andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  amd/amd-gpu:
    - 0.10.0
  argo/argo-cd:
    - 5.51.0
  bitnami/airflow:
    - 16.1.0
  bitnami/cassandra:
    - 10.6.0
  bitnami/kafka:
    - 26.2.1
  bitnami/mysql:
    - 9.14.2
  bitnami/postgresql:
    - 13.2.1
  bitnami/redis:
    - 18.2.1
  bitnami/spark:
    - 8.1.0
  bitnami/tomcat:
    - 10.11.0
  bitnami/wordpress:
    - 18.1.3
  bitnami/zookeeper:
    - 12.3.0
  crowdstrike/falcon-sensor:
    - 1.23.1
  datadog/datadog:
    - 3.43.1
  f5/nginx-ingress:
    - 1.0.2
  haproxy/haproxy:
    - 1.34.0
  harbor/harbor:
    - 1.13.1
  hashicorp/consul:
    - 1.2.3
  kasten/k10:
    - 6.0.12
  kong/kong:
    - 2.31.0
  kubecost/cost-analyzer:
    - 1.107.0
  nats/nats:
    - 1.1.4
  redpanda/redpanda:
    - 5.6.38
  speedscale/speedscale-operator:
    - 1.4.0
  sysdig/sysdig:
    - 1.16.20
  weka/csi-wekafsplugin:
    - 2.3.1
```
pull/934/head
github-actions[bot] 2023-11-06 14:48:59 +00:00
parent f4bff192fd
commit 9360591e81
295 changed files with 6849 additions and 2062 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/amd/amd-gpu-0.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.49.0.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.51.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/cassandra-10.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/kafka-26.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.14.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-13.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-18.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/spark-8.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-18.1.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/zookeeper-12.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/crowdstrike/falcon-sensor-1.23.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.43.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.34.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/harbor/harbor-1.13.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/consul-1.2.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.0.1201.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.31.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.4.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.107.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-1.1.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.6.38.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.4.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.20.tgz Normal file
View File

Binary file not shown.

BIN
assets/weka/csi-wekafsplugin-2.3.1.tgz Normal file
View File

Binary file not shown.

6
charts/amd/amd-gpu/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: node-feature-discovery - name: node-feature-discovery
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
version: 0.13.3 version: 0.14.3
digest: sha256:a4f46d22c9ecd5b82cc2ed17da0c34b0e4936f6365bb61b474ec2780e9af3636 digest: sha256:a1651e3e727f3f60f286930ab341af1009cce742b181d19b9ec75d392c5c339b
generated: "2023-08-23T02:41:44.856348249Z" generated: "2023-11-03T05:15:42.351779792Z"

4
charts/amd/amd-gpu/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.18.0-0' catalog.cattle.io/kube-version: '>= 1.18.0-0'
catalog.cattle.io/release-name: amd-gpu catalog.cattle.io/release-name: amd-gpu
apiVersion: v2 apiVersion: v2
appVersion: 1.25.2.4 appVersion: 1.25.2.5
dependencies: dependencies:
- condition: nfd.enabled - condition: nfd.enabled
name: node-feature-discovery name: node-feature-discovery
@ -25,4 +25,4 @@ name: amd-gpu
sources: sources:
- https://github.com/RadeonOpenCompute/k8s-device-plugin - https://github.com/RadeonOpenCompute/k8s-device-plugin
type: application type: application
version: 0.9.0 version: 0.10.0

2
charts/amd/amd-gpu/README.md
View File

@ -1,6 +1,6 @@
# AMD GPU Helm Chart # AMD GPU Helm Chart
![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.4](https://img.shields.io/badge/AppVersion-1.25.2.4-informational?style=flat-square) ![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.5](https://img.shields.io/badge/AppVersion-1.25.2.5-informational?style=flat-square)
A Helm chart for deploying Kubernetes AMD GPU device plugin A Helm chart for deploying Kubernetes AMD GPU device plugin

4
charts/amd/amd-gpu/charts/node-feature-discovery/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: v0.13.3 appVersion: v0.14.3
description: 'Detects hardware features available on each node in a Kubernetes cluster, description: 'Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels. ' and advertises those features using node labels. '
home: https://github.com/kubernetes-sigs/node-feature-discovery home: https://github.com/kubernetes-sigs/node-feature-discovery
@ -11,4 +11,4 @@ name: node-feature-discovery
sources: sources:
- https://github.com/kubernetes-sigs/node-feature-discovery - https://github.com/kubernetes-sigs/node-feature-discovery
type: application type: application
version: 0.13.3 version: 0.14.3

2
charts/amd/amd-gpu/charts/node-feature-discovery/README.md
View File

@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs. range of vendor and application specific node labeling needs.
See See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.13/deployment/helm.html) [NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.14/deployment/helm.html)
for deployment instructions. for deployment instructions.

6
charts/amd/amd-gpu/charts/node-feature-discovery/crds/nfd-api-crds.yaml
View File

@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.12.1
creationTimestamp: null
name: nodefeatures.nfd.k8s-sigs.io name: nodefeatures.nfd.k8s-sigs.io
spec: spec:
group: nfd.k8s-sigs.io group: nfd.k8s-sigs.io
@ -114,8 +113,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.12.1
creationTimestamp: null
name: nodefeaturerules.nfd.k8s-sigs.io name: nodefeaturerules.nfd.k8s-sigs.io
spec: spec:
group: nfd.k8s-sigs.io group: nfd.k8s-sigs.io

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/_helpers.tpl
View File

@ -96,12 +96,12 @@ Create the name of the service account which topologyUpdater will use
{{- end -}} {{- end -}}
{{/* {{/*
Create the name of the service account which topologyGC will use Create the name of the service account which nfd-gc will use
*/}} */}}
{{- define "node-feature-discovery.topologyGC.serviceAccountName" -}} {{- define "node-feature-discovery.gc.serviceAccountName" -}}
{{- if .Values.topologyGC.serviceAccount.create -}} {{- if .Values.gc.serviceAccount.create -}}
{{ default (printf "%s-topology-gc" (include "node-feature-discovery.fullname" .)) .Values.topologyGC.serviceAccount.name }} {{ default (printf "%s-gc" (include "node-feature-discovery.fullname" .)) .Values.gc.serviceAccount.name }}
{{- else -}} {{- else -}}
{{ default "default" .Values.topologyGC.serviceAccount.name }} {{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

28
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrole.yaml
View File

@ -25,10 +25,25 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
{{- end }} {{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
@ -65,12 +80,12 @@ rules:
- update - update
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
--- ---
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:
@ -94,4 +109,11 @@ rules:
verbs: verbs:
- delete - delete
- list - list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
{{- end }} {{- end }}

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/clusterrolebinding.yaml
View File

@ -15,8 +15,8 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -33,20 +33,20 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
--- ---
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }} name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}

26
charts/amd/amd-gpu/charts/node-feature-discovery/templates/master.yaml
View File

@ -6,8 +6,10 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: master role: master
{{- with .Values.master.deploymentAnnotations }}
annotations: annotations:
{{- toYaml .Values.master.deploymentAnnotations | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.master.replicaCount }} replicas: {{ .Values.master.replicaCount }}
selector: selector:
@ -19,8 +21,10 @@ spec:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: master role: master
{{- with .Values.master.annotations }}
annotations: annotations:
{{- toYaml .Values.master.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
@ -66,6 +70,8 @@ spec:
ports: ports:
- containerPort: {{ .Values.master.port | default "8080" }} - containerPort: {{ .Values.master.port | default "8080" }}
name: grpc name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
env: env:
- name: NODE_NAME - name: NODE_NAME
valueFrom: valueFrom:
@ -80,8 +86,10 @@ spec:
- "-instance={{ .Values.master.instance }}" - "-instance={{ .Values.master.instance }}"
{{- end }} {{- end }}
- "-port={{ .Values.master.port | default "8080" }}" - "-port={{ .Values.master.port | default "8080" }}"
{{- if .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api" - "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election"
{{- end }} {{- end }}
{{- if .Values.master.extraLabelNs | empty | not }} {{- if .Values.master.extraLabelNs | empty | not }}
- "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}" - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
@ -99,16 +107,23 @@ spec:
- "-crd-controller={{ .Values.master.crdController }}" - "-crd-controller={{ .Values.master.crdController }}"
{{- else }} {{- else }}
## By default, disable crd controller for other than the default instances ## By default, disable crd controller for other than the default instances
- "-featurerules-controller={{ .Values.master.instance | empty }}" - "-crd-controller={{ .Values.master.instance | empty }}"
{{- end }} {{- end }}
{{- if .Values.master.featureRulesController | kindIs "invalid" | not }} {{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
- "-featurerules-controller={{ .Values.master.featureRulesController }}" - "-featurerules-controller={{ .Values.master.featureRulesController }}"
{{- end }} {{- end }}
{{- if .Values.master.resyncPeriod }}
- "-resync-period={{ .Values.master.resyncPeriod }}"
{{- end }}
{{- if .Values.master.nfdApiParallelism | empty | not }}
- "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
{{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }} {{- end }}
- "-metrics={{ .Values.master.metricsPort | default "8081" }}"
volumeMounts: volumeMounts:
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- name: nfd-master-cert - name: nfd-master-cert
@ -130,7 +145,6 @@ spec:
items: items:
- key: nfd-master.conf - key: nfd-master.conf
path: nfd-master.conf path: nfd-master.conf
{{- with .Values.master.nodeSelector }} {{- with .Values.master.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

46
charts/amd/amd-gpu/charts/node-feature-discovery/templates/topology-gc.yaml → charts/amd/amd-gpu/charts/node-feature-discovery/templates/nfd-gc.yaml
View File

@ -1,36 +1,42 @@
{{- if and .Values.topologyGC.enable .Values.topologyUpdater.enable -}} {{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: topology-gc role: gc
{{- with .Values.gc.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.topologyGC.replicaCount | default 1 }} replicas: {{ .Values.gc.replicaCount | default 1 }}
selector: selector:
matchLabels: matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: topology-gc role: gc
template: template:
metadata: metadata:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-gc role: gc
{{- with .Values.gc.annotations }}
annotations: annotations:
{{- toYaml .Values.topologyGC.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
serviceAccountName: {{ .Values.topologyGC.serviceAccountName | default "nfd-topology-gc" }} serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
securityContext: securityContext:
{{- toYaml .Values.topologyGC.podSecurityContext | nindent 8 }} {{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
containers: containers:
- name: topology-gc - name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env: env:
@ -39,25 +45,29 @@ spec:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
command: command:
- "nfd-topology-gc" - "nfd-gc"
args: args:
{{- if .Values.topologyGC.interval | empty | not }} {{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.topologyGC.interval }}" - "-gc-interval={{ .Values.gc.interval }}"
{{- end }} {{- end }}
resources: resources:
{{- toYaml .Values.topologyGC.resources | nindent 12 }} {{- toYaml .Values.gc.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.topologyGC.securityContext | nindent 12 }} allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with .Values.topologyGC.nodeSelector }} {{- with .Values.gc.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.topologyGC.affinity }} {{- with .Values.gc.affinity }}
affinity: affinity:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.topologyGC.tolerations }} {{- with .Values.gc.tolerations }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

26
charts/amd/amd-gpu/charts/node-feature-discovery/templates/prometheus.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.prometheus.enable }}
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "node-feature-discovery.fullname" . }}
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
{{- with .Values.prometheus.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
podMetricsEndpoints:
- honorLabels: true
interval: 10s
path: /metrics
port: metrics
scheme: http
namespaceSelector:
matchNames:
- {{ include "node-feature-discovery.namespace" . }}
selector:
matchExpressions:
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }}

1
charts/amd/amd-gpu/charts/node-feature-discovery/templates/role.yaml
View File

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-worker name: {{ include "node-feature-discovery.fullname" . }}-worker
namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:

1
charts/amd/amd-gpu/charts/node-feature-discovery/templates/rolebinding.yaml
View File

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ include "node-feature-discovery.fullname" . }}-worker name: {{ include "node-feature-discovery.fullname" . }}-worker
namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
roleRef: roleRef:

10
charts/amd/amd-gpu/charts/node-feature-discovery/templates/serviceaccount.yaml
View File

@ -12,8 +12,8 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
---
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -27,23 +27,23 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
--- ---
{{- if and .Values.topologyGC.enable .Values.topologyGC.serviceAccount.create .Values.topologyUpdater.enable }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }} name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
{{- with .Values.topologyUpdater.serviceAccount.annotations }} {{- with .Values.gc.serviceAccount.annotations }}
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
---
{{- if .Values.worker.serviceAccount.create }} {{- if .Values.worker.serviceAccount.create }}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

16
charts/amd/amd-gpu/charts/node-feature-discovery/templates/topologyupdater.yaml
View File

@ -7,6 +7,10 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: topology-updater role: topology-updater
{{- with .Values.topologyUpdater.daemonsetAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -17,8 +21,10 @@ spec:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-updater role: topology-updater
{{- with .Values.topologyUpdater.annotations }}
annotations: annotations:
{{- toYaml .Values.topologyUpdater.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
@ -37,6 +43,10 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: NODE_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
command: command:
- "nfd-topology-updater" - "nfd-topology-updater"
args: args:
@ -66,6 +76,10 @@ spec:
# Disable kubelet state tracking by giving an empty path # Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir=" - "-kubelet-state-dir="
{{- end }} {{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
volumeMounts: volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config - name: kubelet-config

16
charts/amd/amd-gpu/charts/node-feature-discovery/templates/worker.yaml
View File

@ -6,8 +6,10 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
role: worker role: worker
{{- with .Values.worker.daemonsetAnnotations }}
annotations: annotations:
{{- toYaml .Values.worker.daemonsetAnnotations | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -18,8 +20,10 @@ spec:
labels: labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: worker role: worker
{{- with .Values.worker.annotations }}
annotations: annotations:
{{- toYaml .Values.worker.annotations | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
@ -46,14 +50,18 @@ spec:
- "nfd-worker" - "nfd-worker"
args: args:
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
{{- if .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-enable-nodefeature-api" - "-enable-nodefeature-api=false"
{{- end }} {{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }} {{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
volumeMounts: volumeMounts:
- name: host-boot - name: host-boot
mountPath: "/host-boot" mountPath: "/host-boot"

47
charts/amd/amd-gpu/charts/node-feature-discovery/values.yaml
View File

@ -10,7 +10,7 @@ nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
namespaceOverride: "" namespaceOverride: ""
enableNodeFeatureApi: false enableNodeFeatureApi: true
master: master:
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
@ -20,17 +20,43 @@ master:
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false # enableTaints: false
# labelWhiteList: "foo" # labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE> ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080 # The TCP port that nfd-master listens for incoming requests. Default: 8080
port: 8080 port: 8080
metricsPort: 8081
instance: instance:
featureApi: featureApi:
resyncPeriod:
denyLabelNs: [] denyLabelNs: []
extraLabelNs: [] extraLabelNs: []
resourceLabels: [] resourceLabels: []
enableTaints: false enableTaints: false
crdController: null crdController: null
featureRulesController: null featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {} deploymentAnnotations: {}
replicaCount: 1 replicaCount: 1
@ -154,6 +180,7 @@ worker:
# - "SSE4" # - "SSE4"
# - "SSE42" # - "SSE42"
# - "SSSE3" # - "SSSE3"
# - "TDX_GUEST"
# attributeWhitelist: # attributeWhitelist:
# kernel: # kernel:
# kconfigFile: "/path/to/kconfig" # kconfigFile: "/path/to/kconfig"
@ -183,7 +210,7 @@ worker:
# - "vendor" # - "vendor"
# - "device" # - "device"
# local: # local:
# hooksEnabled: true # hooksEnabled: false
# custom: # custom:
# # The following feature demonstrates the capabilities of the matchFeatures # # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule" # - name: "my custom rule"
@ -332,6 +359,7 @@ worker:
# #
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE> ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
daemonsetAnnotations: {} daemonsetAnnotations: {}
podSecurityContext: {} podSecurityContext: {}
# fsGroup: 2000 # fsGroup: 2000
@ -404,6 +432,7 @@ topologyUpdater:
rbac: rbac:
create: true create: true
metricsPort: 8081
kubeletConfigPath: kubeletConfigPath:
kubeletPodResourcesSockPath: kubeletPodResourcesSockPath:
updateInterval: 60s updateInterval: 60s
@ -433,10 +462,11 @@ topologyUpdater:
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
annotations: {} annotations: {}
daemonsetAnnotations: {}
affinity: {} affinity: {}
podSetFingerprint: true podSetFingerprint: true
topologyGC: gc:
enable: true enable: true
replicaCount: 1 replicaCount: 1
@ -450,12 +480,6 @@ topologyGC:
interval: 1h interval: 1h
podSecurityContext: {} podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
@ -472,6 +496,7 @@ topologyGC:
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
annotations: {} annotations: {}
deploymentAnnotations: {}
affinity: {} affinity: {}
# Optionally use encryption for worker <--> master comms # Optionally use encryption for worker <--> master comms
@ -482,3 +507,7 @@ topologyGC:
tls: tls:
enable: false enable: false
certManager: false certManager: false
prometheus:
enable: false
labels: {}

4
charts/amd/amd-gpu/values.yaml
View File

@ -10,13 +10,13 @@ dp:
image: image:
repository: docker.io/rocm/k8s-device-plugin repository: docker.io/rocm/k8s-device-plugin
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: "1.25.2.4" tag: "1.25.2.5"
resources: {} resources: {}
lbl: lbl:
image: image:
repository: docker.io/rocm/k8s-device-plugin repository: docker.io/rocm/k8s-device-plugin
tag: "labeller-1.25.2.4" tag: "labeller-1.25.2.5"
resources: {} resources: {}
imagePullSecrets: [] imagePullSecrets: []

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: added - kind: changed
description: Add notification cluster role support description: Upgrade Argo CD to v2.9.0
artifacthub.io/signKey: | artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd catalog.cattle.io/release-name: argo-cd
apiVersion: v2 apiVersion: v2
appVersion: v2.8.5 appVersion: v2.9.0
dependencies: dependencies:
- condition: redis-ha.enabled - condition: redis-ha.enabled
name: redis-ha name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources: sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
version: 5.49.0 version: 5.51.0

12
charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
View File

@ -90,6 +90,18 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.annotations
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.labels
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

2
charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }} {{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:

2
charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.createClusterRoles }} {{- if and .Values.notifications.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:

12
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -231,6 +231,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm name: argocd-cmd-params-cm
optional: true optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.helm.manifest.max.extracted.size
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED - name: ARGOCD_GIT_MODULES_ENABLED
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

1
charts/argo/argo-cd/templates/argocd-server/clusterrole.yaml
View File

@ -40,6 +40,7 @@ rules:
- argoproj.io - argoproj.io
resources: resources:
- applications - applications
- applicationsets
verbs: verbs:
- get - get
- list - list

389
charts/argo/argo-cd/templates/crds/crd-application.yaml
View File

@ -359,6 +359,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -657,6 +688,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -797,7 +859,8 @@ spec:
properties: properties:
name: name:
description: Name is an alternate way of specifying the target description: Name is an alternate way of specifying the target
cluster by its symbolic name cluster by its symbolic name. This must be set if Server is
not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace for the description: Namespace specifies the target namespace for the
@ -805,8 +868,9 @@ spec:
namespace-scoped resources that have not set a value for .metadata.namespace namespace-scoped resources that have not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster and description: Server specifies the URL of the target cluster's
must be set to the Kubernetes control plane API Kubernetes control plane API. This must be set if Name is not
set.
type: string type: string
type: object type: object
ignoreDifferences: ignoreDifferences:
@ -1067,6 +1131,37 @@ spec:
description: Namespace sets the namespace that Kustomize adds description: Namespace sets the namespace that Kustomize adds
to all resources to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas override description: Replicas is a list of Kustomize Replicas override
specifications specifications
@ -1355,6 +1450,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas override description: Replicas is a list of Kustomize Replicas override
specifications specifications
@ -1796,6 +1922,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2097,6 +2254,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2542,6 +2730,37 @@ spec:
description: Namespace sets the namespace that description: Namespace sets the namespace that
Kustomize adds to all resources Kustomize adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -2860,6 +3079,38 @@ spec:
description: Namespace sets the namespace that description: Namespace sets the namespace that
Kustomize adds to all resources Kustomize adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize
patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize description: Replicas is a list of Kustomize
Replicas override specifications Replicas override specifications
@ -3292,6 +3543,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -3603,6 +3885,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -3804,7 +4117,8 @@ spec:
properties: properties:
name: name:
description: Name is an alternate way of specifying the description: Name is an alternate way of specifying the
target cluster by its symbolic name target cluster by its symbolic name. This must be set
if Server is not set.
type: string type: string
namespace: namespace:
description: Namespace specifies the target namespace description: Namespace specifies the target namespace
@ -3813,8 +4127,9 @@ spec:
not set a value for .metadata.namespace not set a value for .metadata.namespace
type: string type: string
server: server:
description: Server specifies the URL of the target cluster description: Server specifies the URL of the target cluster's
and must be set to the Kubernetes control plane API Kubernetes control plane API. This must be set if Name
is not set.
type: string type: string
type: object type: object
ignoreDifferences: ignoreDifferences:
@ -4056,6 +4371,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications
@ -4367,6 +4713,37 @@ spec:
description: Namespace sets the namespace that Kustomize description: Namespace sets the namespace that Kustomize
adds to all resources adds to all resources
type: string type: string
patches:
description: Patches is a list of Kustomize patches
items:
properties:
options:
additionalProperties:
type: boolean
type: object
patch:
type: string
path:
type: string
target:
properties:
annotationSelector:
type: string
group:
type: string
kind:
type: string
labelSelector:
type: string
name:
type: string
namespace:
type: string
version:
type: string
type: object
type: object
type: array
replicas: replicas:
description: Replicas is a list of Kustomize Replicas description: Replicas is a list of Kustomize Replicas
override specifications override specifications

1471
charts/argo/argo-cd/templates/crds/crd-applicationset.yaml
View File

File diff suppressed because it is too large Load Diff

2
charts/bitnami/airflow/Chart.yaml
View File

@ -50,4 +50,4 @@ maintainers:
name: airflow name: airflow
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow - https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.0.7 version: 16.1.0

502
charts/bitnami/airflow/README.md
View File

@ -108,209 +108,221 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow web parameters ### Airflow web parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` | | `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` | | `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | | `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | | `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
| `web.image.debug` | Enable image debug mode | `false` | | `web.image.debug` | Enable image debug mode | `false` |
| `web.baseUrl` | URL used to access to Airflow web ui | `""` | | `web.baseUrl` | URL used to access to Airflow web ui | `""` |
| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | | `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` |
| `web.command` | Override default container command (useful when using custom images) | `[]` | | `web.command` | Override default container command (useful when using custom images) | `[]` |
| `web.args` | Override default container args (useful when using custom images) | `[]` | | `web.args` | Override default container args (useful when using custom images) | `[]` |
| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | | `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` |
| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | | `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` |
| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | | `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` |
| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | | `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` |
| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | | `web.containerPorts.http` | Airflow web HTTP container port | `8080` |
| `web.replicaCount` | Number of Airflow web replicas | `1` | | `web.replicaCount` | Number of Airflow web replicas | `1` |
| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | | `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` |
| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | | `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | | `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | | `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` |
| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | | `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` |
| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | | `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | | `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | | `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | | `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | | `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | | `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | | `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | | `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | | `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
| `web.hostAliases` | Deployment pod host aliases | `[]` | | `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` |
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | | `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | | `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | | `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | | `web.hostAliases` | Deployment pod host aliases | `[]` |
| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | | `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | | `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` |
| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | | `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` |
| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | | `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | | `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` |
| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` |
| `web.priorityClassName` | Priority Class Name | `""` | | `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | | `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | | `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` |
| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | | `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | | `web.priorityClassName` | Priority Class Name | `""` |
| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | | `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | | `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` |
| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | | `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` |
| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | | `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` |
| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | | `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` |
| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | | `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` |
| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | | `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` |
| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` |
| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` |
| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` |
| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
### Airflow scheduler parameters ### Airflow scheduler parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` | | `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` | | `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
| `scheduler.image.debug` | Enable image debug mode | `false` | | `scheduler.image.debug` | Enable image debug mode | `false` |
| `scheduler.replicaCount` | Number of scheduler replicas | `1` | | `scheduler.replicaCount` | Number of scheduler replicas | `1` |
| `scheduler.command` | Override cmd | `[]` | | `scheduler.command` | Override cmd | `[]` |
| `scheduler.args` | Override args | `[]` | | `scheduler.args` | Override args | `[]` |
| `scheduler.extraEnvVars` | Add extra environment variables | `[]` | | `scheduler.extraEnvVars` | Add extra environment variables | `[]` |
| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | | `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` | | `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` | | `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` |
| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` | | `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` |
| `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` | | `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` |
| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` | | `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` |
| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` | | `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` |
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | | `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | | `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | | `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` | | `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | | `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` |
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` | | `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` | | `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` | | `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
| `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` | | `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
| `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
| `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` | | `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
| `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` | | `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` |
| `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` | | `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` |
| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | | `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` | | `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` |
| `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` |
| `scheduler.priorityClassName` | Priority Class Name | `""` | | `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
| `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | | `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
| `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` | | `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` |
| `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` | | `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` | | `scheduler.priorityClassName` | Priority Class Name | `""` |
| `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` | | `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` | | `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` |
| `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` | | `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` |
| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` | | `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` |
| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` | | `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` |
| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` | | `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` |
| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | | `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` |
| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` |
| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` |
| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` |
| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` |
### Airflow worker parameters ### Airflow worker parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` | | `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` | | `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
| `worker.image.debug` | Enable image debug mode | `false` | | `worker.image.debug` | Enable image debug mode | `false` |
| `worker.command` | Override default container command (useful when using custom images) | `[]` | | `worker.command` | Override default container command (useful when using custom images) | `[]` |
| `worker.args` | Override default container args (useful when using custom images) | `[]` | | `worker.args` | Override default container args (useful when using custom images) | `[]` |
| `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` | | `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` |
| `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` | | `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` |
| `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` | | `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` |
| `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` | | `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` |
| `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` | | `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` |
| `worker.replicaCount` | Number of Airflow worker replicas | `1` | | `worker.replicaCount` | Number of Airflow worker replicas | `1` |
| `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` | | `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` |
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | | `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | | `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` | | `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` |
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` | | `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` |
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | | `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` | | `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` |
| `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` | | `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` |
| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` | | `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` |
| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` | | `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` |
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | | `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | | `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` | | `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
| `worker.hostAliases` | Deployment pod host aliases | `[]` | | `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` |
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` | | `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` | | `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` | | `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` | | `worker.hostAliases` | Deployment pod host aliases | `[]` |
| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` | | `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
| `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` | | `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` |
| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` | | `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` |
| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | | `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` | | `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` |
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` |
| `worker.priorityClassName` | Priority Class Name | `""` | | `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | | `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
| `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` | | `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` |
| `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` | | `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` | | `worker.priorityClassName` | Priority Class Name | `""` |
| `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` | | `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` | | `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` |
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` | | `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` |
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` | | `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` |
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` | | `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` |
| `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` | | `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` |
| `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `false` | | `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` |
| `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `1` | | `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` |
| `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` | | `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` |
| `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` | | `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` |
| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` | | `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `false` |
| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` | | `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `1` |
| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` | | `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` |
| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` | | `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` |
| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` |
| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` |
| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` |
| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` |
### Airflow git sync parameters ### Airflow git sync parameters
@ -404,52 +416,56 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow metrics parameters ### Airflow metrics parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` | | `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` | | `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
| `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` | | `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` |
| `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` | | `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` |
| `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` | | `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` |
| `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` | | `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` |
| `metrics.resources.limits` | The resources limits for the container | `{}` | | `metrics.resources.limits` | The resources limits for the container | `{}` |
| `metrics.resources.requests` | The requested resources for the container | `{}` | | `metrics.resources.requests` | The requested resources for the container | `{}` |
| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` | | `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` | | `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` | | `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
| `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
| `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
| `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` | | `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
| `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` | | `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `metrics.affinity` | Affinity for pod assignment | `{}` | | `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `metrics.nodeSelector` | Node labels for pod assignment | `{}` | | `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `metrics.tolerations` | Tolerations for pod assignment | `[]` | | `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` |
| `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` | | `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
| `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` | | `metrics.affinity` | Affinity for pod assignment | `{}` |
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | | `metrics.nodeSelector` | Node labels for pod assignment | `{}` |
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | | `metrics.tolerations` | Tolerations for pod assignment | `[]` |
| `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` | | `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` | | `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | | `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | | `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | | `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` |
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | | `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | | `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | | `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | | `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | | `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
### Airflow database parameters ### Airflow database parameters

40
charts/bitnami/airflow/values.yaml
View File

@ -311,11 +311,21 @@ web:
## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context ## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context
## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser ## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser
## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot ## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
## @param web.containerSecurityContext.allowPrivilegeEscalation Set web container's Security Context allowPrivilegeEscalation
## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param web.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup ## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
@ -515,11 +525,21 @@ scheduler:
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context ## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser ## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot ## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
## @param scheduler.containerSecurityContext.allowPrivilegeEscalation Set scheduler container's Security Context allowPrivilegeEscalation
## @param scheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param scheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup ## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
@ -767,11 +787,21 @@ worker:
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context ## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser ## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set worker container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup ## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}
@ -1331,6 +1361,10 @@ metrics:
## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context ## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## e.g: ## e.g:
## containerSecurityContext: ## containerSecurityContext:
## enabled: true ## enabled: true
@ -1342,6 +1376,12 @@ metrics:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup ## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
## ##
lifecycleHooks: {} lifecycleHooks: {}

2
charts/bitnami/cassandra/Chart.yaml
View File

@ -35,4 +35,4 @@ maintainers:
name: cassandra name: cassandra
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra - https://github.com/bitnami/charts/tree/main/bitnami/cassandra
version: 10.5.8 version: 10.6.0

311
charts/bitnami/cassandra/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Cassandra in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Cassandra in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -33,9 +35,11 @@ Looking to use Apache Cassandra in production? Try [VMware Application Catalog](
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -77,108 +81,112 @@ The command removes all the Kubernetes components associated with the chart and
### Cassandra parameters ### Cassandra parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | Cassandra image registry | `docker.io` | | `image.registry` | Cassandra image registry | `REGISTRY_NAME` |
| `image.repository` | Cassandra image repository | `bitnami/cassandra` | | `image.repository` | Cassandra image repository | `REPOSITORY_NAME/cassandra` |
| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r71` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | image pull policy | `IfNotPresent` |
| `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` |
| `image.pullSecrets` | Cassandra image pull secrets | `[]` | | `image.debug` | Enable image debug mode | `false` |
| `image.debug` | Enable image debug mode | `false` | | `dbUser.user` | Cassandra admin user | `cassandra` |
| `dbUser.user` | Cassandra admin user | `cassandra` | | `dbUser.forcePassword` | Force the user to provide a non | `false` |
| `dbUser.forcePassword` | Force the user to provide a non | `false` | | `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` |
| `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` | | `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` |
| `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` | | `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` |
| `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` | | `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` |
| `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` | | `existingConfiguration` | ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart | `""` |
| `existingConfiguration` | ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart | `""` | | `cluster.name` | Cassandra cluster name | `cassandra` |
| `cluster.name` | Cassandra cluster name | `cassandra` | | `cluster.seedCount` | Number of seed nodes | `1` |
| `cluster.seedCount` | Number of seed nodes | `1` | | `cluster.numTokens` | Number of tokens for each node | `256` |
| `cluster.numTokens` | Number of tokens for each node | `256` | | `cluster.datacenter` | Datacenter name | `dc1` |
| `cluster.datacenter` | Datacenter name | `dc1` | | `cluster.rack` | Rack name | `rack1` |
| `cluster.rack` | Rack name | `rack1` | | `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` |
| `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` | | `cluster.internodeEncryption` | DEPRECATED: use tls.internode and tls.client instead. Encryption values. | `none` |
| `cluster.internodeEncryption` | DEPRECATED: use tls.internode and tls.client instead. Encryption values. | `none` | | `cluster.clientEncryption` | Client Encryption | `false` |
| `cluster.clientEncryption` | Client Encryption | `false` | | `cluster.extraSeeds` | For an external/second cassandra ring. | `[]` |
| `cluster.extraSeeds` | For an external/second cassandra ring. | `[]` | | `cluster.enableUDF` | Enable User defined functions | `false` |
| `cluster.enableUDF` | Enable User defined functions | `false` | | `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` |
| `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` | | `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` |
| `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` | | `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` |
| `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` | | `command` | Command for running the container (set to default if not set). Use array form | `[]` |
| `command` | Command for running the container (set to default if not set). Use array form | `[]` | | `args` | Args for running the container (set to default if not set). Use array form | `[]` |
| `args` | Args for running the container (set to default if not set). Use array form | `[]` | | `extraEnvVars` | Extra environment variables to be set on cassandra container | `[]` |
| `extraEnvVars` | Extra environment variables to be set on cassandra container | `[]` | | `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
### Statefulset parameters ### Statefulset parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | | --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of Cassandra replicas | `1` | | `replicaCount` | Number of Cassandra replicas | `1` |
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` | | `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
| `hostAliases` | Add deployment host aliases | `[]` | | `hostAliases` | Add deployment host aliases | `[]` |
| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | | `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` |
| `priorityClassName` | Cassandra pods' priority. | `""` | | `priorityClassName` | Cassandra pods' priority. | `""` |
| `podAnnotations` | Additional pod annotations | `{}` | | `podAnnotations` | Additional pod annotations | `{}` |
| `podLabels` | Additional pod labels | `{}` | | `podLabels` | Additional pod labels | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | | `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | | `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for pod assignment | `{}` | | `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` | | `tolerations` | Tolerations for pod assignment | `[]` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | | `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | | `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set Cassandra container's Security Context runAsUser | `1001` | | `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Force the container to be run as non root | `true` | | `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
| `resources.limits` | The resources limits for Cassandra containers | `{}` | | `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
| `resources.requests` | The requested resources for Cassandra containers | `{}` | | `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` | | `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | | `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | | `resources.limits` | The resources limits for Cassandra containers | `{}` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | | `resources.requests` | The requested resources for Cassandra containers | `{}` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` | | `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | | `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | | `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | | `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `startupProbe.enabled` | Enable startupProbe | `false` | | `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | | `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | | `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | | `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `startupProbe.enabled` | Enable startupProbe | `false` |
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `customStartupProbe` | Override default startup probe | `{}` | | `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `lifecycleHooks` | Override default etcd container hooks | `{}` | | `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` |
| `schedulerName` | Alternative scheduler | `""` | | `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `terminationGracePeriodSeconds` | In seconds, time the given to the Cassandra pod needs to terminate gracefully | `""` | | `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` | | `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` | | `customStartupProbe` | Override default startup probe | `{}` |
| `initContainers` | Add additional init containers to the cassandra pods | `[]` | | `lifecycleHooks` | Override default etcd container hooks | `{}` |
| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` | | `schedulerName` | Alternative scheduler | `""` |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | | `terminationGracePeriodSeconds` | In seconds, time the given to the Cassandra pod needs to terminate gracefully | `""` |
| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` | | `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` |
| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | | `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` |
| `hostNetwork` | Enable HOST Network | `false` | | `initContainers` | Add additional init containers to the cassandra pods | `[]` |
| `containerPorts.intra` | Intra Port on the Host and Container | `7000` | | `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` |
| `containerPorts.tls` | TLS Port on the Host and Container | `7001` | | `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` | | `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` |
| `containerPorts.cql` | CQL Port on the Host and Container | `9042` | | `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` |
| `hostPorts.intra` | Intra Port on the Host | `""` | | `hostNetwork` | Enable HOST Network | `false` |
| `hostPorts.tls` | TLS Port on the Host | `""` | | `containerPorts.intra` | Intra Port on the Host and Container | `7000` |
| `hostPorts.jmx` | JMX Port on the Host | `""` | | `containerPorts.tls` | TLS Port on the Host and Container | `7001` |
| `hostPorts.cql` | CQL Port on the Host | `""` | | `containerPorts.jmx` | JMX Port on the Host and Container | `7199` |
| `containerPorts.cql` | CQL Port on the Host and Container | `9042` |
| `hostPorts.intra` | Intra Port on the Host | `""` |
| `hostPorts.tls` | TLS Port on the Host | `""` |
| `hostPorts.jmx` | JMX Port on the Host | `""` |
| `hostPorts.cql` | CQL Port on the Host | `""` |
### RBAC parameters ### RBAC parameters
@ -227,54 +235,52 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------ | | --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | | `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | | `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters ### Metrics parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------------- | | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.registry` | Cassandra exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | | `metrics.image.repository` | Cassandra exporter image name | `REPOSITORY_NAME/cassandra-exporter` |
| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r429` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` |
| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.resources.limits` | The resources limits for the container | `{}` |
| `metrics.resources.limits` | The resources limits for the container | `{}` | | `metrics.resources.requests` | The requested resources for the container | `{}` |
| `metrics.resources.requests` | The requested resources for the container | `{}` | | `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | | `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` | | `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | | `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra-exporter container | `[]` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra-exporter container | `[]` | | `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` |
| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | | `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | | `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | | `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | | `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | | `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | | `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | | `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | | `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` |
| `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | | `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` |
| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` | | `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` |
| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` | | `metrics.hostPorts.http` | HTTP Port on the Host | `""` |
| `metrics.hostPorts.http` | HTTP Port on the Host | `""` | | `metrics.hostPorts.jmx` | JMX Port on the Host | `""` |
| `metrics.hostPorts.jmx` | JMX Port on the Host | `""` | | `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` |
| `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` |
### TLS/SSL parameters ### TLS/SSL parameters
@ -299,15 +305,18 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set dbUser.user=admin,dbUser.password=password \ --set dbUser.user=admin,dbUser.password=password \
oci://registry-1.docker.io/bitnamicharts/cassandra oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/cassandra helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details
@ -378,9 +387,11 @@ Find more information about how to deal with common errors related to Bitnami's
It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart: It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart:
```console ```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/cassandra --set dbUser.password=[PASSWORD] helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra --set dbUser.password=[PASSWORD]
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes. | Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes.
### To 9.0.0 ### To 9.0.0

34
charts/bitnami/cassandra/values.yaml
View File

@ -65,9 +65,9 @@ diagnosticMode:
## Bitnami Cassandra image ## Bitnami Cassandra image
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/ ## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
## @param image.registry Cassandra image registry ## @param image.registry [default: REGISTRY_NAME] Cassandra image registry
## @param image.repository Cassandra image repository ## @param image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository
## @param image.tag Cassandra image tag (immutable tags are recommended) ## @skip image.tag Cassandra image tag (immutable tags are recommended)
## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy image pull policy ## @param image.pullPolicy image pull policy
## @param image.pullSecrets Cassandra image pull secrets ## @param image.pullSecrets Cassandra image pull secrets
@ -287,13 +287,25 @@ podSecurityContext:
## Configure Container Security Context (only main container) ## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context ## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
## @param containerSecurityContext.runAsUser Set Cassandra container's Security Context runAsUser ## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root ## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
## @param containerSecurityContext.readOnlyRootFilesystem Set Cassandra containers' Security Context readOnlyRootFilesystem
## @param containerSecurityContext.runAsNonRoot Set Cassandra containers' Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
## Cassandra pods' resource requests and limits ## Cassandra pods' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## Minimum memory for development is 4GB and 2 CPU cores ## Minimum memory for development is 4GB and 2 CPU cores
@ -606,9 +618,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume image registry
## @param volumePermissions.image.repository Init container volume image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume image repository
## @param volumePermissions.image.tag Init container volume image tag (immutable tags are recommended) ## @skip volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume pull policy ## @param volumePermissions.image.pullPolicy Init container volume pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
@ -674,9 +686,9 @@ metrics:
enabled: false enabled: false
## Bitnami Cassandra Exporter image ## Bitnami Cassandra Exporter image
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/ ## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
## @param metrics.image.registry Cassandra exporter image registry ## @param metrics.image.registry [default: REGISTRY_NAME] Cassandra exporter image registry
## @param metrics.image.repository Cassandra exporter image name ## @param metrics.image.repository [default: REPOSITORY_NAME/cassandra-exporter] Cassandra exporter image name
## @param metrics.image.tag Cassandra exporter image tag ## @skip metrics.image.tag Cassandra exporter image tag
## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy image pull policy ## @param metrics.image.pullPolicy image pull policy
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array

2
charts/bitnami/kafka/Chart.yaml
View File

@ -45,4 +45,4 @@ maintainers:
name: kafka name: kafka
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka - https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 26.2.0 version: 26.2.1

8
charts/bitnami/kafka/README.md
View File

@ -22,7 +22,7 @@ This chart bootstraps a [Kafka](https://github.com/bitnami/containers/tree/main/
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Kafka in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -1169,9 +1169,9 @@ The changes introduced in this version are:
- TLS settings have been moved from `auth.tls.*` to `tls.*`. - TLS settings have been moved from `auth.tls.*` to `tls.*`.
- Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*` - Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*`
- Refactor externalAccess to support the new architecture: - Refactor externalAccess to support the new architecture:
- `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.controller.service.*`. - `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.broker.service.*`.
- Controller pods will not configure externalAccess unless: - Controller pods will not configure externalAccess unless either:
- `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes. - `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes; or
- `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally. - `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally.
#### Upgrading from Kraft mode #### Upgrading from Kraft mode

1
charts/bitnami/kafka/values.yaml
View File

@ -825,7 +825,6 @@ controller:
## ##
broker: broker:
## @param broker.replicaCount Number of Kafka broker-only nodes ## @param broker.replicaCount Number of Kafka broker-only nodes
## Ignore this section if running in Zookeeper mode.
## ##
replicaCount: 0 replicaCount: 0
## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization. ## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization.

2
charts/bitnami/mysql/Chart.yaml
View File

@ -36,4 +36,4 @@ maintainers:
name: mysql name: mysql
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql - https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 9.14.1 version: 9.14.2

2
charts/bitnami/mysql/values.yaml
View File

@ -204,7 +204,7 @@ primary:
## ##
configuration: |- configuration: |-
[mysqld] [mysqld]
default_authentication_plugin={{- .Values.auth.defaultAuthPlugin | default "mysql_native_password" }} default_authentication_plugin={{- .Values.auth.defaultAuthenticationPlugin | default "mysql_native_password" }}
skip-name-resolve skip-name-resolve
explicit_defaults_for_timestamp explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql basedir=/opt/bitnami/mysql

6
charts/bitnami/postgresql/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-05T15:32:13.375699946Z" generated: "2023-11-03T20:45:06.276989379Z"

6
charts/bitnami/postgresql/Chart.yaml
View File

@ -8,9 +8,9 @@ annotations:
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90 image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: postgres-exporter - name: postgres-exporter
image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15 image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r0
- name: postgresql - name: postgresql
image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13 image: docker.io/bitnami/postgresql:16.0.0-debian-11-r14
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 16.0.0 appVersion: 16.0.0
@ -38,4 +38,4 @@ maintainers:
name: postgresql name: postgresql
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql - https://github.com/bitnami/charts/tree/main/bitnami/postgresql
version: 13.1.5 version: 13.2.1

329
charts/bitnami/postgresql/README.md
View File

@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@ -22,7 +24,7 @@ For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitna
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use PostgreSQL in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use PostgreSQL in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -35,9 +37,11 @@ Looking to use PostgreSQL in production? Try [VMware Application Catalog](https:
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -96,65 +100,64 @@ kubectl delete pvc -l release=my-release
### PostgreSQL common parameters ### PostgreSQL common parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` | | `image.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | | `image.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r13` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` |
| `image.pullSecrets` | Specify image pull secrets | `[]` | | `image.debug` | Specify if debug values should be set | `false` |
| `image.debug` | Specify if debug values should be set | `false` | | `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | | `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` |
| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` | | `auth.username` | Name for a custom user to create | `""` |
| `auth.username` | Name for a custom user to create | `""` | | `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` |
| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` | | `auth.database` | Name for a custom database to create | `""` |
| `auth.database` | Name for a custom database to create | `""` | | `auth.replicationUsername` | Name of the replication user | `repl_user` |
| `auth.replicationUsername` | Name of the replication user | `repl_user` | | `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` |
| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` | | `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` | | `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` | | `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` | | `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` |
| `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` | | `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | | `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | | `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | | `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` | | `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | | `containerPorts.postgresql` | PostgreSQL container port | `5432` |
| `containerPorts.postgresql` | PostgreSQL container port | `5432` | | `audit.logHostname` | Log client hostnames | `false` |
| `audit.logHostname` | Log client hostnames | `false` | | `audit.logConnections` | Add client log-in operations to the log file | `false` |
| `audit.logConnections` | Add client log-in operations to the log file | `false` | | `audit.logDisconnections` | Add client log-outs operations to the log file | `false` |
| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | | `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` |
| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` | | `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` |
| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` | | `audit.clientMinMessages` | Message log level to share with the user | `error` |
| `audit.clientMinMessages` | Message log level to share with the user | `error` | | `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` |
| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` | | `audit.logTimezone` | Timezone for the log timestamps | `""` |
| `audit.logTimezone` | Timezone for the log timestamps | `""` | | `ldap.enabled` | Enable LDAP support | `false` |
| `ldap.enabled` | Enable LDAP support | `false` | | `ldap.server` | IP address or name of the LDAP server. | `""` |
| `ldap.server` | IP address or name of the LDAP server. | `""` | | `ldap.port` | Port number on the LDAP server to connect to | `""` |
| `ldap.port` | Port number on the LDAP server to connect to | `""` | | `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` |
| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` | | `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` |
| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` | | `ldap.basedn` | Root DN to begin the search for the user in | `""` |
| `ldap.basedn` | Root DN to begin the search for the user in | `""` | | `ldap.binddn` | DN of user to bind to LDAP | `""` |
| `ldap.binddn` | DN of user to bind to LDAP | `""` | | `ldap.bindpw` | Password for the user to bind to LDAP | `""` |
| `ldap.bindpw` | Password for the user to bind to LDAP | `""` | | `ldap.searchAttribute` | Attribute to match against the user name in the search | `""` |
| `ldap.searchAttribute` | Attribute to match against the user name in the search | `""` | | `ldap.searchFilter` | The search filter to use when doing search+bind authentication | `""` |
| `ldap.searchFilter` | The search filter to use when doing search+bind authentication | `""` | | `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` |
| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` | | `ldap.tls.enabled` | Se to true to enable TLS encryption | `false` |
| `ldap.tls.enabled` | Se to true to enable TLS encryption | `false` | | `ldap.uri` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. | `""` |
| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. | `""` | | `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` |
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` | | `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` |
| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | | `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` |
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` | | `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` |
| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` | | `tls.enabled` | Enable TLS traffic support | `false` |
| `tls.enabled` | Enable TLS traffic support | `false` | | `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | | `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | | `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` |
| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | | `tls.certFilename` | Certificate filename | `""` |
| `tls.certFilename` | Certificate filename | `""` | | `tls.certKeyFilename` | Certificate key filename | `""` |
| `tls.certKeyFilename` | Certificate key filename | `""` | | `tls.certCAFilename` | CA Certificate filename | `""` |
| `tls.certCAFilename` | CA Certificate filename | `""` | | `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
| `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
### PostgreSQL Primary parameters ### PostgreSQL Primary parameters
@ -208,13 +211,14 @@ kubectl delete pvc -l release=my-release
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` | | `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
| `primary.podSecurityContext.enabled` | Enable security context | `true` | | `primary.podSecurityContext.enabled` | Enable security context | `true` |
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `primary.containerSecurityContext.enabled` | Enable container security context | `true` | | `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` | | `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `primary.containerSecurityContext.runAsGroup` | Group ID for the container | `0` | | `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` | | `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` | | `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `primary.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` | | `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` | | `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
@ -307,13 +311,14 @@ kubectl delete pvc -l release=my-release
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` | | `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` | | `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | | `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` | | `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` | | `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `readReplicas.containerSecurityContext.runAsGroup` | Group ID for the container | `0` | | `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` | | `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` | | `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` | | `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `readReplicas.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` | | `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` | | `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` | | `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | | `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
@ -382,14 +387,14 @@ kubectl delete pvc -l release=my-release
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` | | `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` | | `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` | | `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
| `backup.cronjob.containerSecurityContext.enabled` | Enable container security context | `true` | | `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `backup.cronjob.containerSecurityContext.runAsUser` | User ID for the backup container | `1001` | | `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `backup.cronjob.containerSecurityContext.runAsGroup` | Group ID for the backup container | `0` | | `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set backup container's Security Context runAsNonRoot | `true` | | `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Is the container itself readonly | `true` | | `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate backup pod(s) privileges | `false` | | `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set backup container's Security Context seccompProfile type | `RuntimeDefault` | | `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `backup.cronjob.containerSecurityContext.capabilities.drop` | Set backup container's Security Context capabilities to drop | `["ALL"]` | | `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` | | `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
| `backup.cronjob.labels` | Set the cronjob labels | `{}` | | `backup.cronjob.labels` | Set the cronjob labels | `{}` |
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` | | `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
@ -425,21 +430,20 @@ kubectl delete pvc -l release=my-release
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` | | `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` | | `volumePermissions.containerSecurityContext.seccompProfile.type` | seccompProfile.type for the init container | `RuntimeDefault` |
| `volumePermissions.containerSecurityContext.seccompProfile.type` | seccompProfile.type for the init container | `RuntimeDefault` |
### Other Parameters ### Other Parameters
@ -456,75 +460,77 @@ kubectl delete pvc -l release=my-release
### Metrics Parameters ### Metrics Parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------- | | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `REPOSITORY_NAME/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r15` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | | `metrics.customMetrics` | Define additional custom metrics | `{}` |
| `metrics.customMetrics` | Define additional custom metrics | `{}` | | `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.runAsGroup` | Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup | `0` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation | `false` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type | `RuntimeDefault` | | `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.capabilities.drop` | Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop | `["ALL"]` | | `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` | | `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | | `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` | | `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | | `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` | | `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` |
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | | `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` | | `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` |
| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` | | `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` |
| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` | | `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` |
| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` | | `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` |
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | | `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | | `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` | | `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | | `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | | `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | | `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | | `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | | `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | | `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | | `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | | `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` | | `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | | `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | | `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` | | `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console ```console
helm install my-release \ helm install my-release \
--set auth.postgresPassword=secretpassword --set auth.postgresPassword=secretpassword
oci://registry-1.docker.io/bitnamicharts/postgresql oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the PostgreSQL `postgres` account password to `secretpassword`. The above command sets the PostgreSQL `postgres` account password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -533,9 +539,10 @@ The above command sets the PostgreSQL `postgres` account password to `secretpass
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/postgresql helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details

4
charts/bitnami/postgresql/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/postgresql/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

124
charts/bitnami/postgresql/values.yaml
View File

@ -87,9 +87,9 @@ diagnosticMode:
## Bitnami PostgreSQL image version ## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
## @param image.registry PostgreSQL image registry ## @param image.registry [default: REGISTRY_NAME] PostgreSQL image registry
## @param image.repository PostgreSQL image repository ## @param image.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
## @param image.tag PostgreSQL image tag (immutable tags are recommended) ## @skip image.tag PostgreSQL image tag (immutable tags are recommended)
## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy PostgreSQL image pull policy ## @param image.pullPolicy PostgreSQL image pull policy
## @param image.pullSecrets Specify image pull secrets ## @param image.pullSecrets Specify image pull secrets
@ -98,7 +98,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/postgresql repository: bitnami/postgresql
tag: 16.0.0-debian-11-r13 tag: 16.0.0-debian-11-r14
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -458,25 +458,26 @@ primary:
fsGroup: 1001 fsGroup: 1001
## Container Security Context ## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.containerSecurityContext.enabled Enable container security context ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
## @param primary.containerSecurityContext.runAsUser User ID for the container ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param primary.containerSecurityContext.runAsGroup Group ID for the container ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param primary.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop Set capabilities.drop for the container ## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## @param primary.hostAliases PostgreSQL primary pods host aliases ## @param primary.hostAliases PostgreSQL primary pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -821,25 +822,26 @@ readReplicas:
fsGroup: 1001 fsGroup: 1001
## Container Security Context ## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enable container security context ## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
## @param readReplicas.containerSecurityContext.runAsUser User ID for the container ## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param readReplicas.containerSecurityContext.runAsGroup Group ID for the container ## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param readReplicas.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container ## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container ## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param readReplicas.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container ## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param readReplicas.containerSecurityContext.capabilities.drop Set capabilities.drop for the container ## @param readReplicas.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param readReplicas.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## @param readReplicas.hostAliases PostgreSQL read only pods host aliases ## @param readReplicas.hostAliases PostgreSQL read only pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -1108,26 +1110,25 @@ backup:
fsGroup: 1001 fsGroup: 1001
## backup container's Security Context ## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.enabled Enable container security context ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type ## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## @param backup.cronjob.command Set backup container's command to run ## @param backup.cronjob.command Set backup container's command to run
command: command:
- /bin/sh - /bin/sh
@ -1289,9 +1290,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
@ -1390,9 +1391,9 @@ metrics:
## @param metrics.enabled Start a prometheus exporter ## @param metrics.enabled Start a prometheus exporter
## ##
enabled: false enabled: false
## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry ## @param metrics.image.registry [default: REGISTRY_NAME] PostgreSQL Prometheus Exporter image registry
## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository ## @param metrics.image.repository [default: REPOSITORY_NAME/postgres-exporter] PostgreSQL Prometheus Exporter image repository
## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) ## @skip metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy ## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy
## @param metrics.image.pullSecrets Specify image pull secrets ## @param metrics.image.pullSecrets Specify image pull secrets
@ -1400,7 +1401,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/postgres-exporter repository: bitnami/postgres-exporter
tag: 0.14.0-debian-11-r15 tag: 0.15.0-debian-11-r0
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1435,25 +1436,26 @@ metrics:
extraEnvVars: [] extraEnvVars: []
## PostgreSQL Prometheus exporter containers' Security Context ## PostgreSQL Prometheus exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param metrics.containerSecurityContext.seccompProfile.type Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities: capabilities:
drop: drop: ["ALL"]
- ALL seccompProfile:
type: "RuntimeDefault"
## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes ## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers ## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers

8
charts/bitnami/redis/Chart.yaml
View File

@ -10,12 +10,12 @@ annotations:
- name: redis-exporter - name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0 image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
- name: redis-sentinel - name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0 image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r0
- name: redis - name: redis
image: docker.io/bitnami/redis:7.2.2-debian-11-r0 image: docker.io/bitnami/redis:7.2.3-debian-11-r0
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 7.2.2 appVersion: 7.2.3
dependencies: dependencies:
- name: common - name: common
repository: file://./charts/common repository: file://./charts/common
@ -37,4 +37,4 @@ maintainers:
name: redis name: redis
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis - https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.2.0 version: 18.2.1

4
charts/bitnami/redis/values.yaml
View File

@ -91,7 +91,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis repository: bitnami/redis
tag: 7.2.2-debian-11-r0 tag: 7.2.3-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1056,7 +1056,7 @@ sentinel:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis-sentinel repository: bitnami/redis-sentinel
tag: 7.2.2-debian-11-r0 tag: 7.2.3-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

4
charts/bitnami/spark/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: Infrastructure category: Infrastructure
images: | images: |
- name: spark - name: spark
image: docker.io/bitnami/spark:3.5.0-debian-11-r10 image: docker.io/bitnami/spark:3.5.0-debian-11-r12
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 3.5.0 appVersion: 3.5.0
@ -30,4 +30,4 @@ maintainers:
name: spark name: spark
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/spark - https://github.com/bitnami/charts/tree/main/bitnami/spark
version: 8.0.2 version: 8.1.0

302
charts/bitnami/spark/README.md
View File

@ -24,7 +24,7 @@ Apache Spark includes APIs for Java, Python, Scala and R.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Spark in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -98,156 +98,162 @@ The command removes all the Kubernetes components associated with the chart and
### Spark master parameters ### Spark master parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` | | `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` |
| `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` | | `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` |
| `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` | | `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` |
| `master.containerPorts.cluster` | Specify the port where the master listens to communicate with workers | `7077` | | `master.containerPorts.cluster` | Specify the port where the master listens to communicate with workers | `7077` |
| `master.hostAliases` | Deployment pod host aliases | `[]` | | `master.hostAliases` | Deployment pod host aliases | `[]` |
| `master.extraContainerPorts` | Specify the port where the running jobs inside the masters listens | `[]` | | `master.extraContainerPorts` | Specify the port where the running jobs inside the masters listens | `[]` |
| `master.daemonMemoryLimit` | Set the memory limit for the master daemon | `""` | | `master.daemonMemoryLimit` | Set the memory limit for the master daemon | `""` |
| `master.configOptions` | Use a string to set the config options for in the form "-Dx=y" | `""` | | `master.configOptions` | Use a string to set the config options for in the form "-Dx=y" | `""` |
| `master.extraEnvVars` | Extra environment variables to pass to the master container | `[]` | | `master.extraEnvVars` | Extra environment variables to pass to the master container | `[]` |
| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for master nodes | `""` | | `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for master nodes | `""` |
| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for master nodes | `""` | | `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for master nodes | `""` |
| `master.podSecurityContext.enabled` | Enable security context | `true` | | `master.podSecurityContext.enabled` | Enable security context | `true` |
| `master.podSecurityContext.fsGroup` | Set master pod's Security Context Group ID | `1001` | | `master.podSecurityContext.fsGroup` | Set master pod's Security Context Group ID | `1001` |
| `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` | | `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` |
| `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` | | `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` |
| `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` | | `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` |
| `master.containerSecurityContext.enabled` | Enabled master containers' Security Context | `true` | | `master.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `master.containerSecurityContext.runAsUser` | Set master containers' Security Context runAsUser | `1001` | | `master.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `master.containerSecurityContext.runAsNonRoot` | Set master containers' Security Context runAsNonRoot | `true` | | `master.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set master containers' Security Context runAsNonRoot | `false` | | `master.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `master.command` | Override default container command (useful when using custom images) | `[]` | | `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `master.args` | Override default container args (useful when using custom images) | `[]` | | `master.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` | | `master.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `master.podLabels` | Extra labels for pods in StatefulSet | `{}` | | `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `master.podAffinityPreset` | Spark master pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `master.command` | Override default container command (useful when using custom images) | `[]` |
| `master.podAntiAffinityPreset` | Spark master pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `master.args` | Override default container args (useful when using custom images) | `[]` |
| `master.nodeAffinityPreset.type` | Spark master node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
| `master.nodeAffinityPreset.key` | Spark master node label key to match Ignored if `master.affinity` is set. | `""` | | `master.podLabels` | Extra labels for pods in StatefulSet | `{}` |
| `master.nodeAffinityPreset.values` | Spark master node label values to match. Ignored if `master.affinity` is set. | `[]` | | `master.podAffinityPreset` | Spark master pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `master.affinity` | Spark master affinity for pod assignment | `{}` | | `master.podAntiAffinityPreset` | Spark master pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `master.nodeSelector` | Spark master node labels for pod assignment | `{}` | | `master.nodeAffinityPreset.type` | Spark master node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `master.tolerations` | Spark master tolerations for pod assignment | `[]` | | `master.nodeAffinityPreset.key` | Spark master node label key to match Ignored if `master.affinity` is set. | `""` |
| `master.updateStrategy.type` | Master statefulset strategy type. | `RollingUpdate` | | `master.nodeAffinityPreset.values` | Spark master node label values to match. Ignored if `master.affinity` is set. | `[]` |
| `master.priorityClassName` | master pods' priorityClassName | `""` | | `master.affinity` | Spark master affinity for pod assignment | `{}` |
| `master.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `master.nodeSelector` | Spark master node labels for pod assignment | `{}` |
| `master.schedulerName` | Name of the k8s scheduler (other than default) for master pods | `""` | | `master.tolerations` | Spark master tolerations for pod assignment | `[]` |
| `master.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | | `master.updateStrategy.type` | Master statefulset strategy type. | `RollingUpdate` |
| `master.lifecycleHooks` | for the master container(s) to automate configuration before or after startup | `{}` | | `master.priorityClassName` | master pods' priorityClassName | `""` |
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the master pod(s) | `[]` | | `master.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` | | `master.schedulerName` | Name of the k8s scheduler (other than default) for master pods | `""` |
| `master.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the master statefulset | `[]` | | `master.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
| `master.resources.limits` | The resources limits for the container | `{}` | | `master.lifecycleHooks` | for the master container(s) to automate configuration before or after startup | `{}` |
| `master.resources.requests` | The requested resources for the container | `{}` | | `master.extraVolumes` | Optionally specify extra list of additional volumes for the master pod(s) | `[]` |
| `master.livenessProbe.enabled` | Enable livenessProbe | `true` | | `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | | `master.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the master statefulset | `[]` |
| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | | `master.resources.limits` | The resources limits for the container | `{}` |
| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `master.resources.requests` | The requested resources for the container | `{}` |
| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `master.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `master.readinessProbe.enabled` | Enable readinessProbe | `true` | | `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `master.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `master.startupProbe.enabled` | Enable startupProbe | `false` | | `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | | `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | | `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | | `master.startupProbe.enabled` | Enable startupProbe | `false` |
| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `master.sidecars` | Add additional sidecar containers to the master pod(s) | `[]` | | `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `master.initContainers` | Add initContainers to the master pods. | `[]` | | `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `master.sidecars` | Add additional sidecar containers to the master pod(s) | `[]` |
| `master.initContainers` | Add initContainers to the master pods. | `[]` |
### Spark worker parameters ### Spark worker parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
| `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` | | `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` |
| `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` | | `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` |
| `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` | | `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` |
| `worker.containerPorts.cluster` | Specify the port where the worker listens to communicate with workers | `""` | | `worker.containerPorts.cluster` | Specify the port where the worker listens to communicate with workers | `""` |
| `worker.hostAliases` | Add deployment host aliases | `[]` | | `worker.hostAliases` | Add deployment host aliases | `[]` |
| `worker.extraContainerPorts` | Specify the port where the running jobs inside the workers listens | `[]` | | `worker.extraContainerPorts` | Specify the port where the running jobs inside the workers listens | `[]` |
| `worker.daemonMemoryLimit` | Set the memory limit for the worker daemon | `""` | | `worker.daemonMemoryLimit` | Set the memory limit for the worker daemon | `""` |
| `worker.memoryLimit` | Set the maximum memory the worker is allowed to use | `""` | | `worker.memoryLimit` | Set the maximum memory the worker is allowed to use | `""` |
| `worker.coreLimit` | Se the maximum number of cores that the worker can use | `""` | | `worker.coreLimit` | Se the maximum number of cores that the worker can use | `""` |
| `worker.dir` | Set a custom working directory for the application | `""` | | `worker.dir` | Set a custom working directory for the application | `""` |
| `worker.javaOptions` | Set options for the JVM in the form `-Dx=y` | `""` | | `worker.javaOptions` | Set options for the JVM in the form `-Dx=y` | `""` |
| `worker.configOptions` | Set extra options to configure the worker in the form `-Dx=y` | `""` | | `worker.configOptions` | Set extra options to configure the worker in the form `-Dx=y` | `""` |
| `worker.extraEnvVars` | An array to add extra env vars | `[]` | | `worker.extraEnvVars` | An array to add extra env vars | `[]` |
| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for worker nodes | `""` | | `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for worker nodes | `""` |
| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for worker nodes | `""` | | `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for worker nodes | `""` |
| `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` | | `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` |
| `worker.podSecurityContext.enabled` | Enable security context | `true` | | `worker.podSecurityContext.enabled` | Enable security context | `true` |
| `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` | | `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` |
| `worker.podSecurityContext.runAsUser` | User ID for the container | `1001` | | `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` |
| `worker.podSecurityContext.runAsGroup` | Group ID for the container | `0` | | `worker.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` | | `worker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.enabled` | Enabled worker containers' Security Context | `true` | | `worker.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.runAsUser` | Set worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `worker.containerSecurityContext.runAsNonRoot` | Set worker containers' Security Context runAsNonRoot | `true` | | `worker.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker containers' Security Context runAsNonRoot | `false` | | `worker.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `worker.command` | Override default container command (useful when using custom images) | `[]` | | `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `worker.args` | Override default container args (useful when using custom images) | `[]` | | `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` | | `worker.command` | Override default container command (useful when using custom images) | `[]` |
| `worker.podLabels` | Extra labels for pods in StatefulSet | `{}` | | `worker.args` | Override default container args (useful when using custom images) | `[]` |
| `worker.podAffinityPreset` | Spark worker pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
| `worker.podAntiAffinityPreset` | Spark worker pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `worker.podLabels` | Extra labels for pods in StatefulSet | `{}` |
| `worker.nodeAffinityPreset.type` | Spark worker node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `worker.podAffinityPreset` | Spark worker pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `worker.nodeAffinityPreset.key` | Spark worker node label key to match Ignored if `worker.affinity` is set. | `""` | | `worker.podAntiAffinityPreset` | Spark worker pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `worker.nodeAffinityPreset.values` | Spark worker node label values to match. Ignored if `worker.affinity` is set. | `[]` | | `worker.nodeAffinityPreset.type` | Spark worker node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `worker.affinity` | Spark worker affinity for pod assignment | `{}` | | `worker.nodeAffinityPreset.key` | Spark worker node label key to match Ignored if `worker.affinity` is set. | `""` |
| `worker.nodeSelector` | Spark worker node labels for pod assignment | `{}` | | `worker.nodeAffinityPreset.values` | Spark worker node label values to match. Ignored if `worker.affinity` is set. | `[]` |
| `worker.tolerations` | Spark worker tolerations for pod assignment | `[]` | | `worker.affinity` | Spark worker affinity for pod assignment | `{}` |
| `worker.updateStrategy.type` | Worker statefulset strategy type. | `RollingUpdate` | | `worker.nodeSelector` | Spark worker node labels for pod assignment | `{}` |
| `worker.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` | | `worker.tolerations` | Spark worker tolerations for pod assignment | `[]` |
| `worker.priorityClassName` | worker pods' priorityClassName | `""` | | `worker.updateStrategy.type` | Worker statefulset strategy type. | `RollingUpdate` |
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `worker.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` |
| `worker.schedulerName` | Name of the k8s scheduler (other than default) for worker pods | `""` | | `worker.priorityClassName` | worker pods' priorityClassName | `""` |
| `worker.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | | `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `worker.lifecycleHooks` | for the worker container(s) to automate configuration before or after startup | `{}` | | `worker.schedulerName` | Name of the k8s scheduler (other than default) for worker pods | `""` |
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the worker pod(s) | `[]` | | `worker.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` | | `worker.lifecycleHooks` | for the worker container(s) to automate configuration before or after startup | `{}` |
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the worker statefulset | `[]` | | `worker.extraVolumes` | Optionally specify extra list of additional volumes for the worker pod(s) | `[]` |
| `worker.resources.limits` | The resources limits for the container | `{}` | | `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
| `worker.resources.requests` | The requested resources for the container | `{}` | | `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the worker statefulset | `[]` |
| `worker.livenessProbe.enabled` | Enable livenessProbe | `true` | | `worker.resources.limits` | The resources limits for the container | `{}` |
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | | `worker.resources.requests` | The requested resources for the container | `{}` |
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | | `worker.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `worker.readinessProbe.enabled` | Enable readinessProbe | `true` | | `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `worker.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `worker.startupProbe.enabled` | Enable startupProbe | `true` | | `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | | `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `worker.startupProbe.enabled` | Enable startupProbe | `true` |
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | | `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | | `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `worker.sidecars` | Add additional sidecar containers to the worker pod(s) | `[]` | | `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `worker.initContainers` | Add initContainers to the worker pods. | `[]` | | `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `worker.autoscaling.enabled` | Enable replica autoscaling depending on CPU | `false` | | `worker.sidecars` | Add additional sidecar containers to the worker pod(s) | `[]` |
| `worker.autoscaling.minReplicas` | Minimum number of worker replicas | `""` | | `worker.initContainers` | Add initContainers to the worker pods. | `[]` |
| `worker.autoscaling.maxReplicas` | Maximum number of worker replicas | `5` | | `worker.autoscaling.enabled` | Enable replica autoscaling depending on CPU | `false` |
| `worker.autoscaling.targetCPU` | Target CPU utilization percentage | `50` | | `worker.autoscaling.minReplicas` | Minimum number of worker replicas | `""` |
| `worker.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | | `worker.autoscaling.maxReplicas` | Maximum number of worker replicas | `5` |
| `worker.autoscaling.targetCPU` | Target CPU utilization percentage | `50` |
| `worker.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
### Security parameters ### Security parameters

42
charts/bitnami/spark/values.yaml
View File

@ -95,7 +95,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/spark repository: bitnami/spark
tag: 3.5.0-debian-11-r10 tag: 3.5.0-debian-11-r12
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -183,16 +183,26 @@ master:
seLinuxOptions: {} seLinuxOptions: {}
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param master.containerSecurityContext.enabled Enabled master containers' Security Context ## @param master.containerSecurityContext.enabled Enabled containers' Security Context
## @param master.containerSecurityContext.runAsUser Set master containers' Security Context runAsUser ## @param master.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param master.containerSecurityContext.runAsNonRoot Set master containers' Security Context runAsNonRoot ## @param master.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param master.containerSecurityContext.readOnlyRootFilesystem Set master containers' Security Context runAsNonRoot ## @param master.containerSecurityContext.privileged Set container's Security Context privileged
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param master.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param master.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param master.command Override default container command (useful when using custom images) ## @param master.command Override default container command (useful when using custom images)
## ##
command: [] command: []
@ -451,28 +461,34 @@ worker:
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param worker.podSecurityContext.enabled Enable security context ## @param worker.podSecurityContext.enabled Enable security context
## @param worker.podSecurityContext.fsGroup Group ID for the container ## @param worker.podSecurityContext.fsGroup Group ID for the container
## @param worker.podSecurityContext.runAsUser User ID for the container
## @param worker.podSecurityContext.runAsGroup Group ID for the container
## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container ## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
runAsUser: 1001
runAsGroup: 0
seLinuxOptions: {} seLinuxOptions: {}
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param worker.containerSecurityContext.enabled Enabled worker containers' Security Context ## @param worker.containerSecurityContext.enabled Enabled containers' Security Context
## @param worker.containerSecurityContext.runAsUser Set worker containers' Security Context runAsUser ## @param worker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param worker.containerSecurityContext.runAsNonRoot Set worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set worker containers' Security Context runAsNonRoot ## @param worker.containerSecurityContext.privileged Set container's Security Context privileged
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.command Override default container command (useful when using custom images) ## @param worker.command Override default container command (useful when using custom images)
## ##
command: [] command: []

6
charts/bitnami/tomcat/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-09T21:56:34.987847613Z" generated: "2023-10-31T12:41:05.52315381+01:00"

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -38,4 +38,4 @@ maintainers:
name: tomcat name: tomcat
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/tomcat - https://github.com/bitnami/charts/tree/main/bitnami/tomcat
version: 10.10.10 version: 10.11.0

288
charts/bitnami/tomcat/README.md
View File

@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps a [Tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps a [Tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@ -22,7 +24,7 @@ Tomcat implements several Java EE specifications including Java Servlet, JavaSer
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Tomcat in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Tomcat in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -36,9 +38,11 @@ Looking to use Apache Tomcat in production? Try [VMware Application Catalog](htt
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -77,93 +81,97 @@ The command removes all the Kubernetes components associated with the chart and
### Tomcat parameters ### Tomcat parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- | | ----------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ |
| `image.registry` | Tomcat image registry | `docker.io` | | `image.registry` | Tomcat image registry | `REGISTRY_NAME` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` | | `image.repository` | Tomcat image repository | `REPOSITORY_NAME/tomcat` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.15-debian-11-r0` | | `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.debug` | Specify if debug logs should be enabled | `false` |
| `image.debug` | Specify if debug logs should be enabled | `false` | | `hostAliases` | Deployment pod host aliases | `[]` |
| `hostAliases` | Deployment pod host aliases | `[]` | | `tomcatUsername` | Tomcat admin user | `user` |
| `tomcatUsername` | Tomcat admin user | `user` | | `tomcatPassword` | Tomcat admin password | `""` |
| `tomcatPassword` | Tomcat admin password | `""` | | `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` |
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` | | `catalinaOpts` | Java runtime option used by tomcat JVM | `""` |
| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` | | `command` | Override default container command (useful when using custom images) | `[]` |
| `command` | Override default container command (useful when using custom images) | `[]` | | `args` | Override default container args (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` | | `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` |
| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` | | `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` |
### Tomcat deployment parameters ### Tomcat deployment parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | ------------------- | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------- |
| `replicaCount` | Specify number of Tomcat replicas | `1` | | `replicaCount` | Specify number of Tomcat replicas | `1` |
| `deployment.type` | Use Deployment or StatefulSet | `deployment` | | `deployment.type` | Use Deployment or StatefulSet | `deployment` |
| `updateStrategy.type` | StrategyType | `RollingUpdate` | | `updateStrategy.type` | StrategyType | `RollingUpdate` |
| `containerPorts.http` | HTTP port to expose at container level | `8080` | | `containerPorts.http` | HTTP port to expose at container level | `8080` |
| `containerExtraPorts` | Extra ports to expose at container level | `[]` | | `containerExtraPorts` | Extra ports to expose at container level | `[]` |
| `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` | | `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enable Tomcat containers' SecurityContext | `true` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | User ID for the Tomcat container | `1001` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Force user to be root in Tomcat container | `true` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `resources.limits` | The resources limits for the Tomcat container | `{}` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `resources.requests` | The requested resources for the Tomcat container | `{}` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` | | `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | | `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `resources.limits` | The resources limits for the Tomcat container | `{}` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `resources.requests` | The requested resources for the Tomcat container | `{}` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` | | `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | | `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | | `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | | `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `startupProbe.enabled` | Enable startupProbe | `false` | | `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | | `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | | `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` | | `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | | `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `startupProbe.enabled` | Enable startupProbe | `false` |
| `customLivenessProbe` | Override default liveness probe | `{}` | | `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `customReadinessProbe` | Override default readiness probe | `{}` | | `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
| `customStartupProbe` | Override default startup probe | `{}` | | `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` |
| `podLabels` | Extra labels for Tomcat pods | `{}` | | `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `podAnnotations` | Annotations for Tomcat pods | `{}` | | `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `customLivenessProbe` | Override default liveness probe | `{}` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `customReadinessProbe` | Override default readiness probe | `{}` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `customStartupProbe` | Override default startup probe | `{}` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | | `podLabels` | Extra labels for Tomcat pods | `{}` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | | `podAnnotations` | Annotations for Tomcat pods | `{}` |
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | | `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | | `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `schedulerName` | Alternative scheduler | `""` | | `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `lifecycleHooks` | Override default etcd container hooks | `{}` | | `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `podManagementPolicy` | podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode) | `""` | | `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | | `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `extraPodSpec` | Optionally specify extra PodSpec | `{}` | | `schedulerName` | Alternative scheduler | `""` |
| `extraVolumes` | Optionally specify extra list of additional volumes for Tomcat pods in Deployment | `[]` | | `lifecycleHooks` | Override default etcd container hooks | `{}` |
| `extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for Tomcat pods in StatefulSet | `[]` | | `podManagementPolicy` | podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode) | `""` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Tomcat container(s) | `[]` | | `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
| `initContainers` | Add init containers to the Tomcat pods. | `[]` | | `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `sidecars` | Add sidecars to the Tomcat pods. | `[]` | | `extraPodSpec` | Optionally specify extra PodSpec | `{}` |
| `persistence.enabled` | Enable persistence | `true` | | `extraVolumes` | Optionally specify extra list of additional volumes for Tomcat pods in Deployment | `[]` |
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `""` | | `extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for Tomcat pods in StatefulSet | `[]` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | | `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Tomcat container(s) | `[]` |
| `persistence.accessModes` | PVC Access Modes for Tomcat volume | `["ReadWriteOnce"]` | | `initContainers` | Add init containers to the Tomcat pods. | `[]` |
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` | | `sidecars` | Add sidecars to the Tomcat pods. | `[]` |
| `persistence.existingClaim` | An Existing PVC name for Tomcat volume | `""` | | `persistence.enabled` | Enable persistence | `true` |
| `persistence.selectorLabels` | Selector labels to use in volume claim template in statefulset | `{}` | | `persistence.storageClass` | PVC Storage Class for Tomcat volume | `""` |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | `false` | | `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | | `persistence.accessModes` | PVC Access Modes for Tomcat volume | `["ReadWriteOnce"]` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | | `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
| `persistence.existingClaim` | An Existing PVC name for Tomcat volume | `""` |
| `persistence.selectorLabels` | Selector labels to use in volume claim template in statefulset | `{}` |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
### Traffic Exposure parameters ### Traffic Exposure parameters
@ -198,51 +206,54 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
### Metrics parameters ### Metrics parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` |
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | | `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r95` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.config` | Configuration file for JMX exporter | `""` |
| `metrics.jmx.config` | Configuration file for JMX exporter | `""` | | `metrics.jmx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` | | `metrics.jmx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` | | `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` | | `metrics.jmx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` | | `metrics.jmx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` | | `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` | | `metrics.jmx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.jmx.existingConfigmap` | Name of existing ConfigMap with JMX exporter configuration | `""` | | `metrics.jmx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.podMonitor.podTargetLabels` | Used to keep given pod's labels in target | `[]` | | `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` |
| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | | `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` |
| `metrics.podMonitor.namespace` | Optional namespace in which Prometheus is running | `""` | | `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` |
| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | | `metrics.jmx.existingConfigmap` | Name of existing ConfigMap with JMX exporter configuration | `""` |
| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` | | `metrics.podMonitor.podTargetLabels` | Used to keep given pod's labels in target | `[]` |
| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | | `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` | | `metrics.podMonitor.namespace` | Optional namespace in which Prometheus is running | `""` |
| `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` | | `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
| `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` | | `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` |
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | | `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | | `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` |
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | | `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` | | `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` |
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` |
| `metrics.prometheusRule.rules` | Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` |
The above parameters map to the env variables defined in [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat). For more information please refer to the [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) image documentation. The above parameters map to the env variables defined in [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat). For more information please refer to the [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) image documentation.
@ -250,9 +261,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set tomcatUsername=manager,tomcatPassword=password oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatUsername=manager,tomcatPassword=password oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the Tomcat management username and password to `manager` and `password` respectively. The above command sets the Tomcat management username and password to `manager` and `password` respectively.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -260,9 +273,10 @@ The above command sets the Tomcat management username and password to `manager`
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/tomcat helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details
@ -346,9 +360,11 @@ Consequences:
```console ```console
export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d) export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d)
kubectl delete deployments.apps tomcat kubectl delete deployments.apps tomcat
helm upgrade tomcat oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatPassword=$TOMCAT_PASSWORD helm upgrade tomcat oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 7.0.0 ### To 7.0.0
[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. [On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
@ -364,15 +380,19 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below: Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
```console ```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below: If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
```console ```console
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat --set securityContext.enabled=false,image.tag=XXX helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set securityContext.enabled=false,image.tag=XXX
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
### To 1.0.0 ### To 1.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.

4
charts/bitnami/tomcat/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/tomcat/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

54
charts/bitnami/tomcat/values.yaml
View File

@ -50,9 +50,9 @@ extraDeploy: []
## Bitnami Tomcat image version ## Bitnami Tomcat image version
## ref: https://hub.docker.com/r/bitnami/tomcat/tags/ ## ref: https://hub.docker.com/r/bitnami/tomcat/tags/
## @param image.registry Tomcat image registry ## @param image.registry [default: REGISTRY_NAME] Tomcat image registry
## @param image.repository Tomcat image repository ## @param image.repository [default: REPOSITORY_NAME/tomcat] Tomcat image repository
## @param image.tag Tomcat image tag (immutable tags are recommended) ## @skip image.tag Tomcat image tag (immutable tags are recommended)
## @param image.digest Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Tomcat image pull policy ## @param image.pullPolicy Tomcat image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array ## @param image.pullSecrets Specify docker-registry secret names as an array
@ -159,14 +159,26 @@ podSecurityContext:
fsGroup: 1001 fsGroup: 1001
## Tomcat containers' SecurityContext ## Tomcat containers' SecurityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param containerSecurityContext.enabled Enable Tomcat containers' SecurityContext ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser User ID for the Tomcat container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Force user to be root in Tomcat container ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Tomcat containers' resource requests and limits ## Tomcat containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -575,9 +587,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag ## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
@ -635,9 +647,9 @@ metrics:
catalinaOpts: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true catalinaOpts: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true
## Bitnami JMX exporter image ## Bitnami JMX exporter image
## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/ ## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/
## @param metrics.jmx.image.registry JMX exporter image registry ## @param metrics.jmx.image.registry [default: REGISTRY_NAME] JMX exporter image registry
## @param metrics.jmx.image.repository JMX exporter image repository ## @param metrics.jmx.image.repository [default: REPOSITORY_NAME/jmx-exporter] JMX exporter image repository
## @param metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended) ## @skip metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy ## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy
## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array ## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array
@ -671,13 +683,25 @@ metrics:
attrNameSnakeCase: true attrNameSnakeCase: true
## Prometheus JMX exporter containers' Security Context ## Prometheus JMX exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context ## @param metrics.jmx.containerSecurityContext.enabled Enabled containers' Security Context
## @param metrics.jmx.containerSecurityContext.runAsUser Set Prometheus JMX exporter containers' Security Context runAsUser ## @param metrics.jmx.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot ## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param metrics.jmx.containerSecurityContext.privileged Set container's Security Context privileged
## @param metrics.jmx.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param metrics.jmx.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param metrics.jmx.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.jmx.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Prometheus JMX Exporter' resource requests and limits ## Prometheus JMX Exporter' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90 image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: wordpress - name: wordpress
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5 image: docker.io/bitnami/wordpress:6.3.2-debian-11-r8
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 6.3.2 appVersion: 6.3.2
@ -47,4 +47,4 @@ maintainers:
name: wordpress name: wordpress
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 18.0.12 version: 18.1.3

15
charts/bitnami/wordpress/README.md
View File

@ -172,13 +172,14 @@ The command removes all the Kubernetes components associated with the chart and
| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` | | `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` |
| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` |
| `podSecurityContext.seccompProfile.type` | Set WordPress container's Security Context seccomp profile | `RuntimeDefault` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.enabled` | Enabled WordPress containers' Security Context | `true` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsUser` | Set WordPress container's Security Context runAsUser | `1001` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.runAsNonRoot` | Set WordPress container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set WordPress container's privilege escalation | `false` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set WordPress container's Security Context readOnlyRootFilesystem | `false` | | `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set WordPress container's Security Context runAsNonRoot | `["ALL"]` | | `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` | | `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | | `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |

24
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/wordpress repository: bitnami/wordpress
tag: 6.3.2-debian-11-r5 tag: 6.3.2-debian-11-r8
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -402,30 +402,32 @@ extraContainerPorts: []
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled WordPress pods' Security Context ## @param podSecurityContext.enabled Enabled WordPress pods' Security Context
## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup ## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup
## @param podSecurityContext.seccompProfile.type Set WordPress container's Security Context seccomp profile
## ##
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
seccompProfile:
type: "RuntimeDefault"
## Configure Container Security Context (only main container) ## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled WordPress containers' Security Context ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set WordPress container's Security Context runAsUser ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set WordPress container's Security Context runAsNonRoot ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Set WordPress container's privilege escalation ## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set WordPress container's Security Context readOnlyRootFilesystem ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.capabilities.drop Set WordPress container's Security Context runAsNonRoot ## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
allowPrivilegeEscalation: false privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ["ALL"] drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for WordPress containers' liveness, readiness and startup probes ## Configure extra options for WordPress containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe on WordPress containers ## @param livenessProbe.enabled Enable livenessProbe on WordPress containers

2
charts/bitnami/zookeeper/Chart.yaml
View File

@ -30,4 +30,4 @@ maintainers:
name: zookeeper name: zookeeper
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.1.6 version: 12.3.0

262
charts/bitnami/zookeeper/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps a [ZooKeeper](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps a [ZooKeeper](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache ZooKeeper in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -33,9 +35,11 @@ Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -78,117 +82,121 @@ The command removes all the Kubernetes components associated with the chart and
### ZooKeeper chart parameters ### ZooKeeper chart parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` | | `image.registry` | ZooKeeper image registry | `REGISTRY_NAME` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | | `image.repository` | ZooKeeper image repository | `REPOSITORY_NAME/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r1` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.debug` | Specify if debug values should be set | `false` |
| `image.debug` | Specify if debug values should be set | `false` | | `auth.client.enabled` | Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5 | `false` |
| `auth.client.enabled` | Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5 | `false` | | `auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` |
| `auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` | | `auth.client.clientPassword` | Password that will use ZooKeeper clients to auth | `""` |
| `auth.client.clientPassword` | Password that will use ZooKeeper clients to auth | `""` | | `auth.client.serverUsers` | Comma, semicolon or whitespace separated list of user to be created | `""` |
| `auth.client.serverUsers` | Comma, semicolon or whitespace separated list of user to be created | `""` | | `auth.client.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
| `auth.client.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` | | `auth.client.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
| `auth.client.existingSecret` | Use existing secret (ignores previous passwords) | `""` | | `auth.quorum.enabled` | Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5 | `false` |
| `auth.quorum.enabled` | Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5 | `false` | | `auth.quorum.learnerUser` | User that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
| `auth.quorum.learnerUser` | User that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` | | `auth.quorum.learnerPassword` | Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
| `auth.quorum.learnerPassword` | Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` | | `auth.quorum.serverUsers` | Comma, semicolon or whitespace separated list of users for the quorumServers. | `""` |
| `auth.quorum.serverUsers` | Comma, semicolon or whitespace separated list of users for the quorumServers. | `""` | | `auth.quorum.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
| `auth.quorum.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` | | `auth.quorum.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
| `auth.quorum.existingSecret` | Use existing secret (ignores previous passwords) | `""` | | `tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats | `2000` |
| `tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats | `2000` | | `initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader | `10` |
| `initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader | `10` | | `syncLimit` | How far out of date a server can be from a leader | `5` |
| `syncLimit` | How far out of date a server can be from a leader | `5` | | `preAllocSize` | Block size for transaction log file | `65536` |
| `preAllocSize` | Block size for transaction log file | `65536` | | `snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled) | `100000` |
| `snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled) | `100000` | | `maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble | `60` |
| `maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble | `60` | | `maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate | `40000` |
| `maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate | `40000` | | `heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms) | `1024` |
| `heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms) | `1024` | | `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` | | `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` | | `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` | | `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` |
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` | | `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` |
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` | | `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` | | `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` | | `dataLogDir` | Dedicated data log directory | `""` |
| `dataLogDir` | Dedicated data log directory | `""` | | `configuration` | Configure ZooKeeper with a custom zoo.cfg file | `""` |
| `configuration` | Configure ZooKeeper with a custom zoo.cfg file | `""` | | `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for ZooKeeper | `""` |
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for ZooKeeper | `""` | | `extraEnvVars` | Array with extra environment variables to add to ZooKeeper nodes | `[]` |
| `extraEnvVars` | Array with extra environment variables to add to ZooKeeper nodes | `[]` | | `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ZooKeeper nodes | `""` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ZooKeeper nodes | `""` | | `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ZooKeeper nodes | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ZooKeeper nodes | `""` | | `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` |
| `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` | | `args` | Override default container args (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
### Statefulset parameters ### Statefulset parameters
| Name | Description | Value | | Name | Description | Value |
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `replicaCount` | Number of ZooKeeper nodes | `1` | | `replicaCount` | Number of ZooKeeper nodes | `1` |
| `containerPorts.client` | ZooKeeper client container port | `2181` | | `containerPorts.client` | ZooKeeper client container port | `2181` |
| `containerPorts.tls` | ZooKeeper TLS container port | `3181` | | `containerPorts.tls` | ZooKeeper TLS container port | `3181` |
| `containerPorts.follower` | ZooKeeper follower container port | `2888` | | `containerPorts.follower` | ZooKeeper follower container port | `2888` |
| `containerPorts.election` | ZooKeeper election container port | `3888` | | `containerPorts.election` | ZooKeeper election container port | `3888` |
| `livenessProbe.enabled` | Enable livenessProbe on ZooKeeper containers | `true` | | `livenessProbe.enabled` | Enable livenessProbe on ZooKeeper containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | | `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `livenessProbe.probeCommandTimeout` | Probe command timeout for livenessProbe | `2` | | `livenessProbe.probeCommandTimeout` | Probe command timeout for livenessProbe | `2` |
| `readinessProbe.enabled` | Enable readinessProbe on ZooKeeper containers | `true` | | `readinessProbe.enabled` | Enable readinessProbe on ZooKeeper containers | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | | `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `readinessProbe.probeCommandTimeout` | Probe command timeout for readinessProbe | `2` | | `readinessProbe.probeCommandTimeout` | Probe command timeout for readinessProbe | `2` |
| `startupProbe.enabled` | Enable startupProbe on ZooKeeper containers | `false` | | `startupProbe.enabled` | Enable startupProbe on ZooKeeper containers | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | | `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `lifecycleHooks` | for the ZooKeeper container(s) to automate configuration before or after startup | `{}` | | `lifecycleHooks` | for the ZooKeeper container(s) to automate configuration before or after startup | `{}` |
| `resources.limits` | The resources limits for the ZooKeeper containers | `{}` | | `resources.limits` | The resources limits for the ZooKeeper containers | `{}` |
| `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` | | `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` |
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` | | `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` | | `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` | | `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled ZooKeeper containers' Security Context | `true` | | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set ZooKeeper containers' Security Context runAsUser | `1001` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set ZooKeeper containers' Security Context runAsNonRoot | `true` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as nonprivilege | `false` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `hostAliases` | ZooKeeper pods host aliases | `[]` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `podLabels` | Extra labels for ZooKeeper pods | `{}` | | `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `podAnnotations` | Annotations for ZooKeeper pods | `{}` | | `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `hostAliases` | ZooKeeper pods host aliases | `[]` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | | `podLabels` | Extra labels for ZooKeeper pods | `{}` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | | `podAnnotations` | Annotations for ZooKeeper pods | `{}` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | | `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `affinity` | Affinity for pod assignment | `{}` | | `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeSelector` | Node labels for pod assignment | `{}` | | `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `tolerations` | Tolerations for pod assignment | `[]` | | `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel` | `Parallel` | | `affinity` | Affinity for pod assignment | `{}` |
| `priorityClassName` | Name of the existing priority class to be used by ZooKeeper pods, priority class needs to be created beforehand | `""` | | `nodeSelector` | Node labels for pod assignment | `{}` |
| `schedulerName` | Kubernetes pod scheduler registry | `""` | | `tolerations` | Tolerations for pod assignment | `[]` |
| `updateStrategy.type` | ZooKeeper statefulset strategy type | `RollingUpdate` | | `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `updateStrategy.rollingUpdate` | ZooKeeper statefulset rolling update configuration parameters | `{}` | | `podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel` | `Parallel` |
| `extraVolumes` | Optionally specify extra list of additional volumes for the ZooKeeper pod(s) | `[]` | | `priorityClassName` | Name of the existing priority class to be used by ZooKeeper pods, priority class needs to be created beforehand | `""` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ZooKeeper container(s) | `[]` | | `schedulerName` | Kubernetes pod scheduler registry | `""` |
| `sidecars` | Add additional sidecar containers to the ZooKeeper pod(s) | `[]` | | `updateStrategy.type` | ZooKeeper statefulset strategy type | `RollingUpdate` |
| `initContainers` | Add additional init containers to the ZooKeeper pod(s) | `[]` | | `updateStrategy.rollingUpdate` | ZooKeeper statefulset rolling update configuration parameters | `{}` |
| `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` | | `extraVolumes` | Optionally specify extra list of additional volumes for the ZooKeeper pod(s) | `[]` |
| `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` | | `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ZooKeeper container(s) | `[]` |
| `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` | | `sidecars` | Add additional sidecar containers to the ZooKeeper pod(s) | `[]` |
| `initContainers` | Add additional init containers to the ZooKeeper pod(s) | `[]` |
| `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` |
| `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` |
| `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` |
| `enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
### Traffic Exposure parameters ### Traffic Exposure parameters
@ -243,19 +251,18 @@ The command removes all the Kubernetes components associated with the chart and
### Volume Permissions parameters ### Volume Permissions parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | | `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | | `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### Metrics parameters ### Metrics parameters
@ -319,9 +326,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console ```console
helm install my-release \ helm install my-release \
--set auth.clientUser=newUser \ --set auth.clientUser=newUser \
oci://registry-1.docker.io/bitnamicharts/zookeeper oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the ZooKeeper user to `newUser`. The above command sets the ZooKeeper user to `newUser`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -329,9 +338,10 @@ The above command sets the ZooKeeper user to `newUser`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details

1
charts/bitnami/zookeeper/templates/statefulset.yaml
View File

@ -43,6 +43,7 @@ spec:
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: zookeeper app.kubernetes.io/component: zookeeper
spec: spec:
enableServiceLinks: {{ .Values.enableServiceLinks }}
serviceAccountName: {{ template "zookeeper.serviceAccountName" . }} serviceAccountName: {{ template "zookeeper.serviceAccountName" . }}
{{- include "zookeeper.imagePullSecrets" . | nindent 6 }} {{- include "zookeeper.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }} {{- if .Values.hostAliases }}

35
charts/bitnami/zookeeper/values.yaml
View File

@ -68,9 +68,9 @@ diagnosticMode:
## Bitnami ZooKeeper image version ## Bitnami ZooKeeper image version
## ref: https://hub.docker.com/r/bitnami/zookeeper/tags/ ## ref: https://hub.docker.com/r/bitnami/zookeeper/tags/
## @param image.registry ZooKeeper image registry ## @param image.registry [default: REGISTRY_NAME] ZooKeeper image registry
## @param image.repository ZooKeeper image repository ## @param image.repository [default: REPOSITORY_NAME/zookeeper] ZooKeeper image repository
## @param image.tag ZooKeeper image tag (immutable tags are recommended) ## @skip image.tag ZooKeeper image tag (immutable tags are recommended)
## @param image.digest ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.digest ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy ZooKeeper image pull policy ## @param image.pullPolicy ZooKeeper image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array ## @param image.pullSecrets Specify docker-registry secret names as an array
@ -332,16 +332,26 @@ podSecurityContext:
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context ## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled ZooKeeper containers' Security Context ## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set ZooKeeper containers' Security Context runAsUser ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set ZooKeeper containers' Security Context runAsNonRoot ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege ## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param hostAliases ZooKeeper pods host aliases ## @param hostAliases ZooKeeper pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
## ##
@ -475,6 +485,11 @@ pdb:
create: false create: false
minAvailable: "" minAvailable: ""
maxUnavailable: 1 maxUnavailable: 1
## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
##
enableServiceLinks: true
## @section Traffic Exposure parameters ## @section Traffic Exposure parameters
@ -653,9 +668,9 @@ volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
## ##
enabled: false enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets

4
charts/crowdstrike/falcon-sensor/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>1.22.0-0' catalog.cattle.io/kube-version: '>1.22.0-0'
catalog.cattle.io/release-name: falcon-sensor catalog.cattle.io/release-name: falcon-sensor
apiVersion: v2 apiVersion: v2
appVersion: 1.22.1 appVersion: 1.23.1
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@ -24,4 +24,4 @@ name: falcon-sensor
sources: sources:
- https://github.com/CrowdStrike/falcon-helm - https://github.com/CrowdStrike/falcon-helm
type: application type: application
version: 1.22.1 version: 1.23.1

34
charts/crowdstrike/falcon-sensor/templates/_helpers.tpl
View File

@ -94,26 +94,30 @@ Create the name of the service account to use
{{- define "falcon-sensor.daemonsetResources" -}} {{- define "falcon-sensor.daemonsetResources" -}}
{{- if .Values.node.gke.autopilot -}} {{- if .Values.node.gke.autopilot -}}
{{- if .Values.node.daemonset.resources -}}
resources: resources:
{{- if .Values.node.daemonset.resources.limits -}} {{- if (.Values.node.daemonset.resources | default dict ).limits }}
limits: limits:
cpu: {{ .Values.node.daemonset.resources.limits.cpu | default "750m" }} cpu: {{ (.Values.node.daemonset.resources.limits | default dict ).cpu | default "750m" }}
memory: {{ .Values.node.daemonset.resources.limits.memory | default "1.5Gi" }} memory: {{ (.Values.node.daemonset.resources.limits | default dict ).memory | default "1.5Gi" }}
ephemeral-storage: {{ (index (.Values.node.daemonset.resources.limits | default dict ) "ephemeral-storage") | default "100Mi" }}
{{- else }}
limits:
cpu: 750m
memory: 1.5Gi
ephemeral-storage: 100Mi
{{- end }} {{- end }}
{{- if (.Values.node.daemonset.resources | default dict ).requests }}
requests: requests:
cpu: {{ .Values.node.daemonset.resources.requests.cpu | default "750m" }} cpu: {{ (.Values.node.daemonset.resources.requests | default dict ).cpu | default "750m" }}
memory: {{ .Values.node.daemonset.resources.requests.memory | default "1.5Gi" }} ephemeral-storage: {{ (index (.Values.node.daemonset.resources.requests | default dict ) "ephemeral-storage") | default "100Mi" }}
{{- else -}} memory: {{ (.Values.node.daemonset.resources.requests | default dict ).memory | default "1.5Gi" }}
resources: {{- else }}
limits:
cpu: "750m"
memory: "1.5Gi"
requests: requests:
cpu: "750m" cpu: 750m
memory: "1.5Gi" memory: 1.5Gi
{{- end -}} ephemeral-storage: 100Mi
{{- else -}} {{- end }}
{{- else -}}
{{- if .Values.node.daemonset.resources -}} {{- if .Values.node.daemonset.resources -}}
{{- toYaml .Values.node.daemonset.resources -}} {{- toYaml .Values.node.daemonset.resources -}}
{{- end -}} {{- end -}}

6
charts/crowdstrike/falcon-sensor/templates/daemonset.yaml
View File

@ -108,15 +108,17 @@ spec:
- name: falconstore-dir - name: falconstore-dir
mountPath: /host_opt mountPath: /host_opt
{{- end }} {{- end }}
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
{{- end }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: true privileged: true

12
charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml
View File

@ -100,15 +100,17 @@ spec:
- name: opt-crowdstrike - name: opt-crowdstrike
mountPath: /host_opt mountPath: /host_opt
{{- end }} {{- end }}
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
{{- end }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: true privileged: true
@ -133,15 +135,17 @@ spec:
- sleep 10 - sleep 10
command: command:
- /bin/bash - /bin/bash
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
limits: limits:
cpu: 10m cpu: 10m
ephemeral-storage: 10Mi ephemeral-storage: 100Mi
memory: 50Mi memory: 50Mi
{{- end }}
securityContext: securityContext:
privileged: false privileged: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true

2
charts/crowdstrike/falcon-sensor/values.yaml
View File

@ -62,9 +62,11 @@ node:
# resources: # resources:
# limits: # limits:
# cpu: 250m # cpu: 250m
# ephemeral-storage: 100Mi
# memory: 500Mi # memory: 500Mi
# requests: # requests:
# cpu: 250m # cpu: 250m
# ephemeral-storage: 100Mi
# memory: 500Mi # memory: 500Mi
# Update strategy to role out new daemonset configuration to the nodes. # Update strategy to role out new daemonset configuration to the nodes.

8
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,13 @@
# Datadog changelog # Datadog changelog
## 3.43.1
* Fix docstring typos and remove unneeded lines.
## 3.43.0
* Default `Agent` and `Cluster-Agent` to `7.49.0` version.
## 3.42.1 ## 3.42.1
* Bump FIPS proxy OpenSSL version to 3.0.12 * Bump FIPS proxy OpenSSL version to 3.0.12

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources: sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes - https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent - https://github.com/DataDog/datadog-agent
version: 3.42.1 version: 3.43.1

40
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog # Datadog
![Version: 3.42.1](https://img.shields.io/badge/Version-3.42.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) ![Version: 3.43.1](https://img.shields.io/badge/Version-3.43.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -450,7 +450,7 @@ helm install <RELEASE_NAME> \
| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| agents.image.repository | string | `nil` | Override default registry + image.name for Agent | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
| agents.image.tag | string | `"7.48.1"` | Define the Agent version to use | | agents.image.tag | string | `"7.49.0"` | Define the Agent version to use |
| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@ -514,7 +514,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
| clusterAgent.image.tag | string | `"7.48.1"` | Cluster Agent image tag to use | | clusterAgent.image.tag | string | `"7.49.0"` | Cluster Agent image tag to use |
| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@ -565,7 +565,7 @@ helm install <RELEASE_NAME> \
| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
| clusterChecksRunner.image.tag | string | `"7.48.1"` | Define the Agent version to use | | clusterChecksRunner.image.tag | string | `"7.49.0"` | Define the Agent version to use |
| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |
@ -609,13 +609,13 @@ helm install <RELEASE_NAME> \
| datadog.clusterTagger.collectKubernetesTags | bool | `false` | Enables Kubernetes resources tags collection. | | datadog.clusterTagger.collectKubernetesTags | bool | `false` | Enables Kubernetes resources tags collection. |
| datadog.collectEvents | bool | `true` | Enables this to start event collection from the kubernetes API | | datadog.collectEvents | bool | `true` | Enables this to start event collection from the kubernetes API |
| datadog.confd | object | `{}` | Provide additional check configurations (static and Autodiscovery) | | datadog.confd | object | `{}` | Provide additional check configurations (static and Autodiscovery) |
| datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list | | datadog.containerExclude | string | `nil` | Exclude containers from Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeLogs | string | `nil` | Exclude logs from Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from Agent Autodiscovery, as a space-separated list |
| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata | | datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata |
| datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in the Autodiscovery | | datadog.containerInclude | string | `nil` | Include containers in Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in Autodiscovery |
| datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeLogs | string | `nil` | Include logs in Agent Autodiscovery, as a space-separated list |
| datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeMetrics | string | `nil` | Include metrics in Agent Autodiscovery, as a space-separated list |
| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection | | datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection |
| datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. |
| datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) |
@ -634,8 +634,8 @@ helm install <RELEASE_NAME> \
| datadog.env | list | `[]` | Set environment variables for all Agents | | datadog.env | list | `[]` | Set environment variables for all Agents |
| datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict | | datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict |
| datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets | | datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets |
| datadog.excludePauseContainer | bool | `true` | Exclude pause containers from the Agent Autodiscovery. | | datadog.excludePauseContainer | bool | `true` | Exclude pause containers from Agent Autodiscovery. |
| datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfer with the agentmetrics port from the cluster-agent, which defaults to 5000 | | datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 |
| datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true | | datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true |
| datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true | | datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true |
| datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true | | datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true |
@ -662,7 +662,7 @@ helm install <RELEASE_NAME> \
| datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. |
| datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). |
| datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection |
| datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "confimaps". "" to automatically detect which one to use. | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. |
| datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second |
| datadog.logLevel | string | `"INFO"` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off | | datadog.logLevel | string | `"INFO"` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off |
| datadog.logs.autoMultiLineDetection | bool | `false` | Allows the Agent to detect common multi-line patterns automatically. | | datadog.logs.autoMultiLineDetection | bool | `false` | Allows the Agent to detect common multi-line patterns automatically. |
@ -747,17 +747,17 @@ helm install <RELEASE_NAME> \
| existingClusterAgent.serviceName | string | `nil` | Existing service name to use for reaching the external Cluster Agent | | existingClusterAgent.serviceName | string | `nil` | Existing service name to use for reaching the external Cluster Agent |
| existingClusterAgent.tokenSecretName | string | `nil` | Existing secret name to use for external Cluster Agent token | | existingClusterAgent.tokenSecretName | string | `nil` | Existing secret name to use for external Cluster Agent token |
| fips.customFipsConfig | object | `{}` | Configure a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. | | fips.customFipsConfig | object | `{}` | Configure a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. |
| fips.enabled | bool | `false` | | | fips.enabled | bool | `false` | Enable fips sidecar |
| fips.image.digest | string | `""` | Define the FIPS sidecar image digest to use, takes precedence over `fips.image.tag` if specified. | | fips.image.digest | string | `""` | Define the FIPS sidecar image digest to use, takes precedence over `fips.image.tag` if specified. |
| fips.image.name | string | `"fips-proxy"` | | | fips.image.name | string | `"fips-proxy"` | |
| fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy |
| fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. |
| fips.image.tag | string | `"0.6.1"` | Define the FIPS sidecar container version to use. | | fips.image.tag | string | `"0.6.1"` | Define the FIPS sidecar container version to use. |
| fips.local_address | string | `"127.0.0.1"` | | | fips.local_address | string | `"127.0.0.1"` | Set local IP address |
| fips.port | int | `9803` | | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. |
| fips.portRange | int | `15` | | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 |
| fips.resources | object | `{}` | Resource requests and limits for the FIPS sidecar container. | | fips.resources | object | `{}` | Resource requests and limits for the FIPS sidecar container. |
| fips.use_https | bool | `false` | | | fips.use_https | bool | `false` | Option to enable https |
| fullnameOverride | string | `nil` | Override the full qualified app name | | fullnameOverride | string | `nil` | Override the full qualified app name |
| kube-state-metrics.image.repository | string | `"registry.k8s.io/kube-state-metrics/kube-state-metrics"` | Default kube-state-metrics image repository. | | kube-state-metrics.image.repository | string | `"registry.k8s.io/kube-state-metrics/kube-state-metrics"` | Default kube-state-metrics image repository. |
| kube-state-metrics.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for KSM. KSM only supports Linux. | | kube-state-metrics.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for KSM. KSM only supports Linux. |
@ -766,12 +766,12 @@ helm install <RELEASE_NAME> \
| kube-state-metrics.serviceAccount.create | bool | `true` | If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true | | kube-state-metrics.serviceAccount.create | bool | `true` | If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true |
| kube-state-metrics.serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. | | kube-state-metrics.serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. |
| nameOverride | string | `nil` | Override name of app | | nameOverride | string | `nil` | Override name of app |
| providers.aks.enabled | bool | `false` | Activate all specifities related to AKS configuration. Required as currently we cannot auto-detect AKS. | | providers.aks.enabled | bool | `false` | Activate all specificities related to AKS configuration. Required as currently we cannot auto-detect AKS. |
| providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. |
| providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot |
| providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) |
| registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) | | registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) |
| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overriden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. |
| targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) |
## Configuration options for Windows deployments ## Configuration options for Windows deployments

Some files were not shown because too many files have changed in this diff Show More