCount | default 1 }}
selector: selector:
matchLabels: matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: topology-gc role: gc
template: template:
metadata: metadata:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-gc role: gc
{{- with .Values.gc.annotations }}
annotations: annotations:
{{- toYaml .Values.topologyGC.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
serviceAccountName: {{ .Values.topologyGC.serviceAccountName | default "nfd-topology-gc" }} serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
securityContext: securityContext:
{{- toYaml .Values.topologyGC.podSecurityContext | nindent 8 }} {{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
containers: containers:
- name: topology-gc - name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env: env:
@ -39,25 +45,29 @@ spec:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
command: command:
- "nfd-topology-gc" - "nfd-gc"
args: args:
{{- if .Values.topologyGC.interval | empty | not }} {{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.topologyGC.interval }}" - "-gc-interval={{ .Values.gc.interval }}"
{{- end }} {{- end }}
resources: resources:
{{- toYaml .Values.topologyGC.resources | nindent 12 }} {{- toYaml .Values.gc.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.topologyGC.securityContext | nindent 12 }} allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with .Values.topologyGC.nodeSelector }} {{- with .Values.gc.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.topologyGC.affinity }} {{- with .Values.gc.affinity }}
affinity: affinity:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.topologyGC.tolerations }} {{- with .Values.gc.tolerations }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

26
charts/amd/amd-gpu/charts/node-feature-discovery/templates/prometheus.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.prometheus.enable }}
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "node-feature-discovery.fullname" . }}
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
{{- with .Values.prometheus.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
podMetricsEndpoints:
- honorLabels: true
interval: 10s
path: /metrics
port: metrics
scheme: http
namespaceSelector:
matchNames:
- {{ include "node-feature-discovery.namespace" . }}
selector:
matchExpressions:
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }}

1
charts/amd/amd-gpu/charts/node-feature-discovery/templates/role.yaml
View File

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-worker name: {{ include "node-feature-discovery.fullname" . }}-worker
namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:

1
charts/amd/amd-gpu/charts/node-feature-discovery/templates/rolebinding.yaml
View File

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-worker name: {{ include "node-feature-discovery.fullname" . }}-worker
namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef: roleRef:

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/serviceaccount.yaml
View File

@ -12,8 +12,8 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -27,23 +27,23 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
--- ---
{{- if and .Values.topologyGC.enable .Values.topologyGC.serviceAccount.create .Values.topologyUpdater.enable }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }} name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
{{- with .Values.topologyUpdater.serviceAccount.annotations }} {{- with .Values.gc.serviceAccount.annotations }}
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
---
{{- if .Values.worker.serviceAccount.create }} {{- if .Values.worker.serviceAccount.create }}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

16
charts/amd/amd-gpu/charts/node-feature-discovery/templates/topologyupdater.yaml
View File

@ -7,6 +7,10 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: topology-updater role: topology-updater
{{- with .Values.topologyUpdater.daemonsetAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -17,8 +21,10 @@ spec:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-updater role: topology-updater
{{- with .Values.topologyUpdater.annotations }}
annotations: annotations:
{{- toYaml .Values.topologyUpdater.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
@ -37,6 +43,10 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: NODE_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
command: command:
- "nfd-topology-updater" - "nfd-topology-updater"
args: args:
@ -66,6 +76,10 @@ spec:
# Disable kubelet state tracking by giving an empty path # Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir=" - "-kubelet-state-dir="
{{- end }} {{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
volumeMounts: volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config - name: kubelet-config

16
charts/amd/amd-gpu/charts/node-feature-discovery/templates/worker.yaml
View File

@ -6,8 +6,10 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: worker role: worker
{{- with .Values.worker.daemonsetAnnotations }}
annotations: annotations:
{{- toYaml .Values.worker.daemonsetAnnotations | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -18,8 +20,10 @@ spec:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: worker role: worker
{{- with .Values.worker.annotations }}
annotations: annotations:
{{- toYaml .Values.worker.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
@ -46,14 +50,18 @@ spec:
- "nfd-worker" - "nfd-worker"
args: args:
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
{{- if .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api" - "-enable-nodefeature-api=false"
{{- end }} {{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }} {{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
volumeMounts: volumeMounts:
- name: host-boot - name: host-boot
mountPath: "/host-boot" mountPath: "/host-boot"

47
charts/amd/amd-gpu/charts/node-feature-discovery/values.yaml
View File

@ -10,7 +10,7 @@ nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
namespaceOverride: "" namespaceOverride: ""
enableNodeFeatureApi: false enableNodeFeatureApi: true
master: master:
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
@ -20,17 +20,43 @@ master:
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false # enableTaints: false
# labelWhiteList: "foo" # labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE> ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080 # The TCP port that nfd-master listens for incoming requests. Default: 8080
port: 8080 port: 8080
metricsPort: 8081
instance: instance:
featureApi: featureApi:
resyncPeriod:
denyLabelNs: [] denyLabelNs: []
extraLabelNs: [] extraLabelNs: []
resourceLabels: [] resourceLabels: []
enableTaints: false enableTaints: false
crdController: null crdController: null
featureRulesController: null featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {} deploymentAnnotations: {}
replicaCount: 1 replicaCount: 1
@ -154,6 +180,7 @@ worker:
# - "SSE4" # - "SSE4"
# - "SSE42" # - "SSE42"
# - "SSSE3" # - "SSSE3"
# - "TDX_GUEST"
# attributeWhitelist: # attributeWhitelist:
# kernel: # kernel:
# kconfigFile: "/path/to/kconfig" # kconfigFile: "/path/to/kconfig"
@ -183,7 +210,7 @@ worker:
# - "vendor" # - "vendor"
# - "device" # - "device"
# local: # local:
# hooksEnabled: true # hooksEnabled: false
# custom: # custom:
# # The following feature demonstrates the capabilities of the matchFeatures # # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule" # - name: "my custom rule"
@ -332,6 +359,7 @@ worker:
# #
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE> ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
daemonsetAnnotations: {} daemonsetAnnotations: {}
podSecurityContext: {} podSecurityContext: {}
# fsGroup: 2000 # fsGroup: 2000
@ -404,6 +432,7 @@ topologyUpdater:
rbac: rbac:
create: true create: true
metricsPort: 8081
kubeletConfigPath: kubeletConfigPath:
kubeletPodResourcesSockPath: kubeletPodResourcesSockPath:
updateInterval: 60s updateInterval: 60s
@ -433,10 +462,11 @@ topologyUpdater:
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
annotations: {} annotations: {}
daemonsetAnnotations: {}
affinity: {} affinity: {}
podSetFingerprint: true podSetFingerprint: true
topologyGC: gc:
enable: true enable: true
replicaCount: 1 replicaCount: 1
@ -450,12 +480,6 @@ topologyGC:
interval: 1h interval: 1h
podSecurityContext: {} podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
@ -472,6 +496,7 @@ topologyGC:
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
annotations: {} annotations: {}
deploymentAnnotations: {}
affinity: {} affinity: {}
# Optionally use encryption for worker <--> master comms # Optionally use encryption for worker <--> master comms
@ -482,3 +507,7 @@ topologyGC:
tls: tls:
enable: false enable: false
certManager: false certManager: false
prometheus:
enable: false
labels: {}

4
charts/amd/amd-gpu/values.yaml
View File

@ -10,13 +10,13 @@ dp:
image: image:
repository: docker.io/rocm/k8s-device-plugin repository: docker.io/rocm/k8s-device-plugin
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: "1.25.2.4" tag: "1.25.2.5"
resources: {} resources: {}
lbl: lbl:
image: image:
repository: docker.io/rocm/k8s-device-plugin repository: docker.io/rocm/k8s-device-plugin
tag: "labeller-1.25.2.4" tag: "labeller-1.25.2.5"
resources: {} resources: {}
imagePullSecrets: [] imagePullSecrets: []

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: added - kind: changed
description: Add notification cluster role support description: Upgrade Argo CD to v2.9.0
artifacthub.io/signKey: | artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd catalog.cattle.io/release-name: argo-cd
apiVersion: v2 apiVersion: v2
appVersion: v2.8.5 appVersion: v2.9.0
dependencies: dependencies:
- condition: redis-ha.enabled - condition: redis-ha.enabled
name: redis-ha name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources: sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
version: 5.49.0 version: 5.51.0

12
charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
View File

@ -90,6 +90,18 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.annotations
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.labels
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

2
charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }} {{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:

2
charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }} {{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:

12
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -231,6 +231,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm name: argocd-cmd-params-cm
optional: true optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.helm.manifest.max.extracted.size
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED - name: ARGOCD_GIT_MODULES_ENABLED
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

1
charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml
View File

@ -40,6 +40,7 @@ rules:
- argoproj.io - argoproj.io
resources: resources:
- applications - applications
- applicationsets
verbs: verbs:
- get - get
- list - list

389
charts/argo/argo-cd/templates/crds/crd-application.yaml
View File

@ -359,6 +359,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -657,6 +688,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -797,7 +859,8 @@ spec:
properties: properties:
name: name:
description: Name is an alternate way of specifying the target description: Name is an alternate way of specifying the target
cluster by its symbolic name cluster by its symbolic name. This must be set if Server is
not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace for the description: Namespace specifies the target namespace for the
@ -805,8 +868,9 @@ spec:
namespace-scoped resources that have not set a value for .metadata.namespace namespace-scoped resources that have not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster and description: Server specifies the URL of the target cluster's
must be set to the Kubernetes control plane API Kubernetes control plane API. This must be set if Name is not
set.
type: string type: string
type: object type: object
ignoreDifferences: ignoreDifferences:
@ -1067,6 +1131,37 @@ spec:
description: Namespace sets the namespace that Kustomize adds description: Namespace sets the namespace that Kustomize adds
to all resources to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas override description: Replicas is a list of Kustomize Replicas override
specifications specifications
@ -1355,6 +1450,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas override description: Replicas is a list of Kustomize Replicas override
specifications specifications
@ -1796,6 +1922,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2097,6 +2254,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2542,6 +2730,37 @@ spec:
description: Namespace sets the namespace that description: Namespace sets the namespace that
Kustomize adds to all resources Kustomize adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2860,6 +3079,38 @@ spec:
description: Namespace sets the namespace that description: Namespace sets the namespace that
Kustomize adds to all resources Kustomize adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize
patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize description: Replicas is a list of Kustomize
Replicas override specifications Replicas override specifications
@ -3292,6 +3543,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -3603,6 +3885,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -3804,7 +4117,8 @@ spec:
properties: properties:
name: name:
description: Name is an alternate way of specifying the description: Name is an alternate way of specifying the
target cluster by its symbolic name target cluster by its symbolic name. This must be set
if Server is not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace description: Namespace specifies the target namespace
@ -3813,8 +4127,9 @@ spec:
not set a value for .metadata.namespace not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster description: Server specifies the URL of the target cluster's
and must be set to the Kubernetes control plane API Kubernetes control plane API. This must be set if Name
is not set.
type: string type: string
type: object type: object
ignoreDifferences: ignoreDifferences:
@ -4056,6 +4371,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -4367,6 +4713,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications

1471
charts/argo/argo-cd/templates/crds/crd-applicationset.yaml
View File

File diff suppressed because it is too large Load Diff

2
charts/bitnami/airflow/Chart.yaml
View File

@ -50,4 +50,4 @@ maintainers:
name: airflow name: airflow
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow - https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.0.7 version: 16.1.0

24
charts/bitnami/airflow/README.md
View File

@ -109,7 +109,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow web parameters ### Airflow web parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` | | `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` | | `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
@ -154,6 +154,10 @@ The command removes all the Kubernetes components associated with the chart and
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | | `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | | `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | | `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
| `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` |
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | | `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
| `web.hostAliases` | Deployment pod host aliases | `[]` | | `web.hostAliases` | Deployment pod host aliases | `[]` |
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | | `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
@ -183,7 +187,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow scheduler parameters ### Airflow scheduler parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` | | `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` | | `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
@ -207,6 +211,10 @@ The command removes all the Kubernetes components associated with the chart and
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | | `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | | `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | | `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
| `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` |
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` | | `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | | `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` | | `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
@ -236,7 +244,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow worker parameters ### Airflow worker parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` | | `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` | | `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
@ -279,6 +287,10 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | | `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | | `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` |
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` | | `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
| `worker.hostAliases` | Deployment pod host aliases | `[]` | | `worker.hostAliases` | Deployment pod host aliases | `[]` |
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` | | `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
@ -405,7 +417,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow metrics parameters ### Airflow metrics parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` | | `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` | | `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
@ -423,6 +435,10 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` | | `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` | | `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` | | `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |

40
charts/bitnami/airflow/values.yaml
View File

@ -311,11 +311,21 @@ web:
## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context ## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context
## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser ## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser
## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot ## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
## @param web.containerSecurityContext.allowPrivilegeEscalation Set web container's Security Context allowPrivilegeEscalation
## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param web.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup ## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
@ -515,11 +525,21 @@ scheduler:
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context ## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser ## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot ## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
## @param scheduler.containerSecurityContext.allowPrivilegeEscalation Set scheduler container's Security Context allowPrivilegeEscalation
## @param scheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param scheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup ## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
@ -767,11 +787,21 @@ worker:
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context ## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser ## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set worker container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup ## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
@ -1331,6 +1361,10 @@ metrics:
## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context ## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## e.g: ## e.g:
## containerSecurityContext: ## containerSecurityContext:
## enabled: true ## enabled: true
@ -1342,6 +1376,12 @@ metrics:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup ## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}

2
charts/bitnami/cassandra/Chart.yaml
View File

@ -35,4 +35,4 @@ maintainers:
name: cassandra name: cassandra
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra - https://github.com/bitnami/charts/tree/main/bitnami/cassandra
version: 10.5.8 version: 10.6.0

53
charts/bitnami/cassandra/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Cassandra in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Cassandra in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -33,9 +35,11 @@ Looking to use Apache Cassandra in production? Try [VMware Application Catalog](
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -78,10 +82,9 @@ The command removes all the Kubernetes components associated with the chart and
### Cassandra parameters ### Cassandra parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | Cassandra image registry | `docker.io` | | `image.registry` | Cassandra image registry | `REGISTRY_NAME` |
| `image.repository` | Cassandra image repository | `bitnami/cassandra` | | `image.repository` | Cassandra image repository | `REPOSITORY_NAME/cassandra` |
| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r71` |
| `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullPolicy` | image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Cassandra image pull secrets | `[]` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` |
@ -115,7 +118,7 @@ The command removes all the Kubernetes components associated with the chart and
### Statefulset parameters ### Statefulset parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | | --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of Cassandra replicas | `1` | | `replicaCount` | Number of Cassandra replicas | `1` |
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | | `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
| `hostAliases` | Add deployment host aliases | `[]` | | `hostAliases` | Add deployment host aliases | `[]` |
@ -135,8 +138,13 @@ The command removes all the Kubernetes components associated with the chart and
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | | `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set Cassandra container's Security Context runAsUser | `1001` | | `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Force the container to be run as non root | `true` | | `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `resources.limits` | The resources limits for Cassandra containers | `{}` | | `resources.limits` | The resources limits for Cassandra containers | `{}` |
| `resources.requests` | The requested resources for Cassandra containers | `{}` | | `resources.requests` | The requested resources for Cassandra containers | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` | | `livenessProbe.enabled` | Enable livenessProbe | `true` |
@ -228,11 +236,10 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------ | | --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -243,11 +250,10 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters ### Metrics parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------------- | | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.registry` | Cassandra exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | | `metrics.image.repository` | Cassandra exporter image name | `REPOSITORY_NAME/cassandra-exporter` |
| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r429` |
| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -299,15 +305,18 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set dbUser.user=admin,dbUser.password=password \ --set dbUser.user=admin,dbUser.password=password \
oci://registry-1.docker.io/bitnamicharts/cassandra oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/cassandra helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details
@ -378,9 +387,11 @@ Find more information about how to deal with common errors related to Bitnami's
It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart: It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart:
```console ```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/cassandra --set dbUser.password=[PASSWORD] helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra --set dbUser.password=[PASSWORD]
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes. | Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes.
### To 9.0.0 ### To 9.0.0

34
charts/bitnami/cassandra/values.yaml
View File

@ -65,9 +65,9 @@ diagnosticMode:
## Bitnami Cassandra image ## Bitnami Cassandra image
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/ ## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
## @param image.registry Cassandra image registry ## @param image.registry [default: REGISTRY_NAME] Cassandra image registry
## @param image.repository Cassandra image repository ## @param image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository
## @param image.tag Cassandra image tag (immutable tags are recommended) ## @skip image.tag Cassandra image tag (immutable tags are recommended)
## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy image pull policy ## @param image.pullPolicy image pull policy
## @param image.pullSecrets Cassandra image pull secrets ## @param image.pullSecrets Cassandra image pull secrets
@ -287,13 +287,25 @@ podSecurityContext:
## Configure Container Security Context (only main container) ## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context ## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
## @param containerSecurityContext.runAsUser Set Cassandra container's Security Context runAsUser ## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root ## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
## @param containerSecurityContext.readOnlyRootFilesystem Set Cassandra containers' Security Context readOnlyRootFilesystem
## @param containerSecurityContext.runAsNonRoot Set Cassandra containers' Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
## Cassandra pods' resource requests and limits ## Cassandra pods' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## Minimum memory for development is 4GB and 2 CPU cores ## Minimum memory for development is 4GB and 2 CPU cores
@ -606,9 +618,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume image registry
## @param volumePermissions.image.repository Init container volume image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume image repository
## @param volumePermissions.image.tag Init container volume image tag (immutable tags are recommended) ## @skip volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume pull policy ## @param volumePermissions.image.pullPolicy Init container volume pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
@ -674,9 +686,9 @@ metrics:
enabled: false enabled: false
## Bitnami Cassandra Exporter image ## Bitnami Cassandra Exporter image
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/ ## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
## @param metrics.image.registry Cassandra exporter image registry ## @param metrics.image.registry [default: REGISTRY_NAME] Cassandra exporter image registry
## @param metrics.image.repository Cassandra exporter image name ## @param metrics.image.repository [default: REPOSITORY_NAME/cassandra-exporter] Cassandra exporter image name
## @param metrics.image.tag Cassandra exporter image tag ## @skip metrics.image.tag Cassandra exporter image tag
## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy image pull policy ## @param metrics.image.pullPolicy image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array

2
charts/bitnami/kafka/Chart.yaml
View File

@ -45,4 +45,4 @@ maintainers:
name: kafka name: kafka
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka - https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 26.2.0 version: 26.2.1

8
charts/bitnami/kafka/README.md
View File

@ -22,7 +22,7 @@ This chart bootstraps a [Kafka](https://github.com/bitnami/containers/tree/main/
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Kafka in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -1169,9 +1169,9 @@ The changes introduced in this version are:
- TLS settings have been moved from `auth.tls.*` to `tls.*`. - TLS settings have been moved from `auth.tls.*` to `tls.*`.
- Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*` - Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*`
- Refactor externalAccess to support the new architecture: - Refactor externalAccess to support the new architecture:
- `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.controller.service.*`. - `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.broker.service.*`.
- Controller pods will not configure externalAccess unless: - Controller pods will not configure externalAccess unless either:
- `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes. - `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes; or
- `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally. - `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally.
#### Upgrading from Kraft mode #### Upgrading from Kraft mode

1
charts/bitnami/kafka/values.yaml
View File

@ -825,7 +825,6 @@ controller:
## ##
broker: broker:
## @param broker.replicaCount Number of Kafka broker-only nodes ## @param broker.replicaCount Number of Kafka broker-only nodes
## Ignore this section if running in Zookeeper mode.
## ##
replicaCount: 0 replicaCount: 0
## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization. ## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization.

2
charts/bitnami/mysql/Chart.yaml
View File

@ -36,4 +36,4 @@ maintainers:
name: mysql name: mysql
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql - https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 9.14.1 version: 9.14.2

2
charts/bitnami/mysql/values.yaml
View File

@ -204,7 +204,7 @@ primary:
## ##
configuration: |- configuration: |-
[mysqld] [mysqld]
default_authentication_plugin={{- .Values.auth.defaultAuthPlugin | default "mysql_native_password" }} default_authentication_plugin={{- .Values.auth.defaultAuthenticationPlugin | default "mysql_native_password" }}
skip-name-resolve skip-name-resolve
explicit_defaults_for_timestamp explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql basedir=/opt/bitnami/mysql

6
charts/bitnami/postgresql/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-05T15:32:13.375699946Z" generated: "2023-11-03T20:45:06.276989379Z"

6
charts/bitnami/postgresql/Chart.yaml
View File

@ -8,9 +8,9 @@ annotations:
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90 image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: postgres-exporter - name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15 image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r0
- name: postgresql - name: postgresql
image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13 image: docker.io/bitnami/postgresql:16.0.0-debian-11-r14
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 16.0.0 appVersion: 16.0.0
@ -38,4 +38,4 @@ maintainers:
name: postgresql name: postgresql
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql - https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 13.1.5 version: 13.2.1

99
charts/bitnami/postgresql/README.md
View File

@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@ -22,7 +24,7 @@ For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitna
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use PostgreSQL in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use PostgreSQL in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -35,9 +37,11 @@ Looking to use PostgreSQL in production? Try [VMware Application Catalog](https:
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -97,10 +101,9 @@ kubectl delete pvc -l release=my-release
### PostgreSQL common parameters ### PostgreSQL common parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` | | `image.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | | `image.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r13` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` | | `image.pullSecrets` | Specify image pull secrets | `[]` |
@ -208,13 +211,14 @@ kubectl delete pvc -l release=my-release
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` | | `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
| `primary.podSecurityContext.enabled` | Enable security context | `true` | | `primary.podSecurityContext.enabled` | Enable security context | `true` |
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `primary.containerSecurityContext.enabled` | Enable container security context | `true` | | `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` | | `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the container | `0` | | `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` | | `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` | | `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `primary.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` | | `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` | | `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
@ -307,13 +311,14 @@ kubectl delete pvc -l release=my-release
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` | | `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` | | `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` | | `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` | | `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `readReplicas.containerSecurityContext.runAsGroup` | Group ID for the container | `0` | | `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` | | `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` | | `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` | | `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `readReplicas.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` | | `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` | | `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` | | `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
@ -382,14 +387,14 @@ kubectl delete pvc -l release=my-release
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` | | `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` | | `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` | | `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
| `backup.cronjob.containerSecurityContext.enabled` | Enable container security context | `true` | | `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `backup.cronjob.containerSecurityContext.runAsUser` | User ID for the backup container | `1001` | | `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `backup.cronjob.containerSecurityContext.runAsGroup` | Group ID for the backup container | `0` | | `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set backup container's Security Context runAsNonRoot | `true` | | `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Is the container itself readonly | `true` | | `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate backup pod(s) privileges | `false` | | `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set backup container's Security Context seccompProfile type | `RuntimeDefault` | | `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `backup.cronjob.containerSecurityContext.capabilities.drop` | Set backup container's Security Context capabilities to drop | `["ALL"]` | | `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` | | `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
| `backup.cronjob.labels` | Set the cronjob labels | `{}` | | `backup.cronjob.labels` | Set the cronjob labels | `{}` |
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` | | `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
@ -426,11 +431,10 @@ kubectl delete pvc -l release=my-release
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -457,23 +461,23 @@ kubectl delete pvc -l release=my-release
### Metrics Parameters ### Metrics Parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------- | | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `REPOSITORY_NAME/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r15` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
| `metrics.customMetrics` | Define additional custom metrics | `{}` | | `metrics.customMetrics` | Define additional custom metrics | `{}` |
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | | `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsGroup` | Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup | `0` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation | `false` | | `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type | `RuntimeDefault` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop | `["ALL"]` | | `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` | | `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | | `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
@ -522,9 +526,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set auth.postgresPassword=secretpassword --set auth.postgresPassword=secretpassword
oci://registry-1.docker.io/bitnamicharts/postgresql oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the PostgreSQL `postgres` account password to `secretpassword`. The above command sets the PostgreSQL `postgres` account password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -533,9 +539,10 @@ The above command sets the PostgreSQL `postgres` account password to `secretpass
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/postgresql helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details

4
charts/bitnami/postgresql/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/postgresql/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

124
charts/bitnami/postgresql/values.yaml
View File

@ -87,9 +87,9 @@ diagnosticMode:
## Bitnami PostgreSQL image version ## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
## @param image.registry PostgreSQL image registry ## @param image.registry [default: REGISTRY_NAME] PostgreSQL image registry
## @param image.repository PostgreSQL image repository ## @param image.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
## @param image.tag PostgreSQL image tag (immutable tags are recommended) ## @skip image.tag PostgreSQL image tag (immutable tags are recommended)
## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy PostgreSQL image pull policy ## @param image.pullPolicy PostgreSQL image pull policy
## @param image.pullSecrets Specify image pull secrets ## @param image.pullSecrets Specify image pull secrets
@ -98,7 +98,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/postgresql repository: bitnami/postgresql
tag: 16.0.0-debian-11-r13 tag: 16.0.0-debian-11-r14
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -458,25 +458,26 @@ primary:
fsGroup: 1001 fsGroup: 1001
## Container Security Context ## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.containerSecurityContext.enabled Enable container security context ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
## @param primary.containerSecurityContext.runAsUser User ID for the container ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param primary.containerSecurityContext.runAsGroup Group ID for the container ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param primary.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop Set capabilities.drop for the container ## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## @param primary.hostAliases PostgreSQL primary pods host aliases ## @param primary.hostAliases PostgreSQL primary pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -821,25 +822,26 @@ readReplicas:
fsGroup: 1001 fsGroup: 1001
## Container Security Context ## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enable container security context ## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
## @param readReplicas.containerSecurityContext.runAsUser User ID for the container ## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param readReplicas.containerSecurityContext.runAsGroup Group ID for the container ## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param readReplicas.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container ## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container ## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param readReplicas.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container ## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param readReplicas.containerSecurityContext.capabilities.drop Set capabilities.drop for the container ## @param readReplicas.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param readReplicas.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## @param readReplicas.hostAliases PostgreSQL read only pods host aliases ## @param readReplicas.hostAliases PostgreSQL read only pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -1108,26 +1110,25 @@ backup:
fsGroup: 1001 fsGroup: 1001
## backup container's Security Context ## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.enabled Enable container security context ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type ## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## @param backup.cronjob.command Set backup container's command to run ## @param backup.cronjob.command Set backup container's command to run
command: command:
- /bin/sh - /bin/sh
@ -1289,9 +1290,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
@ -1390,9 +1391,9 @@ metrics:
## @param metrics.enabled Start a prometheus exporter ## @param metrics.enabled Start a prometheus exporter
## ##
enabled: false enabled: false
## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry ## @param metrics.image.registry [default: REGISTRY_NAME] PostgreSQL Prometheus Exporter image registry
## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository ## @param metrics.image.repository [default: REPOSITORY_NAME/postgres-exporter] PostgreSQL Prometheus Exporter image repository
## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) ## @skip metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy ## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy
## @param metrics.image.pullSecrets Specify image pull secrets ## @param metrics.image.pullSecrets Specify image pull secrets
@ -1400,7 +1401,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/postgres-exporter repository: bitnami/postgres-exporter
tag: 0.14.0-debian-11-r15 tag: 0.15.0-debian-11-r0
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1435,25 +1436,26 @@ metrics:
extraEnvVars: [] extraEnvVars: []
## PostgreSQL Prometheus exporter containers' Security Context ## PostgreSQL Prometheus exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param metrics.containerSecurityContext.seccompProfile.type Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes ## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers ## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers

8
charts/bitnami/redis/Chart.yaml
View File

@ -10,12 +10,12 @@ annotations:
- name: redis-exporter - name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0 image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
- name: redis-sentinel - name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0 image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r0
- name: redis - name: redis
image: docker.io/bitnami/redis:7.2.2-debian-11-r0 image: docker.io/bitnami/redis:7.2.3-debian-11-r0
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 7.2.2 appVersion: 7.2.3
dependencies: dependencies:
- name: common - name: common
repository: file://./charts/common repository: file://./charts/common
@ -37,4 +37,4 @@ maintainers:
name: redis name: redis
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis - https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.2.0 version: 18.2.1

4
charts/bitnami/redis/values.yaml
View File

@ -91,7 +91,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis repository: bitnami/redis
tag: 7.2.2-debian-11-r0 tag: 7.2.3-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1056,7 +1056,7 @@ sentinel:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis-sentinel repository: bitnami/redis-sentinel
tag: 7.2.2-debian-11-r0 tag: 7.2.3-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

4
charts/bitnami/spark/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: Infrastructure category: Infrastructure
images: | images: |
- name: spark - name: spark
image: docker.io/bitnami/spark:3.5.0-debian-11-r10 image: docker.io/bitnami/spark:3.5.0-debian-11-r12
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 3.5.0 appVersion: 3.5.0
@ -30,4 +30,4 @@ maintainers:
name: spark name: spark
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/spark - https://github.com/bitnami/charts/tree/main/bitnami/spark
version: 8.0.2 version: 8.1.0

32
charts/bitnami/spark/README.md
View File

@ -24,7 +24,7 @@ Apache Spark includes APIs for Java, Python, Scala and R.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Spark in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -99,7 +99,7 @@ The command removes all the Kubernetes components associated with the chart and
### Spark master parameters ### Spark master parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` | | `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` |
| `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` | | `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` |
| `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` | | `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` |
@ -116,10 +116,14 @@ The command removes all the Kubernetes components associated with the chart and
| `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` | | `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` |
| `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` | | `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` |
| `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` | | `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` |
| `master.containerSecurityContext.enabled` | Enabled master containers' Security Context | `true` | | `master.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `master.containerSecurityContext.runAsUser` | Set master containers' Security Context runAsUser | `1001` | | `master.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsNonRoot` | Set master containers' Security Context runAsNonRoot | `true` | | `master.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set master containers' Security Context runAsNonRoot | `false` | | `master.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `master.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `master.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `master.command` | Override default container command (useful when using custom images) | `[]` | | `master.command` | Override default container command (useful when using custom images) | `[]` |
| `master.args` | Override default container args (useful when using custom images) | `[]` | | `master.args` | Override default container args (useful when using custom images) | `[]` |
| `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` | | `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
@ -170,7 +174,7 @@ The command removes all the Kubernetes components associated with the chart and
### Spark worker parameters ### Spark worker parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` | | `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` |
| `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` | | `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` |
| `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` | | `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` |
@ -189,13 +193,15 @@ The command removes all the Kubernetes components associated with the chart and
| `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` | | `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` |
| `worker.podSecurityContext.enabled` | Enable security context | `true` | | `worker.podSecurityContext.enabled` | Enable security context | `true` |
| `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` | | `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` |
| `worker.podSecurityContext.runAsUser` | User ID for the container | `1001` |
| `worker.podSecurityContext.runAsGroup` | Group ID for the container | `0` |
| `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` | | `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` |
| `worker.containerSecurityContext.enabled` | Enabled worker containers' Security Context | `true` | | `worker.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `worker.containerSecurityContext.runAsUser` | Set worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set worker containers' Security Context runAsNonRoot | `true` | | `worker.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker containers' Security Context runAsNonRoot | `false` | | `worker.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.command` | Override default container command (useful when using custom images) | `[]` | | `worker.command` | Override default container command (useful when using custom images) | `[]` |
| `worker.args` | Override default container args (useful when using custom images) | `[]` | | `worker.args` | Override default container args (useful when using custom images) | `[]` |
| `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` | | `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` |

42
charts/bitnami/spark/values.yaml
View File

@ -95,7 +95,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/spark repository: bitnami/spark
tag: 3.5.0-debian-11-r10 tag: 3.5.0-debian-11-r12
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -183,16 +183,26 @@ master:
seLinuxOptions: {} seLinuxOptions: {}
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param master.containerSecurityContext.enabled Enabled master containers' Security Context ## @param master.containerSecurityContext.enabled Enabled containers' Security Context
## @param master.containerSecurityContext.runAsUser Set master containers' Security Context runAsUser ## @param master.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsNonRoot Set master containers' Security Context runAsNonRoot ## @param master.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param master.containerSecurityContext.readOnlyRootFilesystem Set master containers' Security Context runAsNonRoot ## @param master.containerSecurityContext.privileged Set container's Security Context privileged
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param master.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param master.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param master.command Override default container command (useful when using custom images) ## @param master.command Override default container command (useful when using custom images)
## ##
command: [] command: []
@ -451,28 +461,34 @@ worker:
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param worker.podSecurityContext.enabled Enable security context ## @param worker.podSecurityContext.enabled Enable security context
## @param worker.podSecurityContext.fsGroup Group ID for the container ## @param worker.podSecurityContext.fsGroup Group ID for the container
## @param worker.podSecurityContext.runAsUser User ID for the container
## @param worker.podSecurityContext.runAsGroup Group ID for the container
## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container ## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
runAsUser: 1001
runAsGroup: 0
seLinuxOptions: {} seLinuxOptions: {}
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param worker.containerSecurityContext.enabled Enabled worker containers' Security Context ## @param worker.containerSecurityContext.enabled Enabled containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set worker containers' Security Context runAsUser ## @param worker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.privileged Set container's Security Context privileged
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.command Override default container command (useful when using custom images) ## @param worker.command Override default container command (useful when using custom images)
## ##
command: [] command: []

6
charts/bitnami/tomcat/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-09T21:56:34.987847613Z" generated: "2023-10-31T12:41:05.52315381+01:00"

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -38,4 +38,4 @@ maintainers:
name: tomcat name: tomcat
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/tomcat - https://github.com/bitnami/charts/tree/main/bitnami/tomcat
version: 10.10.10 version: 10.11.0

74
charts/bitnami/tomcat/README.md
View File

@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps a [Tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps a [Tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@ -22,7 +24,7 @@ Tomcat implements several Java EE specifications including Java Servlet, JavaSer
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Tomcat in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Tomcat in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -36,9 +38,11 @@ Looking to use Apache Tomcat in production? Try [VMware Application Catalog](htt
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -78,10 +82,9 @@ The command removes all the Kubernetes components associated with the chart and
### Tomcat parameters ### Tomcat parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- | | ----------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ |
| `image.registry` | Tomcat image registry | `docker.io` | | `image.registry` | Tomcat image registry | `REGISTRY_NAME` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` | | `image.repository` | Tomcat image repository | `REPOSITORY_NAME/tomcat` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.15-debian-11-r0` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -100,7 +103,7 @@ The command removes all the Kubernetes components associated with the chart and
### Tomcat deployment parameters ### Tomcat deployment parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | ------------------- | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `replicaCount` | Specify number of Tomcat replicas | `1` | | `replicaCount` | Specify number of Tomcat replicas | `1` |
| `deployment.type` | Use Deployment or StatefulSet | `deployment` | | `deployment.type` | Use Deployment or StatefulSet | `deployment` |
| `updateStrategy.type` | StrategyType | `RollingUpdate` | | `updateStrategy.type` | StrategyType | `RollingUpdate` |
@ -108,9 +111,14 @@ The command removes all the Kubernetes components associated with the chart and
| `containerExtraPorts` | Extra ports to expose at container level | `[]` | | `containerExtraPorts` | Extra ports to expose at container level | `[]` |
| `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` | | `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enable Tomcat containers' SecurityContext | `true` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | User ID for the Tomcat container | `1001` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Force user to be root in Tomcat container | `true` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `resources.limits` | The resources limits for the Tomcat container | `{}` | | `resources.limits` | The resources limits for the Tomcat container | `{}` |
| `resources.requests` | The requested resources for the Tomcat container | `{}` | | `resources.requests` | The requested resources for the Tomcat container | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` | | `livenessProbe.enabled` | Enable livenessProbe | `true` |
@ -199,11 +207,10 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r90` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -213,19 +220,23 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters ### Metrics parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` |
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | | `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r95` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.jmx.config` | Configuration file for JMX exporter | `""` | | `metrics.jmx.config` | Configuration file for JMX exporter | `""` |
| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` | | `metrics.jmx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` | | `metrics.jmx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` | | `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.jmx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.jmx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.jmx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.jmx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` | | `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` |
| `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` | | `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` |
| `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` | | `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` |
@ -250,9 +261,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set tomcatUsername=manager,tomcatPassword=password oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatUsername=manager,tomcatPassword=password oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the Tomcat management username and password to `manager` and `password` respectively. The above command sets the Tomcat management username and password to `manager` and `password` respectively.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -260,9 +273,10 @@ The above command sets the Tomcat management username and password to `manager`
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/tomcat helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details
@ -346,9 +360,11 @@ Consequences:
```console ```console
export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d) export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d)
kubectl delete deployments.apps tomcat kubectl delete deployments.apps tomcat
helm upgrade tomcat oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatPassword=$TOMCAT_PASSWORD helm upgrade tomcat oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 7.0.0 ### To 7.0.0
[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. [On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
@ -364,15 +380,19 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below: Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
```console ```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below: If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
```console ```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat --set securityContext.enabled=false,image.tag=XXX helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set securityContext.enabled=false,image.tag=XXX
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 1.0.0 ### To 1.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.

4
charts/bitnami/tomcat/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/tomcat/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

54
charts/bitnami/tomcat/values.yaml
View File

@ -50,9 +50,9 @@ extraDeploy: []
## Bitnami Tomcat image version ## Bitnami Tomcat image version
## ref: https://hub.docker.com/r/bitnami/tomcat/tags/ ## ref: https://hub.docker.com/r/bitnami/tomcat/tags/
## @param image.registry Tomcat image registry ## @param image.registry [default: REGISTRY_NAME] Tomcat image registry
## @param image.repository Tomcat image repository ## @param image.repository [default: REPOSITORY_NAME/tomcat] Tomcat image repository
## @param image.tag Tomcat image tag (immutable tags are recommended) ## @skip image.tag Tomcat image tag (immutable tags are recommended)
## @param image.digest Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Tomcat image pull policy ## @param image.pullPolicy Tomcat image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array ## @param image.pullSecrets Specify docker-registry secret names as an array
@ -159,14 +159,26 @@ podSecurityContext:
fsGroup: 1001 fsGroup: 1001
## Tomcat containers' SecurityContext ## Tomcat containers' SecurityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param containerSecurityContext.enabled Enable Tomcat containers' SecurityContext ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser User ID for the Tomcat container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Force user to be root in Tomcat container ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Tomcat containers' resource requests and limits ## Tomcat containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -575,9 +587,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag ## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
@ -635,9 +647,9 @@ metrics:
catalinaOpts: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true catalinaOpts: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true
## Bitnami JMX exporter image ## Bitnami JMX exporter image
## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/ ## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/
## @param metrics.jmx.image.registry JMX exporter image registry ## @param metrics.jmx.image.registry [default: REGISTRY_NAME] JMX exporter image registry
## @param metrics.jmx.image.repository JMX exporter image repository ## @param metrics.jmx.image.repository [default: REPOSITORY_NAME/jmx-exporter] JMX exporter image repository
## @param metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended) ## @skip metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy ## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy
## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array ## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array
@ -671,13 +683,25 @@ metrics:
attrNameSnakeCase: true attrNameSnakeCase: true
## Prometheus JMX exporter containers' Security Context ## Prometheus JMX exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context ## @param metrics.jmx.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.jmx.containerSecurityContext.runAsUser Set Prometheus JMX exporter containers' Security Context runAsUser ## @param metrics.jmx.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot ## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.jmx.containerSecurityContext.privileged Set container's Security Context privileged
## @param metrics.jmx.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param metrics.jmx.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param metrics.jmx.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.jmx.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Prometheus JMX Exporter' resource requests and limits ## Prometheus JMX Exporter' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90 image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: wordpress - name: wordpress
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5 image: docker.io/bitnami/wordpress:6.3.2-debian-11-r8
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 6.3.2 appVersion: 6.3.2
@ -47,4 +47,4 @@ maintainers:
name: wordpress name: wordpress
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 18.0.12 version: 18.1.3

15
charts/bitnami/wordpress/README.md
View File

@ -172,13 +172,14 @@ The command removes all the Kubernetes components associated with the chart and
| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` | | `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` |
| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` |
| `podSecurityContext.seccompProfile.type` | Set WordPress container's Security Context seccomp profile | `RuntimeDefault` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.enabled` | Enabled WordPress containers' Security Context | `true` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsUser` | Set WordPress container's Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.runAsNonRoot` | Set WordPress container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set WordPress container's privilege escalation | `false` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set WordPress container's Security Context readOnlyRootFilesystem | `false` | | `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set WordPress container's Security Context runAsNonRoot | `["ALL"]` | | `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` | | `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | | `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |

24
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/wordpress repository: bitnami/wordpress
tag: 6.3.2-debian-11-r5 tag: 6.3.2-debian-11-r8
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -402,30 +402,32 @@ extraContainerPorts: []
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled WordPress pods' Security Context ## @param podSecurityContext.enabled Enabled WordPress pods' Security Context
## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup ## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup
## @param podSecurityContext.seccompProfile.type Set WordPress container's Security Context seccomp profile
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
seccompProfile:
type: "RuntimeDefault"
## Configure Container Security Context (only main container) ## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled WordPress containers' Security Context ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set WordPress container's Security Context runAsUser ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set WordPress container's Security Context runAsNonRoot ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Set WordPress container's privilege escalation ## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set WordPress container's Security Context readOnlyRootFilesystem ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.capabilities.drop Set WordPress container's Security Context runAsNonRoot ## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
allowPrivilegeEscalation: false privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ["ALL"] drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for WordPress containers' liveness, readiness and startup probes ## Configure extra options for WordPress containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe on WordPress containers ## @param livenessProbe.enabled Enable livenessProbe on WordPress containers

2
charts/bitnami/zookeeper/Chart.yaml
View File

@ -30,4 +30,4 @@ maintainers:
name: zookeeper name: zookeeper
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.1.6 version: 12.3.0

46
charts/bitnami/zookeeper/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps a [ZooKeeper](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps a [ZooKeeper](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache ZooKeeper in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -33,9 +35,11 @@ Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -79,10 +83,9 @@ The command removes all the Kubernetes components associated with the chart and
### ZooKeeper chart parameters ### ZooKeeper chart parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` | | `image.registry` | ZooKeeper image registry | `REGISTRY_NAME` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | | `image.repository` | ZooKeeper image repository | `REPOSITORY_NAME/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r1` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -126,7 +129,7 @@ The command removes all the Kubernetes components associated with the chart and
### Statefulset parameters ### Statefulset parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of ZooKeeper nodes | `1` | | `replicaCount` | Number of ZooKeeper nodes | `1` |
| `containerPorts.client` | ZooKeeper client container port | `2181` | | `containerPorts.client` | ZooKeeper client container port | `2181` |
| `containerPorts.tls` | ZooKeeper TLS container port | `3181` | | `containerPorts.tls` | ZooKeeper TLS container port | `3181` |
@ -161,10 +164,14 @@ The command removes all the Kubernetes components associated with the chart and
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` | | `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled ZooKeeper containers' Security Context | `true` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set ZooKeeper containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set ZooKeeper containers' Security Context runAsNonRoot | `true` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as nonprivilege | `false` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `hostAliases` | ZooKeeper pods host aliases | `[]` | | `hostAliases` | ZooKeeper pods host aliases | `[]` |
| `podLabels` | Extra labels for ZooKeeper pods | `{}` | | `podLabels` | Extra labels for ZooKeeper pods | `{}` |
| `podAnnotations` | Annotations for ZooKeeper pods | `{}` | | `podAnnotations` | Annotations for ZooKeeper pods | `{}` |
@ -189,6 +196,7 @@ The command removes all the Kubernetes components associated with the chart and
| `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` | | `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` |
| `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` | | `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` |
| `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` | | `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` |
| `enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
### Traffic Exposure parameters ### Traffic Exposure parameters
@ -244,11 +252,10 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -319,9 +326,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set auth.clientUser=newUser \ --set auth.clientUser=newUser \
oci://registry-1.docker.io/bitnamicharts/zookeeper oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the ZooKeeper user to `newUser`. The above command sets the ZooKeeper user to `newUser`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -329,9 +338,10 @@ The above command sets the ZooKeeper user to `newUser`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details

1
charts/bitnami/zookeeper/templates/statefulset.yaml
View File

@ -43,6 +43,7 @@ spec:
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: zookeeper app.kubernetes.io/component: zookeeper
spec: spec:
enableServiceLinks: {{ .Values.enableServiceLinks }}
serviceAccountName: {{ template "zookeeper.serviceAccountName" . }} serviceAccountName: {{ template "zookeeper.serviceAccountName" . }}
{{- include "zookeeper.imagePullSecrets" . | nindent 6 }} {{- include "zookeeper.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }} {{- if .Values.hostAliases }}

35
charts/bitnami/zookeeper/values.yaml
View File

@ -68,9 +68,9 @@ diagnosticMode:
## Bitnami ZooKeeper image version ## Bitnami ZooKeeper image version
## ref: https://hub.docker.com/r/bitnami/zookeeper/tags/ ## ref: https://hub.docker.com/r/bitnami/zookeeper/tags/
## @param image.registry ZooKeeper image registry ## @param image.registry [default: REGISTRY_NAME] ZooKeeper image registry
## @param image.repository ZooKeeper image repository ## @param image.repository [default: REPOSITORY_NAME/zookeeper] ZooKeeper image repository
## @param image.tag ZooKeeper image tag (immutable tags are recommended) ## @skip image.tag ZooKeeper image tag (immutable tags are recommended)
## @param image.digest ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy ZooKeeper image pull policy ## @param image.pullPolicy ZooKeeper image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array ## @param image.pullSecrets Specify docker-registry secret names as an array
@ -332,16 +332,26 @@ podSecurityContext:
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled ZooKeeper containers' Security Context ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set ZooKeeper containers' Security Context runAsUser ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set ZooKeeper containers' Security Context runAsNonRoot ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege ## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param hostAliases ZooKeeper pods host aliases ## @param hostAliases ZooKeeper pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -475,6 +485,11 @@ pdb:
create: false create: false
minAvailable: "" minAvailable: ""
maxUnavailable: 1 maxUnavailable: 1
## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @section Traffic Exposure parameters ## @section Traffic Exposure parameters
@ -653,9 +668,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets

4
charts/crowdstrike/falcon-sensor/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>1.22.0-0' catalog.cattle.io/kube-version: '>1.22.0-0'
catalog.cattle.io/release-name: falcon-sensor catalog.cattle.io/release-name: falcon-sensor
apiVersion: v2 apiVersion: v2
appVersion: 1.22.1 appVersion: 1.23.1
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@ -24,4 +24,4 @@ name: falcon-sensor
sources: sources:
- https://github.com/CrowdStrike/falcon-helm - https://github.com/CrowdStrike/falcon-helm
type: application type: application
version: 1.22.1 version: 1.23.1

34
charts/crowdstrike/falcon-sensor/templates/_helpers.tpl
View File

@ -94,26 +94,30 @@ Create the name of the service account to use
{{- define "falcon-sensor.daemonsetResources" -}} {{- define "falcon-sensor.daemonsetResources" -}}
{{- if .Values.node.gke.autopilot -}} {{- if .Values.node.gke.autopilot -}}
{{- if .Values.node.daemonset.resources -}}
resources: resources:
{{- if .Values.node.daemonset.resources.limits -}} {{- if (.Values.node.daemonset.resources | default dict ).limits }}
limits: limits:
cpu: {{ .Values.node.daemonset.resources.limits.cpu | default "750m" }} cpu: {{ (.Values.node.daemonset.resources.limits | default dict ).cpu | default "750m" }}
memory: {{ .Values.node.daemonset.resources.limits.memory | default "1.5Gi" }} memory: {{ (.Values.node.daemonset.resources.limits | default dict ).memory | default "1.5Gi" }}
ephemeral-storage: {{ (index (.Values.node.daemonset.resources.limits | default dict ) "ephemeral-storage") | default "100Mi" }}
{{- else }}
limits:
cpu: 750m
memory: 1.5Gi
ephemeral-storage: 100Mi
{{- end }} {{- end }}
{{- if (.Values.node.daemonset.resources | default dict ).requests }}
requests: requests:
cpu: {{ .Values.node.daemonset.resources.requests.cpu | default "750m" }} cpu: {{ (.Values.node.daemonset.resources.requests | default dict ).cpu | default "750m" }}
memory: {{ .Values.node.daemonset.resources.requests.memory | default "1.5Gi" }} ephemeral-storage: {{ (index (.Values.node.daemonset.resources.requests | default dict ) "ephemeral-storage") | default "100Mi" }}
{{- else -}} memory: {{ (.Values.node.daemonset.resources.requests | default dict ).memory | default "1.5Gi" }}
resources: {{- else }}
limits:
cpu: "750m"
memory: "1.5Gi"
requests: requests:
cpu: "750m" cpu: 750m
memory: "1.5Gi" memory: 1.5Gi
{{- end -}} ephemeral-storage: 100Mi
{{- else -}} {{- end }}
{{- else -}}
{{- if .Values.node.daemonset.resources -}} {{- if .Values.node.daemonset.resources -}}
{{- toYaml .Values.node.daemonset.resources -}} {{- toYaml .Values.node.daemonset.resources -}}
{{- end -}} {{- end -}}

6
charts/crowdstrike/falcon-sensor/templates/daemonset.yaml
View File

@ -108,15 +108,17 @@ spec:
- name: falconstore-dir - name: falconstore-dir
mountPath: /host_opt mountPath: /host_opt
{{- end }} {{- end }}
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
{{- end }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: true privileged: true

12
charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml
View File

@ -100,15 +100,17 @@ spec:
- name: opt-crowdstrike - name: opt-crowdstrike
mountPath: /host_opt mountPath: /host_opt
{{- end }} {{- end }}
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
{{- end }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: true privileged: true
@ -133,15 +135,17 @@ spec:
- sleep 10 - sleep 10
command: command:
- /bin/bash - /bin/bash
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
{{- end }}
securityContext: securityContext:
privileged: false privileged: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true

2
charts/crowdstrike/falcon-sensor/values.yaml
View File

@ -62,9 +62,11 @@ node:
# resources: # resources:
# limits: # limits:
# cpu: 250m # cpu: 250m
# ephemeral-storage: 100Mi
# memory: 500Mi # memory: 500Mi
# requests: # requests:
# cpu: 250m # cpu: 250m
# ephemeral-storage: 100Mi
# memory: 500Mi # memory: 500Mi
# Update strategy to role out new daemonset configuration to the nodes. # Update strategy to role out new daemonset configuration to the nodes.

8
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,13 @@
# Datadog changelog # Datadog changelog
## 3.43.1
* Fix docstring typos and remove unneeded lines.
## 3.43.0
* Default `Agent` and `Cluster-Agent` to `7.49.0` version.
## 3.42.1 ## 3.42.1
* Bump FIPS proxy OpenSSL version to 3.0.12 * Bump FIPS proxy OpenSSL version to 3.0.12

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources: sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes - https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent - https://github.com/DataDog/datadog-agent
version: 3.42.1 version: 3.43.1

40
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog # Datadog
![Version: 3.42.1](https://img.shields.io/badge/Version-3.42.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) ![Version: 3.43.1](https://img.shields.io/badge/Version-3.43.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -450,7 +450,7 @@ helm install <RELEASE_NAME> \
| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| agents.image.repository | string | `nil` | Override default registry + image.name for Agent | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
| agents.image.tag | string | `"7.48.1"` | Define the Agent version to use | | agents.image.tag | string | `"7.49.0"` | Define the Agent version to use |
| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@ -514,7 +514,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
| clusterAgent.image.tag | string | `"7.48.1"` | Cluster Agent image tag to use | | clusterAgent.image.tag | string | `"7.49.0"` | Cluster Agent image tag to use |
| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@ -565,7 +565,7 @@ helm install <RELEASE_NAME> \
| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
| clusterChecksRunner.image.tag | string | `"7.48.1"` | Define the Agent version to use | | clusterChecksRunner.image.tag | string | `"7.49.0"` | Define the Agent version to use |
| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |
@ -609,13 +609,13 @@ helm install <RELEASE_NAME> \
| datadog.clusterTagger.collectKubernetesTags | bool | `false` | Enables Kubernetes resources tags collection. | | datadog.clusterTagger.collectKubernetesTags | bool | `false` | Enables Kubernetes resources tags collection. |
| datadog.collectEvents | bool | `true` | Enables this to start event collection from the kubernetes API | | datadog.collectEvents | bool | `true` | Enables this to start event collection from the kubernetes API |
| datadog.confd | object | `{}` | Provide additional check configurations (static and Autodiscovery) | | datadog.confd | object | `{}` | Provide additional check configurations (static and Autodiscovery) |
| datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list | | datadog.containerExclude | string | `nil` | Exclude containers from Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeLogs | string | `nil` | Exclude logs from Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from Agent Autodiscovery, as a space-separated list |
| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata | | datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata |
| datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in the Autodiscovery | | datadog.containerInclude | string | `nil` | Include containers in Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in Autodiscovery |
| datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeLogs | string | `nil` | Include logs in Agent Autodiscovery, as a space-separated list |
| datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeMetrics | string | `nil` | Include metrics in Agent Autodiscovery, as a space-separated list |
| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection | | datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection |
| datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. |
| datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) |
@ -634,8 +634,8 @@ helm install <RELEASE_NAME> \
| datadog.env | list | `[]` | Set environment variables for all Agents | | datadog.env | list | `[]` | Set environment variables for all Agents |
| datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict | | datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict |
| datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets | | datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets |
| datadog.excludePauseContainer | bool | `true` | Exclude pause containers from the Agent Autodiscovery. | | datadog.excludePauseContainer | bool | `true` | Exclude pause containers from Agent Autodiscovery. |
| datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfer with the agentmetrics port from the cluster-agent, which defaults to 5000 | | datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 |
| datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true | | datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true |
| datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true | | datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true |
| datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true | | datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true |
@ -662,7 +662,7 @@ helm install <RELEASE_NAME> \
| datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. |
| datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). |
| datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection |
| datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "confimaps". "" to automatically detect which one to use. | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. |
| datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second |
| datadog.logLevel | string | `"INFO"` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off | | datadog.logLevel | string | `"INFO"` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off |
| datadog.logs.autoMultiLineDetection | bool | `false` | Allows the Agent to detect common multi-line patterns automatically. | | datadog.logs.autoMultiLineDetection | bool | `false` | Allows the Agent to detect common multi-line patterns automatically. |
@ -747,17 +747,17 @@ helm install <RELEASE_NAME> \
| existingClusterAgent.serviceName | string | `nil` | Existing service name to use for reaching the external Cluster Agent | | existingClusterAgent.serviceName | string | `nil` | Existing service name to use for reaching the external Cluster Agent |
| existingClusterAgent.tokenSecretName | string | `nil` | Existing secret name to use for external Cluster Agent token | | existingClusterAgent.tokenSecretName | string | `nil` | Existing secret name to use for external Cluster Agent token |
| fips.customFipsConfig | object | `{}` | Configure a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. | | fips.customFipsConfig | object | `{}` | Configure a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. |
| fips.enabled | bool | `false` | | | fips.enabled | bool | `false` | Enable fips sidecar |
| fips.image.digest | string | `""` | Define the FIPS sidecar image digest to use, takes precedence over `fips.image.tag` if specified. | | fips.image.digest | string | `""` | Define the FIPS sidecar image digest to use, takes precedence over `fips.image.tag` if specified. |
| fips.image.name | string | `"fips-proxy"` | | | fips.image.name | string | `"fips-proxy"` | |
| fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy |
| fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. |
| fips.image.tag | string | `"0.6.1"` | Define the FIPS sidecar container version to use. | | fips.image.tag | string | `"0.6.1"` | Define the FIPS sidecar container version to use. |
| fips.local_address | string | `"127.0.0.1"` | | | fips.local_address | string | `"127.0.0.1"` | Set local IP address |
| fips.port | int | `9803` | | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. |
| fips.portRange | int | `15` | | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 |
| fips.resources | object | `{}` | Resource requests and limits for the FIPS sidecar container. | | fips.resources | object | `{}` | Resource requests and limits for the FIPS sidecar container. |
| fips.use_https | bool | `false` | | | fips.use_https | bool | `false` | Option to enable https |
| fullnameOverride | string | `nil` | Override the full qualified app name | | fullnameOverride | string | `nil` | Override the full qualified app name |
| kube-state-metrics.image.repository | string | `"registry.k8s.io/kube-state-metrics/kube-state-metrics"` | Default kube-state-metrics image repository. | | kube-state-metrics.image.repository | string | `"registry.k8s.io/kube-state-metrics/kube-state-metrics"` | Default kube-state-metrics image repository. |
| kube-state-metrics.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for KSM. KSM only supports Linux. | | kube-state-metrics.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for KSM. KSM only supports Linux. |
@ -766,12 +766,12 @@ helm install <RELEASE_NAME> \
| kube-state-metrics.serviceAccount.create | bool | `true` | If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true | | kube-state-metrics.serviceAccount.create | bool | `true` | If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true |
| kube-state-metrics.serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. | | kube-state-metrics.serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. |
| nameOverride | string | `nil` | Override name of app | | nameOverride | string | `nil` | Override name of app |
| providers.aks.enabled | bool | `false` | Activate all specifities related to AKS configuration. Required as currently we cannot auto-detect AKS. | | providers.aks.enabled | bool | `false` | Activate all specificities related to AKS configuration. Required as currently we cannot auto-detect AKS. |
| providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. |
| providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot |
| providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) |
| registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) | | registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) |
| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overriden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. |
| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) |
## Configuration options for Windows deployments ## Configuration options for Windows deployments

Some files were not shown because too many files have changed in this diff Show More