diff --git a/assets/asserts/asserts-1.20.0.tgz b/assets/asserts/asserts-1.20.0.tgz new file mode 100644 index 000000000..bffa2cc9a Binary files /dev/null and b/assets/asserts/asserts-1.20.0.tgz differ diff --git a/assets/bitnami/airflow-14.0.6.tgz b/assets/bitnami/airflow-14.0.6.tgz new file mode 100644 index 000000000..e1502151d Binary files /dev/null and b/assets/bitnami/airflow-14.0.6.tgz differ diff --git a/assets/bitnami/cassandra-9.7.7.tgz b/assets/bitnami/cassandra-9.7.7.tgz new file mode 100644 index 000000000..a569cee04 Binary files /dev/null and b/assets/bitnami/cassandra-9.7.7.tgz differ diff --git a/assets/bitnami/kafka-20.0.1.tgz b/assets/bitnami/kafka-20.0.1.tgz new file mode 100644 index 000000000..b64de396d Binary files /dev/null and b/assets/bitnami/kafka-20.0.1.tgz differ diff --git a/assets/bitnami/mysql-9.4.5.tgz b/assets/bitnami/mysql-9.4.5.tgz new file mode 100644 index 000000000..4f2d35969 Binary files /dev/null and b/assets/bitnami/mysql-9.4.5.tgz differ diff --git a/assets/bitnami/redis-17.3.15.tgz b/assets/bitnami/redis-17.3.15.tgz new file mode 100644 index 000000000..107b1d4ca Binary files /dev/null and b/assets/bitnami/redis-17.3.15.tgz differ diff --git a/assets/bitnami/spark-6.3.12.tgz b/assets/bitnami/spark-6.3.12.tgz new file mode 100644 index 000000000..b55625ea6 Binary files /dev/null and b/assets/bitnami/spark-6.3.12.tgz differ diff --git a/assets/bitnami/tomcat-10.5.6.tgz b/assets/bitnami/tomcat-10.5.6.tgz new file mode 100644 index 000000000..52af993e1 Binary files /dev/null and b/assets/bitnami/tomcat-10.5.6.tgz differ diff --git a/assets/bitnami/zookeeper-11.0.1.tgz b/assets/bitnami/zookeeper-11.0.1.tgz new file mode 100644 index 000000000..6a9a573d4 Binary files /dev/null and b/assets/bitnami/zookeeper-11.0.1.tgz differ diff --git a/assets/datadog/datadog-3.5.2.tgz b/assets/datadog/datadog-3.5.2.tgz new file mode 100644 index 000000000..cefac677a Binary files /dev/null and b/assets/datadog/datadog-3.5.2.tgz differ diff --git a/assets/external-secrets/external-secrets-0.7.0.tgz b/assets/external-secrets/external-secrets-0.7.0.tgz new file mode 100644 index 000000000..66a589769 Binary files /dev/null and b/assets/external-secrets/external-secrets-0.7.0.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.47.12.tgz b/assets/jfrog/artifactory-ha-107.47.12.tgz new file mode 100644 index 000000000..bfa9f66a3 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.47.12.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.47.12.tgz b/assets/jfrog/artifactory-jcr-107.47.12.tgz new file mode 100644 index 000000000..66664b7a7 Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.47.12.tgz differ diff --git a/assets/nats/nats-0.19.3.tgz b/assets/nats/nats-0.19.3.tgz new file mode 100644 index 000000000..6c8ac6ce2 Binary files /dev/null and b/assets/nats/nats-0.19.3.tgz differ diff --git a/assets/redpanda/redpanda-2.3.15.tgz b/assets/redpanda/redpanda-2.3.15.tgz new file mode 100644 index 000000000..23a570c04 Binary files /dev/null and b/assets/redpanda/redpanda-2.3.15.tgz differ diff --git a/assets/sysdig/sysdig-1.15.61.tgz b/assets/sysdig/sysdig-1.15.61.tgz new file mode 100644 index 000000000..7cce41174 Binary files /dev/null and b/assets/sysdig/sysdig-1.15.61.tgz differ diff --git a/charts/asserts/asserts/Chart.lock b/charts/asserts/asserts/Chart.lock index ccf107b60..0a9755e1b 100644 --- a/charts/asserts/asserts/Chart.lock +++ b/charts/asserts/asserts/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: knowledge-sensor repository: https://asserts.github.io/helm-charts - version: 1.0.0 + version: 1.1.0 - name: victoria-metrics-single repository: https://asserts.github.io/helm-charts version: 1.1.0 @@ -26,5 +26,5 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami version: 11.1.23 -digest: sha256:c0b26e2dde9c10c982c2fab8a851100d6e8ad0cf7c2a6bdf63583023644bf92f -generated: "2022-11-29T09:21:48.692341-08:00" +digest: sha256:8eea76e7c56330e8a61698f100608b1a37dc3493c264fb23e115c4e551e69bd9 +generated: "2022-12-09T09:23:24.971235-08:00" diff --git a/charts/asserts/asserts/Chart.yaml b/charts/asserts/asserts/Chart.yaml index 093330a34..282f1ff39 100644 --- a/charts/asserts/asserts/Chart.yaml +++ b/charts/asserts/asserts/Chart.yaml @@ -8,7 +8,7 @@ dependencies: - condition: knowledge-sensor.enabled name: knowledge-sensor repository: file://./charts/knowledge-sensor - version: 1.0.0 + version: 1.1.0 - alias: tsdb condition: tsdb.enabled name: victoria-metrics-single @@ -53,4 +53,4 @@ maintainers: url: https://github.com/asserts name: asserts type: application -version: 1.17.0 +version: 1.20.0 diff --git a/charts/asserts/asserts/README.md b/charts/asserts/asserts/README.md index 4c5322650..6ea859bf9 100644 --- a/charts/asserts/asserts/README.md +++ b/charts/asserts/asserts/README.md @@ -22,7 +22,7 @@ This chart bootstraps an [Asserts](https://www.asserts.ai) deployment on a [Kube ```bash helm repo add asserts https://asserts.github.io/helm-charts helm repo update -helm install asserts asserts/asserts -n asserts --create-namespace +helm upgrade --install asserts asserts/asserts -n asserts --create-namespace ``` ### You ARE NOT running Prometheus-Operator in the same cluster as where Asserts is installed @@ -51,21 +51,24 @@ serviceMonitor: ```bash helm repo add asserts https://asserts.github.io/helm-charts helm repo update -helm install asserts asserts/asserts -n asserts -f values.yaml --create-namespace +helm upgrade --install asserts asserts/asserts -n asserts -f values.yaml --create-namespace ``` +When Asserts is spinning up for the first time, it usually takes about 3-4 minutes +but could take longer depending on the hardware resources allocated (e.g. a kind cluster). + ## Verify and Access Once all containers are initialized and running: ```bash -kubectl get pods -l app.kubernetes.io/instance=asserts +kubectl get pods -l app.kubernetes.io/instance=asserts -n asserts ``` You can then login to the asserts-ui by running: ```bash -kubectl port-forward svc/asserts-ui 8080 +kubectl port-forward svc/asserts-ui 8080 -n asserts ``` And opening your browser to [http://localhost:8080](http://localhost:8080) @@ -82,7 +85,7 @@ and query by following [these instructions](https://docs.asserts.ai/integrations To uninstall/delete the `asserts` deployment: ```console -helm delete asserts +helm delete asserts -n asserts ``` The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. @@ -90,7 +93,7 @@ The command removes all the Kubernetes components but PVC's associated with the To delete the PVC's associated with `asserts`: ```bash -kubectl delete pvc -l app.kubernetes.io/instance=asserts +kubectl delete pvc -l app.kubernetes.io/instance=asserts -n asserts ``` > **Note**: Deleting the PVC's will delete all asserts related data as well. diff --git a/charts/asserts/asserts/charts/knowledge-sensor/Chart.yaml b/charts/asserts/asserts/charts/knowledge-sensor/Chart.yaml index 3142ea4b4..e9689a23b 100644 --- a/charts/asserts/asserts/charts/knowledge-sensor/Chart.yaml +++ b/charts/asserts/asserts/charts/knowledge-sensor/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.1.8 +appVersion: v1.1.11 description: Asserts Knowledge Sensor Helm Chart maintainers: - email: arramos@asserts.ai name: arramos84 name: knowledge-sensor -version: 1.0.0 +version: 1.1.0 diff --git a/charts/asserts/asserts/scripts/resize-pvc b/charts/asserts/asserts/scripts/resize-pvc new file mode 100644 index 000000000..db7e9c792 --- /dev/null +++ b/charts/asserts/asserts/scripts/resize-pvc @@ -0,0 +1,47 @@ +#!/usr/bin/env sh + +# This assumes you are running asserts in the asserts namespace +NAMESPACE=asserts + +# Resizin the tsdb server +PVC=server-volume-asserts-tsdb-server-0 + +# Resize PV to 50Gi +SIZE=50Gi + +STORAGECLASS=$(kubectl -n $NAMESPACE get pvc $PVC -ojsonpath='{.spec.storageClassName}') + +if [ -z $STORAGECLASS ]; then + echo "Could not find STORAGECLASS for pvc $PVC!" + exit 1 +fi + +# allow volume expansion, if already done then a noop +kubectl patch storageclass $STORAGECLASS -p '{"allowVolumeExpansion":true}' + +# Get the volumeName for the PVC +VOLUME_NAME=$(kubectl -n $NAMESPACE get pvc $PVC -ojsonpath='{.spec.volumeName}') + +# Ensure the data in the persistentvolume and data is retained in case the pvc is deleted +kubectl -n $NAMESPACE patch pv $VOLUME_NAME -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' + +# Patch the pvc with the new size +kubectl -n $NAMESPACE patch pvc $PVC -p '{"spec": {"resources": {"requests": {"storage": "'${SIZE}'"}}}}' + +# In order to change the helm chart disk size values, you will need to: +# +# 1. Delete the StatefulSet with --cascade=false. This will ensure that only +# the manifest gets deleted, not the pods. The app will continue to run. +# +# kubectl -n $NAMESPACE delete sts asserts-tsdb-server --cascade=false +# +# 2. Change you values to reflect the new pvc size +# +# tsdb: +# server: +# persistentVolume: +# size: $SIZE +# +# 3. Redeploy to sync chart with system state +# +# helm upgrade --install asserts asserts/asserts -n $NAMESPACE -f values.yaml diff --git a/charts/asserts/asserts/templates/_helpers.tpl b/charts/asserts/asserts/templates/_helpers.tpl index a22e22b44..a16d11807 100644 --- a/charts/asserts/asserts/templates/_helpers.tpl +++ b/charts/asserts/asserts/templates/_helpers.tpl @@ -65,6 +65,28 @@ The asserts tenant name bootstrap {{- end }} +{{/* +redisgraph service endpoint depending if in standalone or sentinel mode +*/}} +{{- define "asserts.redisgraphServiceEndpoint" -}} +{{- if .Values.redisgraph.sentinel.enabled -}} +{{ .Values.redisgraph.fullnameOverride }}.{{ include "domain" . }}:26379 +{{- else -}} +{{.Values.redisgraph.fullnameOverride}}-master.{{ include "domain" . }}:6379 +{{- end }} +{{- end }} + +{{/* +redisearch service endpoint depending if in standalone or sentinel mode +*/}} +{{- define "asserts.redisearchServiceEndpoint" -}} +{{- if .Values.redisearch.sentinel.enabled -}} +{{.Values.redisearch.fullnameOverride}}.{{ include "domain" . }}:26379 +{{- else -}} +{{.Values.redisearch.fullnameOverride}}-master.{{ include "domain" . }}:6379 +{{- end }} +{{- end }} + {{/* Get KubeVersion removing pre-release information. */}} diff --git a/charts/asserts/asserts/values.yaml b/charts/asserts/asserts/values.yaml index 120faab4c..12728f730 100644 --- a/charts/asserts/asserts/values.yaml +++ b/charts/asserts/asserts/values.yaml @@ -140,7 +140,7 @@ server: repository: asserts/asserts-server pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.2.415 + tag: v0.2.432 initContainers: - name: wait-for-postgres @@ -150,6 +150,20 @@ server: - "{{.Values.postgres.fullnameOverride}}.{{.Release.Namespace}}.{{.Values.clusterDomain}}:5432" - "-t" - "420" + - name: wait-for-redisgraph + image: asserts/wait-for:v2.2.3 + imagePullPolicy: IfNotPresent + args: + - "{{include \"asserts.redisgraphServiceEndpoint\" .}}" + - "-t" + - "420" + - name: wait-for-redisearch + image: asserts/wait-for:v2.2.3 + imagePullPolicy: IfNotPresent + args: + - "{{include \"asserts.redisearchServiceEndpoint\" .}}" + - "-t" + - "420" imagePullSecrets: [] @@ -286,7 +300,7 @@ ui: repository: asserts/asserts-ui pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.1.1093 + tag: v0.1.1102 imagePullSecrets: [] @@ -374,7 +388,7 @@ grafana: repository: asserts/grafana pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v1.0.180 + tag: v1.0.192 imagePullSecrets: [] @@ -511,7 +525,7 @@ grafana: knowledge-sensor: image: repository: asserts/knowledge-sensor - tag: v1.1.9 + tag: v1.1.11 serviceAccount: create: false @@ -683,7 +697,7 @@ redisgraph: ## ref: https://hub.docker.com/repository/docker/asserts/redismod image: repository: asserts/redismod - tag: 6.26 + tag: 6.2.7-rg-v2.8.20-rs-v2.14.6 nameOverride: asserts-redisgraph fullnameOverride: asserts-redisgraph diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml index 59d31e526..66d02496f 100644 --- a/charts/bitnami/airflow/Chart.yaml +++ b/charts/bitnami/airflow/Chart.yaml @@ -37,4 +37,4 @@ name: airflow sources: - https://github.com/bitnami/containers/tree/main/bitnami/airflow - https://airflow.apache.org/ -version: 14.0.5 +version: 14.0.6 diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md index 3cd277452..fcdd87b5f 100644 --- a/charts/bitnami/airflow/README.md +++ b/charts/bitnami/airflow/README.md @@ -92,7 +92,7 @@ The command removes all the Kubernetes components associated with the chart and | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | | `dags.image.registry` | Init container load-dags image registry | `docker.io` | | `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` | -| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r58` | +| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r59` | | `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | | `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | @@ -112,7 +112,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- | | `web.image.registry` | Airflow image registry | `docker.io` | | `web.image.repository` | Airflow image repository | `bitnami/airflow` | -| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.0-debian-11-r1` | +| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.0-debian-11-r2` | | `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | | `web.image.pullSecrets` | Airflow image pull secrets | `[]` | @@ -188,7 +188,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- | | `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` | | `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` | -| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.0-debian-11-r0` | +| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.0-debian-11-r1` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | @@ -243,7 +243,7 @@ The command removes all the Kubernetes components associated with the chart and | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | | `worker.image.registry` | Airflow Worker image registry | `docker.io` | | `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` | -| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.0-debian-11-r0` | +| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.0-debian-11-r1` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | @@ -324,7 +324,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------- | | `git.image.registry` | Git image registry | `docker.io` | | `git.image.repository` | Git image repository | `bitnami/git` | -| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.38.1-debian-11-r16` | +| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.38.1-debian-11-r17` | | `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | | `git.image.pullSecrets` | Git image pull secrets | `[]` | @@ -420,7 +420,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.image.registry` | Airflow exporter image registry | `docker.io` | | `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` | -| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r66` | +| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r67` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml index d7057358f..76c6eddf3 100644 --- a/charts/bitnami/airflow/values.yaml +++ b/charts/bitnami/airflow/values.yaml @@ -118,7 +118,7 @@ dags: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r58 + tag: 11-debian-11-r59 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -185,7 +185,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.5.0-debian-11-r1 + tag: 2.5.0-debian-11-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -443,7 +443,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.5.0-debian-11-r0 + tag: 2.5.0-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -647,7 +647,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.5.0-debian-11-r0 + tag: 2.5.0-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -920,7 +920,7 @@ git: image: registry: docker.io repository: bitnami/git - tag: 2.38.1-debian-11-r16 + tag: 2.38.1-debian-11-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1283,7 +1283,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-11-r66 + tag: 0.20220314.0-debian-11-r67 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index 1ac5b54ae..2024231b6 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -28,4 +28,4 @@ name: cassandra sources: - https://github.com/bitnami/containers/tree/main/bitnami/cassandra - http://cassandra.apache.org -version: 9.7.6 +version: 9.7.7 diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md index aa87b182b..809580487 100644 --- a/charts/bitnami/cassandra/README.md +++ b/charts/bitnami/cassandra/README.md @@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Cassandra image registry | `docker.io` | | `image.repository` | Cassandra image repository | `bitnami/cassandra` | -| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.0.7-debian-11-r13` | +| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.0.7-debian-11-r15` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` | @@ -237,7 +237,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r57` | +| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r59` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -253,7 +253,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | -| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r64` | +| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r66` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 7ad6fee58..2403e83bb 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.0.7-debian-11-r13 + tag: 4.0.7-debian-11-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -604,7 +604,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r57 + tag: 11-debian-11-r59 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -673,7 +673,7 @@ metrics: registry: docker.io pullPolicy: IfNotPresent repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r64 + tag: 2.3.8-debian-11-r66 digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index f46d0814c..ddf3dcb52 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -34,4 +34,4 @@ name: kafka sources: - https://github.com/bitnami/containers/tree/main/bitnami/kafka - https://kafka.apache.org/ -version: 20.0.0 +version: 20.0.1 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index e1b1c605a..90ba64e58 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -7,7 +7,7 @@ Apache Kafka is a distributed streaming platform designed to build real-time pip [Overview of Apache Kafka](http://kafka.apache.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console @@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.3.1-debian-11-r19` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.3.1-debian-11-r22` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -256,7 +256,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | | `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | | `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.4-debian-11-r6` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.4-debian-11-r8` | | `externalAccess.autoDiscovery.image.digest` | Petete image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | @@ -313,7 +313,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r57` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r59` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -340,7 +340,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r34` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r36` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -388,7 +388,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r23` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r25` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index a6ca07115..76da66d26 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -69,7 +69,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.3.1-debian-11-r19 + tag: 3.3.1-debian-11-r22 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -762,7 +762,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.25.4-debian-11-r6 + tag: 1.25.4-debian-11-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1001,7 +1001,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r57 + tag: 11-debian-11-r59 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1081,7 +1081,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.6.0-debian-11-r34 + tag: 1.6.0-debian-11-r36 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1317,7 +1317,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.17.2-debian-11-r23 + tag: 0.17.2-debian-11-r25 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/mysql/.helmignore b/charts/bitnami/mysql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/bitnami/mysql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/bitnami/mysql/Chart.lock b/charts/bitnami/mysql/Chart.lock index f54e7718d..f0064f343 100644 --- a/charts/bitnami/mysql/Chart.lock +++ b/charts/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.1.2 -digest: sha256:1c365a4551a2f4098e9584dc176b289c10437c679c7c3e2ec6153cabf863e1a4 -generated: "2022-11-08T17:35:30.280445479Z" + version: 2.2.1 +digest: sha256:6c67cfa9945bf608209d4e2ca8f17079fca4770907c7902d984187ab5b21811e +generated: "2022-12-09T21:59:01.415179477Z" diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index b8a883065..49a6d21c3 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -29,4 +29,4 @@ name: mysql sources: - https://github.com/bitnami/containers/tree/main/bitnami/mysql - https://mysql.com -version: 9.4.4 +version: 9.4.5 diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md index b20e8280f..95c49b1be 100644 --- a/charts/bitnami/mysql/README.md +++ b/charts/bitnami/mysql/README.md @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | MySQL image registry | `docker.io` | | `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.31-debian-11-r10` | +| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.31-debian-11-r20` | | `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -311,7 +311,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r50` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r60` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -325,7 +325,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r55` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r65` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/mysql/charts/common/Chart.yaml b/charts/bitnami/mysql/charts/common/Chart.yaml index 6f0c3a6b3..653c063f2 100644 --- a/charts/bitnami/mysql/charts/common/Chart.yaml +++ b/charts/bitnami/mysql/charts/common/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Infrastructure apiVersion: v2 -appVersion: 2.1.2 +appVersion: 2.2.1 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +20,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.1.2 +version: 2.2.1 diff --git a/charts/bitnami/mysql/charts/common/README.md b/charts/bitnami/mysql/charts/common/README.md index a2ecd6044..ec43a5fab 100644 --- a/charts/bitnami/mysql/charts/common/README.md +++ b/charts/bitnami/mysql/charts/common/README.md @@ -43,10 +43,11 @@ The following table lists the helpers available in the library which are scoped | Helper identifier | Description | Expected Input | |-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` | ### Capabilities @@ -107,12 +108,12 @@ The following table lists the helpers available in the library which are scoped ### Secrets -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | +| Helper identifier | Description | Expected Input | +|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | ### Storage diff --git a/charts/bitnami/mysql/charts/common/templates/_affinities.tpl b/charts/bitnami/mysql/charts/common/templates/_affinities.tpl index 497068f06..81902a681 100644 --- a/charts/bitnami/mysql/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_affinities.tpl @@ -45,9 +45,17 @@ Return a nodeAffinity definition {{- end -}} {{- end -}} +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} @@ -62,13 +70,13 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - topologyKey: kubernetes.io/hostname + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 {{- end -}} {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} @@ -82,7 +90,7 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - topologyKey: kubernetes.io/hostname + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- end -}} {{/* diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml index e153de6a7..3a24e03d6 100644 --- a/charts/bitnami/mysql/values.yaml +++ b/charts/bitnami/mysql/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.31-debian-11-r10 + tag: 8.0.31-debian-11-r20 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -984,7 +984,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r50 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1017,7 +1017,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r55 + tag: 0.14.0-debian-11-r65 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index 354a6c2fd..6a9cd42b4 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -27,4 +27,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/containers/tree/main/bitnami/redis -version: 17.3.14 +version: 17.3.15 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index 130c77437..acb064dd1 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -99,7 +99,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Redis® image registry | `docker.io` | | `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.5-debian-11-r25` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.5-debian-11-r27` | | `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | | `image.pullSecrets` | Redis® image pull secrets | `[]` | @@ -334,7 +334,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.5-debian-11-r24` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.5-debian-11-r26` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -448,7 +448,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.45.0-debian-11-r11` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.45.0-debian-11-r14` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -493,7 +493,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r58` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r60` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -503,7 +503,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | | `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r58` | +| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r60` | | `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index a2bbf7e0e..46a874538 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -79,7 +79,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.0.5-debian-11-r25 + tag: 7.0.5-debian-11-r27 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -285,10 +285,9 @@ master: ## updateStrategy: ## StrategyType - ## Can be set to RollingUpdate or OnDelete + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) ## type: RollingUpdate - rollingUpdate: {} ## @param master.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update ## minReadySeconds: 0 @@ -686,10 +685,9 @@ replica: ## updateStrategy: ## StrategyType - ## Can be set to RollingUpdate or OnDelete + ## Can be set to RollingUpdate, OnDelete (statefulset), Recreate (deployment) ## type: RollingUpdate - rollingUpdate: {} ## @param replica.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update ## minReadySeconds: 0 @@ -976,7 +974,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.0.5-debian-11-r24 + tag: 7.0.5-debian-11-r26 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1393,7 +1391,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.45.0-debian-11-r11 + tag: 1.45.0-debian-11-r14 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1591,7 +1589,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r58 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1639,7 +1637,7 @@ sysctl: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r58 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/spark/.helmignore b/charts/bitnami/spark/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/bitnami/spark/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/bitnami/spark/Chart.lock b/charts/bitnami/spark/Chart.lock index b517293c4..c4f5c7512 100644 --- a/charts/bitnami/spark/Chart.lock +++ b/charts/bitnami/spark/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.1.2 -digest: sha256:1c365a4551a2f4098e9584dc176b289c10437c679c7c3e2ec6153cabf863e1a4 -generated: "2022-11-10T00:19:17.637005911Z" + version: 2.2.1 +digest: sha256:6c67cfa9945bf608209d4e2ca8f17079fca4770907c7902d984187ab5b21811e +generated: "2022-12-07T06:37:53.456035791Z" diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index 59b681e92..d005c6d45 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -27,4 +27,4 @@ name: spark sources: - https://github.com/bitnami/containers/tree/main/bitnami/spark - https://spark.apache.org/ -version: 6.3.11 +version: 6.3.12 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index 44618c8b8..bf312b027 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -84,16 +84,16 @@ The command removes all the Kubernetes components associated with the chart and ### Spark parameters -| Name | Description | Value | -| ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- | -| `image.registry` | Spark image registry | `docker.io` | -| `image.repository` | Spark image repository | `bitnami/spark` | -| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.1-debian-11-r5` | -| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `hostNetwork` | Enable HOST Network | `false` | +| Name | Description | Value | +| ------------------- | ----------------------------------------------------------------------------------------------------- | --------------------- | +| `image.registry` | Spark image registry | `docker.io` | +| `image.repository` | Spark image repository | `bitnami/spark` | +| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.1-debian-11-r14` | +| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `hostNetwork` | Enable HOST Network | `false` | ### Spark master parameters diff --git a/charts/bitnami/spark/charts/common/Chart.yaml b/charts/bitnami/spark/charts/common/Chart.yaml index 6f0c3a6b3..653c063f2 100644 --- a/charts/bitnami/spark/charts/common/Chart.yaml +++ b/charts/bitnami/spark/charts/common/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Infrastructure apiVersion: v2 -appVersion: 2.1.2 +appVersion: 2.2.1 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +20,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.1.2 +version: 2.2.1 diff --git a/charts/bitnami/spark/charts/common/README.md b/charts/bitnami/spark/charts/common/README.md index a2ecd6044..ec43a5fab 100644 --- a/charts/bitnami/spark/charts/common/README.md +++ b/charts/bitnami/spark/charts/common/README.md @@ -43,10 +43,11 @@ The following table lists the helpers available in the library which are scoped | Helper identifier | Description | Expected Input | |-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` | ### Capabilities @@ -107,12 +108,12 @@ The following table lists the helpers available in the library which are scoped ### Secrets -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | +| Helper identifier | Description | Expected Input | +|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | ### Storage diff --git a/charts/bitnami/spark/charts/common/templates/_affinities.tpl b/charts/bitnami/spark/charts/common/templates/_affinities.tpl index 497068f06..81902a681 100644 --- a/charts/bitnami/spark/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/spark/charts/common/templates/_affinities.tpl @@ -45,9 +45,17 @@ Return a nodeAffinity definition {{- end -}} {{- end -}} +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} @@ -62,13 +70,13 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - topologyKey: kubernetes.io/hostname + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 {{- end -}} {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} @@ -82,7 +90,7 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - topologyKey: kubernetes.io/hostname + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- end -}} {{/* diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index a9924a20d..551b05938 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -92,7 +92,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.3.1-debian-11-r5 + tag: 3.3.1-debian-11-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/tomcat/.helmignore b/charts/bitnami/tomcat/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/bitnami/tomcat/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml index 84e621fd3..335215ded 100644 --- a/charts/bitnami/tomcat/Chart.yaml +++ b/charts/bitnami/tomcat/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/release-name: tomcat category: ApplicationServer apiVersion: v2 -appVersion: 10.1.2 +appVersion: 10.1.4 dependencies: - name: common repository: file://./charts/common @@ -31,4 +31,4 @@ name: tomcat sources: - https://github.com/bitnami/containers/tree/main/bitnami/tomcat - http://tomcat.apache.org -version: 10.5.4 +version: 10.5.6 diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md index ff99e6356..4e02d9975 100644 --- a/charts/bitnami/tomcat/README.md +++ b/charts/bitnami/tomcat/README.md @@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | ------------------------------------------------------------------------------------------------------ | --------------------- | | `image.registry` | Tomcat image registry | `docker.io` | | `image.repository` | Tomcat image repository | `bitnami/tomcat` | -| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.2-debian-11-r4` | +| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.4-debian-11-r0` | | `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -207,7 +207,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r55` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r60` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -223,7 +223,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r21` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r26` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml index 0439b8a8e..4928afa30 100644 --- a/charts/bitnami/tomcat/values.yaml +++ b/charts/bitnami/tomcat/values.yaml @@ -58,7 +58,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/tomcat - tag: 10.1.2-debian-11-r4 + tag: 10.1.4-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -576,7 +576,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r55 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -636,7 +636,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.17.2-debian-11-r21 + tag: 0.17.2-debian-11-r26 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/zookeeper/Chart.lock b/charts/bitnami/zookeeper/Chart.lock index 4e24e0406..e6b30f2fb 100644 --- a/charts/bitnami/zookeeper/Chart.lock +++ b/charts/bitnami/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.1.2 -digest: sha256:1c365a4551a2f4098e9584dc176b289c10437c679c7c3e2ec6153cabf863e1a4 -generated: "2022-11-12T08:51:13.076591259Z" + version: 2.2.1 +digest: sha256:6c67cfa9945bf608209d4e2ca8f17079fca4770907c7902d984187ab5b21811e +generated: "2022-12-09T23:46:15.313038016Z" diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index 15086ac8b..3da4a61e5 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -25,4 +25,4 @@ name: zookeeper sources: - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper - https://zookeeper.apache.org/ -version: 11.0.0 +version: 11.0.1 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index 013cba8af..7dfdf5433 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -7,7 +7,7 @@ Apache ZooKeeper provides a reliable, centralized register of configuration data [Overview of Apache ZooKeeper](https://zookeeper.apache.org) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r56` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r65` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -254,7 +254,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r51` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r60` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -431,10 +431,14 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 11.0.0 + +This major version removes `commonAnnotations` and `commonLabels` from `volumeClaimTemplates`. Now annotations and labels can be set in volume claims using `persistence.annotations` and `persistence.labels` values. If the previous deployment has already set `commonAnnotations` and/or `commonLabels` values, to ensure a clean upgrade from previous version without loosing data, please set `persistence.annotations` and/or `persistence.labels` values with the same content as the common values. + ### To 10.0.0 This new version of the chart adds support for server-server authentication. -The chart previously supported client-server authentication, to avioud confusion, the previous parameters have been renamed from `auth.*` to `auth.client.*`. +The chart previously supported client-server authentication, to avoid confusion, the previous parameters have been renamed from `auth.*` to `auth.client.*`. ### To 9.0.0 @@ -525,4 +529,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/charts/bitnami/zookeeper/charts/common/Chart.yaml b/charts/bitnami/zookeeper/charts/common/Chart.yaml index 6f0c3a6b3..653c063f2 100644 --- a/charts/bitnami/zookeeper/charts/common/Chart.yaml +++ b/charts/bitnami/zookeeper/charts/common/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Infrastructure apiVersion: v2 -appVersion: 2.1.2 +appVersion: 2.2.1 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +20,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.1.2 +version: 2.2.1 diff --git a/charts/bitnami/zookeeper/charts/common/README.md b/charts/bitnami/zookeeper/charts/common/README.md index a2ecd6044..ec43a5fab 100644 --- a/charts/bitnami/zookeeper/charts/common/README.md +++ b/charts/bitnami/zookeeper/charts/common/README.md @@ -43,10 +43,11 @@ The following table lists the helpers available in the library which are scoped | Helper identifier | Description | Expected Input | |-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` | ### Capabilities @@ -107,12 +108,12 @@ The following table lists the helpers available in the library which are scoped ### Secrets -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | +| Helper identifier | Description | Expected Input | +|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | ### Storage diff --git a/charts/bitnami/zookeeper/charts/common/templates/_affinities.tpl b/charts/bitnami/zookeeper/charts/common/templates/_affinities.tpl index 497068f06..81902a681 100644 --- a/charts/bitnami/zookeeper/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/zookeeper/charts/common/templates/_affinities.tpl @@ -45,9 +45,17 @@ Return a nodeAffinity definition {{- end -}} {{- end -}} +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} @@ -62,13 +70,13 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - topologyKey: kubernetes.io/hostname + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 {{- end -}} {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} @@ -82,7 +90,7 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} - topologyKey: kubernetes.io/hostname + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- end -}} {{/* diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index 37bab7420..934383269 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.0-debian-11-r56 + tag: 3.8.0-debian-11-r65 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -658,7 +658,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r51 + tag: 11-debian-11-r60 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 770a0ed56..f7800dd64 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.5.2 + +* Fix API Key check in NOTES.txt following change of default value for `datadog.apiKey`. +* Fix failure if PSP activated in Kubernetes 1.25 (PSP have been removed). + ## 3.5.1 * Removing default value placeholder for the API Key in the values.yaml. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 04fce20b2..e72ab9f3f 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.5.1 +version: 3.5.2 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index 1f9a6d2cf..40579849a 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.5.1](https://img.shields.io/badge/Version-3.5.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.5.2](https://img.shields.io/badge/Version-3.5.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/datadog/templates/NOTES.txt b/charts/datadog/datadog/templates/NOTES.txt index f7c8acfd5..e579929f3 100644 --- a/charts/datadog/datadog/templates/NOTES.txt +++ b/charts/datadog/datadog/templates/NOTES.txt @@ -1,4 +1,4 @@ -{{- if (or (.Values.datadog.apiKeyExistingSecret) (not (eq .Values.datadog.apiKey ""))) }} +{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} Datadog agents are spinning up on each node in your cluster. After a few minutes, you should see your agents starting in your event stream: https://app.datadoghq.com/event/explorer @@ -6,7 +6,6 @@ minutes, you should see your agents starting in your event stream: {{- if .Values.datadog.apiKeyExistingSecret }} You disabled creation of Secret containing API key, therefore it is expected that you create Secret named '{{ .Values.datadog.apiKeyExistingSecret }}' which includes a key called 'api-key' containing the API key. - {{- else if not (eq .Values.datadog.apiKey "") }} {{- end }} {{- else }} @@ -448,4 +447,13 @@ To send OTLP data to the Agent use the Service created by specifying "http://{{ You have enabled OTLP Ingest for the HTTP port without the Host Port enabled. To send OTLP data to the Agent use the Service created by specifying "http://{{ template "localService.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.datadog.otlp.receiver.protocols.http.endpoint | regexFind ":[0-9]+$" | trimPrefix ":" }}" as the endpoint. +{{- end }} + +{{- if and (or .Values.clusterAgent.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.podSecurityPolicy.create) (not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy")) }} +################################################################# +#### WARNING: Incompatibility #### +################################################################# +You have enabled creataion of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. + +You should deactivate these options: clusterAgent.podSecurity.podSecurityPolicy.create and/or agents.podSecurity.podSecurityPolicy.create {{- end }} \ No newline at end of file diff --git a/charts/datadog/datadog/templates/agent-psp.yaml b/charts/datadog/datadog/templates/agent-psp.yaml index 2dbc75ab9..7da92da63 100644 --- a/charts/datadog/datadog/templates/agent-psp.yaml +++ b/charts/datadog/datadog/templates/agent-psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.agents.podSecurity.podSecurityPolicy.create}} +{{- if and .Values.agents.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/datadog/datadog/templates/cluster-agent-psp.yaml b/charts/datadog/datadog/templates/cluster-agent-psp.yaml index 234f9e711..815689489 100644 --- a/charts/datadog/datadog/templates/cluster-agent-psp.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterAgent.podSecurity.podSecurityPolicy.create }} +{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/external-secrets/external-secrets/.helmignore b/charts/external-secrets/external-secrets/.helmignore new file mode 100644 index 000000000..855edc3fb --- /dev/null +++ b/charts/external-secrets/external-secrets/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# CRD README.md +templates/crds/README.md diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index 03900b924..fb4923271 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.6.1 +appVersion: v0.7.0 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.6.1 +version: 0.7.0 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index c86e032df..faba33ad9 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) External secret management for Kubernetes @@ -77,6 +77,7 @@ The command removes all the Kubernetes components associated with the chart and | controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. | | crds.createClusterExternalSecret | bool | `true` | If true, create CRDs for Cluster External Secret. | | crds.createClusterSecretStore | bool | `true` | If true, create CRDs for Cluster Secret Store. | +| crds.createPushSecret | bool | `true` | If true, create CRDs for Push Secret. | | createOperator | bool | `true` | Specifies whether an external secret operator deployment be created. | | deploymentAnnotations | object | `{}` | Annotations to add to Deployment | | dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment | diff --git a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml new file mode 100644 index 000000000..70031455a --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml @@ -0,0 +1,142 @@ +{{- if .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: acraccesstokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - acraccesstoken + kind: ACRAccessToken + listKind: ACRAccessTokenList + plural: acraccesstokens + shortNames: + - acraccesstoken + singular: acraccesstoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "ACRAccessToken returns a Azure Container Registry token that can be used for pushing/pulling images. Note: by default it will return an ACR Refresh Token with full access (depending on the identity). This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. \n See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'ACRAccessTokenSpec defines how to generate the access token e.g. how to authenticate and which registry to use. see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview' + properties: + auth: + properties: + managedIdentity: + description: ManagedIdentity uses Azure Managed Identity to authenticate with Azure. + properties: + identityId: + description: If multiple Managed Identity is assigned to the pod, you can select the one to be used + type: string + type: object + servicePrincipal: + description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure. + properties: + secretRef: + description: Configuration used to authenticate with Azure using static credentials stored in a Kind=Secret. + properties: + clientId: + description: The Azure clientId of the service principle used for authentication. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + clientSecret: + description: The Azure ClientSecret of the service principle used for authentication. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + workloadIdentity: + description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure. + properties: + serviceAccountRef: + description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + type: object + type: object + environmentType: + default: PublicCloud + description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud' + enum: + - PublicCloud + - USGovernmentCloud + - ChinaCloud + - GermanCloud + type: string + registry: + description: the domain name of the ACR registry e.g. foobarexample.azurecr.io + type: string + scope: + description: "Define the scope for the access token, e.g. pull/push access for a repository. if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. \n examples: repository:my-repository:pull,push repository:my-repository:pull \n see docs for details: https://docs.docker.com/registry/spec/auth/scope/" + type: string + tenantId: + description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. + type: string + required: + - auth + - registry + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + path: /convert +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml index d013712f6..b67fe9d1c 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml @@ -60,7 +60,7 @@ spec: description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: - description: ExternalSecretDataRemoteRef defines Provider data location. + description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch. properties: conversionStrategy: default: Default @@ -86,7 +86,42 @@ spec: - key type: object secretKey: + description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret type: string + sourceRef: + description: SourceRef allows you to override the source from which the value will pulled from. + maxProperties: 1 + properties: + generatorRef: + description: GeneratorRef points to a generator custom resource in + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + type: string + name: + description: Specify the name of the generator resource + type: string + required: + - kind + - name + type: object + storeRef: + description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. + properties: + kind: + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + type: string + name: + description: Name of the SecretStore resource + type: string + required: + - name + type: object + type: object required: - remoteRef - secretKey @@ -97,7 +132,7 @@ spec: items: properties: extract: - description: Used to extract multiple key/value pairs from one secret + description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.' properties: conversionStrategy: default: Default @@ -123,7 +158,7 @@ spec: - key type: object find: - description: Used to find secrets based on tags or regular expressions + description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.' properties: conversionStrategy: default: Default @@ -168,6 +203,40 @@ spec: type: object type: object type: array + sourceRef: + description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values + maxProperties: 1 + properties: + generatorRef: + description: GeneratorRef points to a generator custom resource in + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + type: string + name: + description: Specify the name of the generator resource + type: string + required: + - kind + - name + type: object + storeRef: + description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. + properties: + kind: + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + type: string + name: + description: Name of the SecretStore resource + type: string + required: + - name + type: object + type: object type: object type: array refreshInterval: @@ -282,8 +351,6 @@ spec: type: string type: object type: object - required: - - secretStoreRef type: object namespaceSelector: description: The labels to select by to find the Namespaces to create the ExternalSecrets in. diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index b09920ac5..10227eab7 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -1101,6 +1101,9 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].reason name: Status type: string + - jsonPath: .status.capabilities + name: Capabilities + type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string @@ -1378,6 +1381,19 @@ spec: description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. type: string type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object type: object type: object region: @@ -1637,6 +1653,14 @@ spec: environment: description: Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments) type: string + groupIDs: + description: GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables. + items: + type: string + type: array + inheritFromGroups: + description: InheritFromGroups specifies whether parent groups should be discovered and checked for secrets. + type: boolean projectID: description: ProjectID specifies a project where secrets are located. type: string @@ -2392,6 +2416,9 @@ spec: status: description: SecretStoreStatus defines the observed state of the SecretStore. properties: + capabilities: + description: SecretStoreCapabilities defines the possible operations a SecretStore can do. + type: string conditions: items: properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml new file mode 100644 index 000000000..2b95d795b --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml @@ -0,0 +1,129 @@ +{{- if .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: ecrauthorizationtokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - ecrauthorizationtoken + kind: ECRAuthorizationToken + listKind: ECRAuthorizationTokenList + plural: ecrauthorizationtokens + shortNames: + - ecrauthorizationtoken + singular: ecrauthorizationtoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an authorization token. The authorization token is valid for 12 hours. The authorizationToken returned is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + role: + description: You can assume a role before making calls to the desired AWS service. + type: string + required: + - region + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + path: /convert +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml index 0162e0f9d..03f300c52 100644 --- a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml @@ -270,7 +270,7 @@ spec: description: ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. properties: remoteRef: - description: ExternalSecretDataRemoteRef defines Provider data location. + description: RemoteRef points to the remote secret and defines which secret (version/property/..) to fetch. properties: conversionStrategy: default: Default @@ -296,7 +296,42 @@ spec: - key type: object secretKey: + description: SecretKey defines the key in which the controller stores the value. This is the key in the Kind=Secret type: string + sourceRef: + description: SourceRef allows you to override the source from which the value will pulled from. + maxProperties: 1 + properties: + generatorRef: + description: GeneratorRef points to a generator custom resource in + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + type: string + name: + description: Specify the name of the generator resource + type: string + required: + - kind + - name + type: object + storeRef: + description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. + properties: + kind: + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + type: string + name: + description: Name of the SecretStore resource + type: string + required: + - name + type: object + type: object required: - remoteRef - secretKey @@ -307,7 +342,7 @@ spec: items: properties: extract: - description: Used to extract multiple key/value pairs from one secret + description: 'Used to extract multiple key/value pairs from one secret Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.' properties: conversionStrategy: default: Default @@ -333,7 +368,7 @@ spec: - key type: object find: - description: Used to find secrets based on tags or regular expressions + description: 'Used to find secrets based on tags or regular expressions Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.' properties: conversionStrategy: default: Default @@ -378,6 +413,40 @@ spec: type: object type: object type: array + sourceRef: + description: SourceRef points to a store or generator which contains secret values ready to use. Use this in combination with Extract or Find pull values out of a specific SecretStore. When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values + maxProperties: 1 + properties: + generatorRef: + description: GeneratorRef points to a generator custom resource in + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + type: string + name: + description: Specify the name of the generator resource + type: string + required: + - kind + - name + type: object + storeRef: + description: SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. + properties: + kind: + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + type: string + name: + description: Name of the SecretStore resource + type: string + required: + - name + type: object + type: object type: object type: array refreshInterval: @@ -492,8 +561,6 @@ spec: type: string type: object type: object - required: - - secretStoreRef type: object status: properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/fake.yaml b/charts/external-secrets/external-secrets/templates/crds/fake.yaml new file mode 100644 index 000000000..e0d502415 --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/crds/fake.yaml @@ -0,0 +1,59 @@ +{{- if .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: fakes.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - fake + kind: Fake + listKind: FakeList + plural: fakes + shortNames: + - fake + singular: fake + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Fake generator is used for testing. It lets you define a static set of credentials that is always returned. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FakeSpec contains the static data. + properties: + data: + additionalProperties: + type: string + description: Data defines the static data returned by this generator. + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + path: /convert +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml new file mode 100644 index 000000000..3556976b1 --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml @@ -0,0 +1,109 @@ +{{- if .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: gcraccesstokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - gcraccesstoken + kind: GCRAccessToken + listKind: GCRAccessTokenList + plural: gcraccesstokens + shortNames: + - gcraccesstoken + singular: gcraccesstoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: GCRAccessToken generates an GCP access token that can be used to authenticate with GCR. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + auth: + description: Auth defines the means for authenticating with GCP + properties: + secretRef: + properties: + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + workloadIdentity: + properties: + clusterLocation: + type: string + clusterName: + type: string + clusterProjectID: + type: string + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + required: + - clusterLocation + - clusterName + - serviceAccountRef + type: object + type: object + projectID: + description: ProjectID defines which project to use to authenticate with + type: string + required: + - auth + - projectID + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + path: /convert +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/crds/password.yaml b/charts/external-secrets/external-secrets/templates/crds/password.yaml new file mode 100644 index 000000000..68bfdc6bc --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/crds/password.yaml @@ -0,0 +1,79 @@ +{{- if .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: passwords.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - password + kind: Password + listKind: PasswordList + plural: passwords + shortNames: + - password + singular: password + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Password generates a random password based on the configuration parameters in spec. You can specify the length, characterset and other attributes. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PasswordSpec controls the behavior of the password generator. + properties: + allowRepeat: + default: false + description: set AllowRepeat to true to allow repeating characters. + type: boolean + digits: + description: Digits specifies the number of digits in the generated password. If omitted it defaults to 25% of the length of the password + type: integer + length: + default: 24 + description: Length of the password to be generated. Defaults to 24 + type: integer + noUpper: + default: false + description: Set NoUpper to disable uppercase characters + type: boolean + symbolCharacters: + description: SymbolCharacters specifies the special characters that should be used in the generated password. + type: string + symbols: + description: Symbols specifies the number of symbol characters in the generated password. If omitted it defaults to 25% of the length of the password + type: integer + required: + - allowRepeat + - length + - noUpper + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + path: /convert +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml new file mode 100644 index 000000000..3f908ff68 --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml @@ -0,0 +1,215 @@ +{{- if .Values.installCRDs }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: pushsecrets.external-secrets.io +spec: + group: external-secrets.io + names: + categories: + - pushsecrets + kind: PushSecret + listKind: PushSecretList + plural: pushsecrets + singular: pushsecret + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].reason + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PushSecretSpec configures the behavior of the PushSecret. + properties: + data: + description: Secret Data that should be pushed to providers + items: + properties: + match: + description: Match a given Secret Key to be pushed to the provider. + properties: + remoteRef: + description: Remote Refs to push to providers. + properties: + remoteKey: + description: Name of the resulting provider secret. + type: string + required: + - remoteKey + type: object + secretKey: + description: Secret Key to be pushed + type: string + required: + - remoteRef + - secretKey + type: object + required: + - match + type: object + type: array + deletionPolicy: + default: None + description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".' + type: string + refreshInterval: + description: The Interval to which External Secrets will try to push a secret definition + type: string + secretStoreRefs: + items: + properties: + kind: + default: SecretStore + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + type: string + labelSelector: + description: Optionally, sync to secret stores with label selector + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Optionally, sync to the SecretStore of the given name + type: string + type: object + type: array + selector: + description: The Secret Selector (k8s source) for the Push Secret + properties: + secret: + description: Select a Secret to Push. + properties: + name: + description: Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest. + type: string + required: + - name + type: object + required: + - secret + type: object + required: + - secretStoreRefs + - selector + type: object + status: + description: PushSecretStatus indicates the history of the status of PushSecret. + properties: + conditions: + items: + description: PushSecretStatusCondition indicates the status of the PushSecret. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: PushSecretConditionType indicates the condition of the PushSecret. + type: string + required: + - status + - type + type: object + type: array + refreshTime: + description: refreshTime is the time and date the external secret was fetched and the target secret updated + format: date-time + nullable: true + type: string + syncedPushSecrets: + additionalProperties: + additionalProperties: + properties: + match: + description: Match a given Secret Key to be pushed to the provider. + properties: + remoteRef: + description: Remote Refs to push to providers. + properties: + remoteKey: + description: Name of the resulting provider secret. + type: string + required: + - remoteKey + type: object + secretKey: + description: Secret Key to be pushed + type: string + required: + - remoteRef + - secretKey + type: object + required: + - match + type: object + type: object + description: Synced Push Secrets for later deletion. Matches Secret Stores to PushSecretData that was stored to that secretStore. + type: object + syncedResourceVersion: + description: SyncedResourceVersion keeps track of the last synced version. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + path: /convert +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index d637519cf..cc5d11918 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -1101,6 +1101,9 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].reason name: Status type: string + - jsonPath: .status.capabilities + name: Capabilities + type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string @@ -1378,6 +1381,19 @@ spec: description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. type: string type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object type: object type: object region: @@ -1637,6 +1653,14 @@ spec: environment: description: Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments) type: string + groupIDs: + description: GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables. + items: + type: string + type: array + inheritFromGroups: + description: InheritFromGroups specifies whether parent groups should be discovered and checked for secrets. + type: boolean projectID: description: ProjectID specifies a project where secrets are located. type: string @@ -2392,6 +2416,9 @@ spec: status: description: SecretStoreStatus defines the observed state of the SecretStore. properties: + capabilities: + description: SecretStoreCapabilities defines the possible operations a SecretStore can do. + type: string conditions: items: properties: diff --git a/charts/external-secrets/external-secrets/templates/rbac.yaml b/charts/external-secrets/external-secrets/templates/rbac.yaml index edaee8620..773282be3 100644 --- a/charts/external-secrets/external-secrets/templates/rbac.yaml +++ b/charts/external-secrets/external-secrets/templates/rbac.yaml @@ -20,6 +20,7 @@ rules: - "clustersecretstores" - "externalsecrets" - "clusterexternalsecrets" + - "pushsecrets" verbs: - "get" - "list" @@ -39,9 +40,24 @@ rules: - "clusterexternalsecrets" - "clusterexternalsecrets/status" - "clusterexternalsecrets/finalizers" + - "pushsecrets" + - "pushsecrets/status" + - "pushsecrets/finalizers" verbs: - "update" - "patch" + - apiGroups: + - "generators.external-secrets.io" + resources: + - "fakes" + - "passwords" + - "acraccesstokens" + - "gcraccesstokens" + - "ecrauthorizationtokens" + verbs: + - "get" + - "list" + - "watch" - apiGroups: - "" resources: @@ -116,6 +132,7 @@ rules: - "externalsecrets" - "secretstores" - "clustersecretstores" + - "pushsecrets" verbs: - "get" - "watch" @@ -143,6 +160,7 @@ rules: - "externalsecrets" - "secretstores" - "clustersecretstores" + - "pushsecrets" verbs: - "create" - "delete" diff --git a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml index 6cf2f8392..33abf57a9 100644 --- a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml @@ -51,6 +51,7 @@ spec: - --dns-name={{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}.svc - --cert-dir={{ .Values.webhook.certDir }} - --check-interval={{ .Values.webhook.certCheckInterval }} + - --metrics-addr=:{{ .Values.webhook.prometheus.service.port }} - --healthz-addr={{ .Values.webhook.readinessProbe.address }}:{{ .Values.webhook.readinessProbe.port }} {{- if .Values.webhook.lookaheadInterval }} - --lookahead-interval={{ .Values.webhook.lookaheadInterval }} diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml index aec58cffb..31ca4d29a 100644 --- a/charts/external-secrets/external-secrets/values.yaml +++ b/charts/external-secrets/external-secrets/values.yaml @@ -17,6 +17,8 @@ crds: createClusterExternalSecret: true # -- If true, create CRDs for Cluster Secret Store. createClusterSecretStore: true + # -- If true, create CRDs for Push Secret. + createPushSecret: true imagePullSecrets: [] nameOverride: "" diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index 4a79d0e9d..679263ecc 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.47.11] - Oct 27, 2022 +## [107.47.12] - Oct 27, 2022 * Updated router version to `7.51.0` ## [107.47.0] - Sep 29, 2022 diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index 692f90440..1806c45da 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.47.11 +appVersion: 7.47.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.47.11 +version: 107.47.12 diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md index b8522137b..ad67ad8bd 100644 --- a/charts/jfrog/artifactory-jcr/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.47.11] - Aug 25, 2022 +## [107.47.12] - Aug 25, 2022 * Included event service as mandatory and remove the flag from values.yaml ## [107.41.0] - Jul 22, 2022 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index 989c48afe..e86c37920 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -4,11 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.47.11 +appVersion: 7.47.12 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.47.11 + version: 107.47.12 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.47.11 +version: 107.47.12 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index 41cfc009e..af6504603 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.47.11] - Oct 27, 2022 +## [107.47.12] - Oct 27, 2022 * Updated router version to `7.51.0` ## [107.47.0] - Sep 29, 2022 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index 6f9f32fe2..d31a71098 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.47.11 +appVersion: 7.47.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.47.11 +version: 107.47.12 diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index 7f3414b79..cb11a5213 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -24,4 +24,4 @@ maintainers: name: Caleb Lloyd url: https://github.com/caleblloyd name: nats -version: 0.19.2 +version: 0.19.3 diff --git a/charts/nats/nats/templates/statefulset.yaml b/charts/nats/nats/templates/statefulset.yaml index 1d3d1eeb6..a1b01b207 100644 --- a/charts/nats/nats/templates/statefulset.yaml +++ b/charts/nats/nats/templates/statefulset.yaml @@ -423,6 +423,19 @@ spec: {{- $serverVersion := .Values.nats.image.tag | regexFind "\\d+(\\.\\d+)?(\\.\\d+)?" | default "2.9.0" }} {{- $enableHealthzStartup := and .Values.nats.healthcheck.enableHealthz (or (not .Values.nats.healthcheck.detectHealthz) (semverCompare ">=2.7.1" $serverVersion)) }} {{- $enableHealthzLivenessReadiness := and .Values.nats.healthcheck.enableHealthzLivenessReadiness (or (not .Values.nats.healthcheck.detectHealthz) (semverCompare ">=2.9.0" $serverVersion)) }} + {{- $healthzStartupEndpoint := "/healthz" }} + {{- $healthzLivenessEndpoint := "/healthz?js-enabled-only=true" }} + {{- $healthzReadinessEndpoint := "/healthz?js-server-only=true" }} + + {{- /* healthz options behaved differently in 2.9.0 - 2.9.9 https://github.com/nats-io/nats-server/pull/3704 */}} + {{- if (semverCompare "<=2.9.9" $serverVersion) }} + {{- $healthzLivenessEndpoint = "/healthz?js-server-only=true" }} + {{- $healthzReadinessEndpoint = "/healthz?js-server-only=true" }} + {{- if .Values.nats.jetstream.enabled }} + {{- $healthzLivenessEndpoint = print $healthzLivenessEndpoint "&js-enabled=true" }} + {{- $healthzReadinessEndpoint = print $healthzReadinessEndpoint "&js-enabled=true" }} + {{- end }} + {{- end }} {{- with .Values.nats.healthcheck.liveness }} {{- if .enabled }} @@ -431,9 +444,9 @@ spec: {{- $_ := unset $probe "enabled" }} {{- $probeDefault := dict "httpGet" (dict "path" "/" "port" 8222) }} {{- if $enableHealthzLivenessReadiness }} - # for NATS server versions >=2.9.0, /healthz?js-enabled=true will be enabled + # for NATS server versions >=2.9.0, {{ $healthzLivenessEndpoint }} will be enabled # liveness probe checks that the JS server is enabled - {{- $_ := set $probeDefault.httpGet "path" "/healthz?js-enabled=true" }} + {{- $_ := set $probeDefault.httpGet "path" $healthzLivenessEndpoint }} {{- end }} {{- $probe := merge $probe $probeDefault }} {{- toYaml $probe | nindent 10}} @@ -447,9 +460,9 @@ spec: {{- $_ := unset $probe "enabled" }} {{- $probeDefault := dict "httpGet" (dict "path" "/" "port" 8222) }} {{- if $enableHealthzLivenessReadiness }} - # for NATS server versions >=2.9.0, /healthz?js-server-only=true will be enabled + # for NATS server versions >=2.9.0, {{ $healthzReadinessEndpoint }} will be enabled # readiness probe checks that the JS server is enabled, and is current with the meta leader - {{- $_ := set $probeDefault.httpGet "path" "/healthz?js-server-only=true" }} + {{- $_ := set $probeDefault.httpGet "path" $healthzReadinessEndpoint }} {{- end }} {{- $probe := merge $probe $probeDefault }} {{- toYaml $probe | nindent 10}} @@ -463,10 +476,10 @@ spec: {{- $_ := unset $probe "enabled" }} {{- $probeDefault := dict "httpGet" (dict "path" "/" "port" 8222) }} {{- if $enableHealthzStartup }} - # for NATS server versions >=2.7.1, /healthz will be enabled + # for NATS server versions >=2.7.1, {{ $healthzStartupEndpoint}} will be enabled # startup probe checks that the JS server is enabled, is current with the meta leader, # and that all streams and consumers assigned to this JS server are current - {{- $_ := set $probeDefault.httpGet "path" "/healthz" }} + {{- $_ := set $probeDefault.httpGet "path" $healthzStartupEndpoint }} {{- end }} {{- $probe := merge $probe $probeDefault }} {{- toYaml $probe | nindent 10}} diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 03867df6a..4de5c216a 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -26,4 +26,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 2.3.14 +version: 2.3.15 diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index 6bac165f0..314bda38e 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -68,7 +68,24 @@ spec: {{- if .Values.auth.sasl.enabled }} {{- $values := .Values }} {{- range $user := .Values.auth.sasl.users }} - rpk acl user create {{ $user.name }} -p {{ $user.password | quote }} --mechanism {{ include "sasl-user-mechanism" (dict "user" $user "Values" $values) }} {{ template "rpk-common-flags" $ }} + # To avoid `set -e` from exiting the command when a user exists; catch the stderr output and exit codes into `creation_result` + # and `creation_result_exit_code` for use later + creation_result=$(rpk acl user create {{ $user.name }} -p {{ $user.password | quote }} --mechanism {{ include "sasl-user-mechanism" (dict "user" $user "Values" $values) }} {{ template "rpk-common-flags" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? + + # On a non-success exit code + if [[ $creation_result_exit_code -ne 0 ]]; then + # Check if the stderr contains "User already exists" + if [[ $creation_result == *"User already exists"* ]]; then + printf "The %s user already exists, skipping creation.\n" {{ $user.name }} + else + # Another error occurred, so output the original message and exit code + echo "$creation_result" + exit $creation_result_exit_code + fi + # On a success, the user was created so output that + else + printf "Created user %s.\n" {{ $user.name }} + fi {{- end }} {{- end }} {{- if (include "redpanda-atleast-22-2-0" . | fromJson).bool }} diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 718f61548..1d2fb6219 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -1,8 +1,18 @@ # Chart: Sysdig -## Change Log +All notable changes to this chart will be documented in this file. -This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +Please note that it's automatically updated vía github actions. +Manual edits are supported only below '## Change Log' and should be used +exclusively to fix incorrect entries and not to add new ones. + +## Change Log +# v1.15.61 +### New Features +* [f4cb189](https://github.com/sysdiglabs/charts/commit/f4cb189afba6833fd458f99dcfcc0121f9d9dfa2)]: unify changelog headers ([#787](https://github.com/sysdiglabs/charts/issues/787)) ## v1.15.60 ### Minor changes: diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index 376790efb..b046ed34a 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -29,4 +29,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.15.60 +version: 1.15.61 diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md new file mode 100644 index 000000000..8bf58d602 --- /dev/null +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -0,0 +1,5 @@ +# What's Changed + +### New Features +- [f4cb189](https://github.com/sysdiglabs/charts/commit/f4cb189afba6833fd458f99dcfcc0121f9d9dfa2)]: unify changelog headers ([#787](https://github.com/sysdiglabs/charts/issues/787)) +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.5.12...sysdig-1.15.61 diff --git a/index.yaml b/index.yaml index 8e79d1610..9ec993093 100644 --- a/index.yaml +++ b/index.yaml @@ -28,6 +28,50 @@ entries: - assets/datawiza/access-broker-0.1.1.tgz version: 0.1.1 airflow: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + apiVersion: v2 + appVersion: 2.5.0 + created: "2022-12-12T09:44:58.521666514-07:00" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 17.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: e6c6eda0ec3386b6f77ec97343adcff61ab9d47edce035682c9e3321a9221997 + home: https://github.com/bitnami/charts/tree/main/bitnami/airflow + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/airflow + - https://airflow.apache.org/ + urls: + - assets/bitnami/airflow-14.0.6.tgz + version: 14.0.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Airflow @@ -923,6 +967,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.47.12 + created: "2022-12-12T09:44:59.608140713-07:00" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 2f70f6c3870ea5252ff11e57188bab8f54a0e7f73cb8022efd8162f1a7157c73 + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.47.12.tgz + version: 107.47.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -1247,6 +1324,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.47.12 + created: "2022-12-12T09:44:59.69653365-07:00" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.47.12 + description: JFrog Container Registry + digest: 458908e16516e5bc2513d8220869cdd9a9db0ab70ca64123239e4c247713f295 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.47.12.tgz + version: 107.47.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -1551,6 +1662,66 @@ entries: - assets/jfrog/artifactory-jcr-2.5.100.tgz version: 2.5.100 asserts: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Asserts + catalog.cattle.io/kube-version: '>=1.17-0' + catalog.cattle.io/release-name: asserts + apiVersion: v2 + created: "2022-12-12T09:44:58.36990335-07:00" + dependencies: + - condition: knowledge-sensor.enabled + name: knowledge-sensor + repository: file://./charts/knowledge-sensor + version: 1.1.0 + - alias: tsdb + condition: tsdb.enabled + name: victoria-metrics-single + repository: file://./charts/victoria-metrics-single + version: 1.1.0 + - condition: alertmanager.enabled + name: alertmanager + repository: file://./charts/alertmanager + version: 1.0.0 + - alias: promxyruler + condition: promxyruler.enabled + name: promxy + repository: file://./charts/promxy + version: 0.7.0 + - alias: promxyuser + condition: promxyuser.enabled + name: promxy + repository: file://./charts/promxy + version: 0.7.0 + - name: common + repository: file://./charts/common + version: 1.x.x + - alias: redisgraph + condition: redisgraph.enabled + name: redis + repository: file://./charts/redis + version: 16.8.7 + - alias: redisearch + condition: redisearch.enabled + name: redis + repository: file://./charts/redis + version: 16.8.7 + - alias: postgres + condition: postgres.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.1.23 + description: Asserts Helm Chart to configure entire asserts stack + digest: cdd0a421419bcd3992d3e5b643b36fa0161688985d66ed3e7ec620067da0ae7f + icon: https://www.asserts.ai/favicon.png + maintainers: + - name: Asserts + url: https://github.com/asserts + name: asserts + type: application + urls: + - assets/asserts/asserts-1.20.0.tgz + version: 1.20.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Asserts @@ -2184,6 +2355,41 @@ entries: - assets/aws-event-sources/aws-event-sources-0.1.901.tgz version: 0.1.901 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + apiVersion: v2 + appVersion: 4.0.7 + created: "2022-12-12T09:44:58.537289907-07:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: 309d3c2b9aa0355b6c45b1ba8676ac72db81f394b1cfb9ee207930fb3670a21c + home: https://github.com/bitnami/charts/tree/main/bitnami/cassandra + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/cassandra + - http://cassandra.apache.org + urls: + - assets/bitnami/cassandra-9.7.7.tgz + version: 9.7.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -3748,6 +3954,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2022-12-12T09:44:58.99081893-07:00" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: 8a56763a7516c9b968125a957dddb495b7e69f77181b02ebe8f81bdad593c077 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.5.2.tgz + version: 3.5.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -4579,6 +4822,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.7.0 + created: "2022-12-12T09:44:59.065872161-07:00" + description: External secret management for Kubernetes + digest: 27fef66f4120e9f1859c4f16785968d9169a0dd12630f9fcbde1edc8f0299b41 + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.7.0.tgz + version: 0.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -8387,6 +8654,47 @@ entries: - assets/k10/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + apiVersion: v2 + appVersion: 3.3.1 + created: "2022-12-12T09:44:58.606793642-07:00" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: 8ff24e5c16b25645fb2ad55238fdee35e87dbb9702ca65e5b3c5a4f80813fb94 + home: https://github.com/bitnami/charts/tree/main/bitnami/kafka + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/kafka + - https://kafka.apache.org/ + urls: + - assets/bitnami/kafka-20.0.1.tgz + version: 20.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -9556,6 +9864,43 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + apiVersion: v2 + appVersion: 8.0.31 + created: "2022-12-12T09:44:58.639735859-07:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: dfc12397da9ab75cd55216f18cc00fb1257b143288a8eca687178c3ba21ee775 + home: https://github.com/bitnami/charts/tree/main/bitnami/mysql + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/mysql + - https://mysql.com + urls: + - assets/bitnami/mysql-9.4.5.tgz + version: 9.4.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -9668,6 +10013,37 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.9.9-alpine + created: "2022-12-12T09:45:00.018011714-07:00" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 1aa2ecb0ba04afd96b05656503a207ee475112f267856761be429b79f535c296 + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: wally@nats.io + name: Waldemar Quevedo + url: https://github.com/wallyqs + - email: colin@nats.io + name: Colin Sullivan + url: https://github.com/ColinSullivan1 + - email: caleb@nats.io + name: Caleb Lloyd + url: https://github.com/caleblloyd + name: nats + urls: + - assets/nats/nats-0.19.3.tgz + version: 0.19.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -11969,6 +12345,40 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + apiVersion: v2 + appVersion: 7.0.5 + created: "2022-12-12T09:44:58.69531969-07:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: dfbb1e306366267027238d1eaf5f57a05d33e7874434e76b50bdb3ff6d49f8e3 + home: https://github.com/bitnami/charts/tree/main/bitnami/redis + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-17.3.15.tgz + version: 17.3.15 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -12208,6 +12618,39 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.5 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.5 + created: "2022-12-12T09:45:00.205702792-07:00" + description: Redpanda is the real-time engine for modern apps. + digest: 19d85f28ef05c0fbf0b7009dda992237cb2167dcc3dde712cd2d860c920b48f0 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.3.15.tgz + version: 2.3.15 - annotations: artifacthub.io/images: | - name: redpanda @@ -13054,6 +13497,40 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + apiVersion: v2 + appVersion: 3.3.1 + created: "2022-12-12T09:44:58.720172065-07:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: 794a89398aad9dd4dcd2e3c756afddf815e263e51b43536b5d9b7861ff914b0b + home: https://github.com/bitnami/charts/tree/main/bitnami/spark + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/spark + - https://spark.apache.org/ + urls: + - assets/bitnami/spark-6.3.12.tgz + version: 6.3.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -13532,6 +14009,42 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.9.1 + created: "2022-12-12T09:45:00.382859548-07:00" + description: Sysdig Monitor and Secure agent + digest: ffa6869bc06f8ecceb82f8d442942d9bfdcf1b92a3a16e4020ab817cb7ae592c + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: lachlan@deis.com + name: lachie83 + - email: jorge.salamero@sysdig.com + name: bencer + - email: nestor.salceda@sysdig.com + name: nestorsalceda + - email: alvaro.iradier@sysdig.com + name: airadier + - email: carlos.arilla@sysdig.com + name: carillan81 + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.15.61.tgz + version: 1.15.61 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -13692,6 +14205,44 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 tomcat: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + apiVersion: v2 + appVersion: 10.1.4 + created: "2022-12-12T09:44:58.744262475-07:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: b67c0b8960b0551eba93c293ff957f57b6a1086b07fad3a76beff459d3d5b5f1 + home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/tomcat + - http://tomcat.apache.org + urls: + - assets/bitnami/tomcat-10.5.6.tgz + version: 10.5.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Tomcat @@ -15412,6 +15963,38 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + apiVersion: v2 + appVersion: 3.8.0 + created: "2022-12-12T09:44:58.8469268-07:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: 14ede888794e4132ad9e9e292bce68168b48191abdc42848c628200ba40b015b + home: https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper + - https://zookeeper.apache.org/ + urls: + - assets/bitnami/zookeeper-11.0.1.tgz + version: 11.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper