andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  btp/chronicle:
    - 0.1.25
  external-secrets/external-secrets:
    - 0.9.17
  jfrog/artifactory-ha:
    - 107.77.11
  jfrog/artifactory-jcr:
    - 107.77.11
  redpanda/redpanda:
    - 5.8.3
  speedscale/speedscale-operator:
    - 2.1.301
```
pull/1013/head
github-actions[bot] 2024-05-02 00:52:48 +00:00
parent 96f29dd271
commit 970ef5928f
54 changed files with 852 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/btp/chronicle-0.1.25.tgz Normal file
View File

Binary file not shown.

BIN
assets/external-secrets/external-secrets-0.9.17.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.77.11.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.77.11.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.8.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.1.301.tgz Normal file
View File

Binary file not shown.

4
charts/btp/chronicle/Chart.yaml
View File

@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: Chronicle
catalog.cattle.io/release-name: chronicle
apiVersion: v2
appVersion: 0.7.3
appVersion: 0.7.6
dependencies:
- name: standard-defs
repository: file://./charts/standard-defs
@ -22,4 +22,4 @@ keywords:
- blockchain
name: chronicle
type: application
version: 0.1.15
version: 0.1.25

29
charts/btp/chronicle/README.md
View File

@ -1,9 +1,10 @@
# Chronicle
# Chronicle on Hyperledger Sawtooth
| field | description | default |
|-|-|-|
| `affinity`| custom affinity rules for the chronicle pod | {} |
| `auth.required` | if true require authentication | false |
| `auth.required` | if true require authentication, rejecting 'anonymous' requests | false |
| `auth.id.claims` | Chronicle provides default values ["iss", "sub"] | nil |
| `backtraceLevel` | backtrace level for Chronicle | nil |
| `devIdProvider.image` | the image to use for the id-provider container | blockchaintp/id-provider |
| `devIdProvider.image.pullPolicy` | the image pull policy | IfNotPresent |
@ -44,11 +45,15 @@
| `replicas` | number of Chronicle replicas to run | 1 |
| `serviceAccount.create` | true to create a service account | false |
| `serviceAccount.name` | name of the service account | nil (defaults to based on release name) |
| `test.enabled` | true to enable test Jobs and Services | true |
| `api-test-container.image` | the image to use for the api-test container | blockchaintp/chronicle-api-test |
| `test.api` | test the chronicle GraphQL server API |
| `test.api.enabled` | true to enable api-test Jobs and Services | true |
| `test.api.image` | the image to use for the api-test container | blockchaintp/chronicle-helm-api-test |
| `test.api.image.pullPolicy` | the image pull policy | IfNotPresent |
| `test.api.image.repository` | the image repository | blockchaintp/chronicle-helm-api-test |
| `test.api.image.tag` | the image tag | latest |
| `test.auth` | test the chronicle auth server API |
| `test.auth.enabled` | true to enable auth-related testing | true |
| `test.auth.token` | provide a token for auth-related testing | nil |
| `postgres.enabled` | if true create an internal postgres instance | boolean | true |
| `postgres.env` | postgres environment variables | map | N/A |
| `postgres.image.repository` | postgres image repository | string | "postgres" |
@ -82,3 +87,19 @@
| `tp.maxUnavailable` | maximum unavailable nodes during a rolling upgrade |
| `tp.minReadySeconds` | minimum time before node becomes available |
| `sawtooth` | sawtooth options may be configured | see [Sawtooth](../sawtooth/README.md) |
| `livenessProbe.enabled` | if true, enables the liveness probe | false |
| `livenessProbe.initialDelaySeconds` | delay before liveness probe is initiated | 30 |
| `livenessProbe.periodSeconds` | how often to perform the probe | 10 |
| `livenessProbe.timeoutSeconds` | when the probe times out | 1 |
| `livenessProbe.failureThreshold` | how many times to retry the probe before giving up | 3 |
| `livenessProbe.successThreshold` | how many times the probe must report success to be considered successful after having failed | 1 |
| `livenessProbe.namespaceName` | the namespace name for the liveness probe | "default" |
| `livenessProbe.namespaceUuid` | the namespace UUID for the liveness probe | "fd717fd6-70f1-44c1-81de-287d5e101089" |
| `startupProbe.enabled` | if true, enables the startup probe | false |
| `startupProbe.initialDelaySeconds` | delay before startup probe is initiated | 10 |
| `startupProbe.periodSeconds` | how often to perform the probe | 10 |
| `startupProbe.timeoutSeconds` | when the probe times out | 1 |
| `startupProbe.failureThreshold` | how many times to retry the probe before giving up | 3 |
| `startupProbe.successThreshold` | how many times the probe must report success to be considered successful after having failed | 1 |
| `startupProbe.namespaceName` | the namespace name for the startup probe | "default" |
| `startupProbe.namespaceUuid` | the namespace UUID for the startup probe | "fd717fd6-70f1-44c1-81de-287d5e101089" |

4
charts/btp/chronicle/app-readme.md
View File

@ -1,10 +1,12 @@
# Chronicle on Hyperledger Sawtooth
Chronicle records provenance information of any physical or digital asset on a distributed ledger.
- Chronicle is available with Hyperledger Sawtooth as its default backing ledger.
- Chronicle is built on the established W3C PROV Ontology standard; it uses the lightweight JSON-LD linked data format, and the data query language GraphQL.
- Chronicle is easily adaptable to enable users to model, capture, and query provenance information pertinent to their industry, application and use case.
You can find example domains and further instructions at https://examples.btp.works
You can find example domains and further instructions at <https://examples.chronicle.works>
## *Important*

64
charts/btp/chronicle/templates/_chronicle.tpl
View File

@ -55,21 +55,75 @@ chronicle: {{ include "common.names.fullname" . }}
{{ include "common.names.fullname" . }}-test-id-provider
{{- end -}}
{{- define "chronicle.jwksUrl" -}}
{{- define "chronicle.id-provider.service.jwks.url" -}}
http://{{ include "chronicle.id-provider.service" . }}:8090/jwks
{{- end -}}
{{- define "chronicle.id-provider.service.userinfo.url" -}}
http://{{ include "chronicle.id-provider.service" . }}:8090/userinfo
{{- end -}}
{{- define "chronicle.id-claims" -}}
{{- if .Values.auth.id.claims -}}
--id-claims {{ .Values.auth.id.claims }} \
{{- else -}}
{{- /* Do nothing */ -}}
{{- end -}}
{{- end -}}
{{/* The JWKS and userinfo URLs are connected. */}}
{{/* If either is provided Chronicle will use the user-provided options. */}}
{{/* If neither is provided Chronicle should fall back to using the 'devIdProvider'.*/}}
{{- define "chronicle.jwks-url.url" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.jwks.url -}}
{{ .Values.auth.jwks.url }}
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
http://{{ include "chronicle.id-provider.service" . }}:8090/jwks
{{- else -}}
{{ required "devIdProvider.enabled must be true or auth.jwks.url must be set!" .Values.auth.jwks.url }}
{{ include "chronicle.id-provider.service.jwks.url" . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "chronicle.userinfoUrl" -}}
{{- define "chronicle.jwks-url.cli" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.jwks.url -}}
--jwks-address {{ include "chronicle.jwks-url.url" . }} \
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
--jwks-address {{ include "chronicle.jwks-url.url" . }} \
{{- end -}}
{{- end -}}
{{- end -}}
{{/* The JWKS and userinfo URLs are connected. */}}
{{/* If either is provided Chronicle will use the user-provided options. */}}
{{/* If neither is provided Chronicle should fall back to using the 'devIdProvider'.*/}}
{{- define "chronicle.userinfo-url" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.userinfo.url -}}
{{ .Values.auth.userinfo.url }}
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
{{ include "chronicle.id-provider.service.userinfo.url" . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "chronicle.userinfo-url.cli" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.userinfo.url -}}
--userinfo-address {{ include "chronicle.userinfo-url" . }} \
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
--userinfo-address {{ include "chronicle.userinfo-url" . }} \
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "chronicle.root-key.secret" -}}
{{ include "common.names.fullname" . }}-root-key

19
charts/btp/chronicle/templates/chronicle-init.yaml
View File

@ -3,12 +3,11 @@
apiVersion: batch/v1
kind: Job
metadata:
annotations:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
name: {{ include "common.names.fullname" . }}-init
labels: {{ include "chronicle.labels" . | nindent 4 }}
component: chronicle
spec:
ttlSecondsAfterFinished: 100
template:
metadata:
labels: {{ include "chronicle.labels" . | nindent 8 }}
@ -159,13 +158,17 @@ spec:
command: [ "bash", "-ec"]
args:
- |
if opactl \
--sawtooth-address tcp://$HOST:$PORT \
get-policy \
--id {{ .Values.opa.policy.id }} \
--output policy.bin >/dev/null 2>&1; then
echo "Attempting to get policy."
opactl \
--sawtooth-address tcp://$HOST:$PORT \
get-policy \
--id {{ .Values.opa.policy.id }} \
--output /shared-data/policy.bin || true
if [ -f "/shared-data/policy.bin" ]; then
echo "Policy already set."
touch /shared-data/policy-already-set
exit 0
else
echo "Policy not found."
exit 0
@ -197,7 +200,7 @@ spec:
set-policy \
--id {{ .Values.opa.policy.id }} \
-p {{ .Values.opa.policy.url }} \
--root-key /shared-data/root.pem
--root-key /shared-data/root.pem || true
fi
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: HOST

122
charts/btp/chronicle/templates/statefulset.yaml
View File

@ -104,7 +104,7 @@ spec:
- |
{{ if .Values.auth.required }}
{{ if and (not .Values.auth.jwks.url) (not .Values.auth.userinfo.url) (not .Values.devIdProvider.enabled) }}
{{ required "If auth.required you need to provide at least auth.jwks.url or auth.userinfo.url" .Values.auth.jwks.url }}
{{ required "If 'auth.required' you need to provide at least 'auth.jwks.url' or 'auth.userinfo.url', or 'devIdProvider.enabled' must be 'true'!" .Values.auth.jwks.url }}
{{ end }}
{{ end }}
@ -122,17 +122,13 @@ spec:
--embedded-opa-policy \
{{- end }}
serve-api \
--interface 0.0.0.0:{{ .Values.port}} \
--interface 0.0.0.0:{{ .Values.port }} \
{{- if .Values.auth.required }}
--require-auth \
--id-claims {{ .Values.auth.id.claims }} \
{{- if .Values.auth.jwks.enabled }}
--jwks-address {{ include "chronicle.jwksUrl" . }} \
{{- end }}
{{- if .Values.auth.userinfo.url }}
--userinfo-address {{ include "chronicle.userinfoUrl" . }} \
{{- end }}
{{- end }}
{{ include "chronicle.jwks-url.cli" . }}
{{ include "chronicle.userinfo-url.cli" . }}
{{ include "chronicle.id-claims" . }}
;
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: RUST_LOG
@ -157,6 +153,106 @@ spec:
- name: chronicle-data
mountPath: /var/lib/chronicle/store/
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- bash
- -c
- |
PROBE_ID="liveness_$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 13)" &&
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ") &&
echo '[
{
"@id": "_:n1",
"@type": [
"http://btp.works/chronicleoperations/ns#ActivityExists"
],
"http://btp.works/chronicleoperations/ns#activityName": [
{
"@value": "'"$PROBE_ID"'"
}
],
"http://btp.works/chronicleoperations/ns#namespaceName": [
{
"@value": "{{ .Values.livenessProbe.namespaceName }}"
}
],
"http://btp.works/chronicleoperations/ns#namespaceUuid": [
{
"@value": "{{ .Values.livenessProbe.namespaceUuid }}"
}
]
}
]' > /tmp/import.json &&
echo "Probe ID: $PROBE_ID" &&
RUST_LOG=error chronicle \
-c /etc/chronicle/config/config.toml \
--console-logging json \
--sawtooth tcp://{{ include "chronicle.sawtooth.service" . }}:{{ include "chronicle.sawtooth.sawcomp" . }} \
--remote-database \
--database-name {{ .Values.postgres.database }} \
--database-username {{ .Values.postgres.user }} \
--database-host {{ .Values.postgres.host }} \
{{- if not .Values.opa.enabled }}
--embedded-opa-policy \
{{- end }}
import {{ .Values.livenessProbe.namespaceName }} {{ .Values.livenessProbe.namespaceUuid }} /tmp/import.json
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.startUpProbe.enabled }}
startupProbe:
exec:
command:
- bash
- -c
- |
PROBE_ID="startup_$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 13)" &&
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ") &&
echo '[
{
"@id": "_:n1",
"@type": [
"http://btp.works/chronicleoperations/ns#ActivityExists"
],
"http://btp.works/chronicleoperations/ns#activityName": [
{
"@value": "'"$PROBE_ID"'"
}
],
"http://btp.works/chronicleoperations/ns#namespaceName": [
{
"@value": "{{ .Values.startUpProbe.namespaceName }}"
}
],
"http://btp.works/chronicleoperations/ns#namespaceUuid": [
{
"@value": "{{ .Values.startUpProbe.namespaceUuid }}"
}
]
}
]' > /tmp/import.json &&
echo "Probe ID: $PROBE_ID" &&
RUST_LOG=error chronicle \
-c /etc/chronicle/config/config.toml \
--console-logging json \
--sawtooth tcp://{{ include "chronicle.sawtooth.service" . }}:{{ include "chronicle.sawtooth.sawcomp" . }} \
--remote-database \
--database-name {{ .Values.postgres.database }} \
--database-username {{ .Values.postgres.user }} \
--database-host {{ .Values.postgres.host }} \
{{- if not .Values.opa.enabled }}
--embedded-opa-policy \
{{- end }}
import {{ .Values.startUpProbe.namespaceName }} {{ .Values.startUpProbe.namespaceUuid }} /tmp/import.json
initialDelaySeconds: {{ .Values.startUpProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startUpProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startUpProbe.timeoutSeconds }}
failureThreshold: {{ .Values.startUpProbe.failureThreshold }}
{{- end }}
volumes:
- name: chronicle-secrets
persistentVolumeClaim:
@ -167,10 +263,10 @@ spec:
- name: chronicle-config
configMap:
name: {{ .Release.Name }}-chronicle-config
{{- if not .Values.postgres.persistence.enabled }}
{{- if not .Values.postgres.persistence.enabled }}
- name: "pgdata"
emptyDir: {}
{{- end }}
{{- end }}
volumeClaimTemplates:
- metadata:
name: chronicle-data
@ -180,7 +276,7 @@ spec:
resources:
requests:
storage: 6Gi
{{- if .Values.postgres.persistence.enabled }}
{{- if .Values.postgres.persistence.enabled }}
- metadata:
name: "pgdata"
annotations: {{- include "lib.safeToYaml" .Values.postgres.persistence.annotations | nindent 10 }}
@ -190,4 +286,4 @@ spec:
resources:
requests:
storage: {{ .Values.postgres.persistence.size | quote }}
{{- end }}
{{- end }}

4
charts/btp/chronicle/templates/test-token-getter-roles.yaml
View File

@ -1,5 +1,4 @@
{{- if .Values.test.enabled }}
{{- if .Values.auth.required }}
{{- if or (.Values.test.api.enabled) (.Values.test.auth.enabled) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@ -34,4 +33,3 @@ subjects:
name: {{ include "lib.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

75
charts/btp/chronicle/templates/tests/api-test.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.test.enabled }}
{{- if .Values.test.api.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
@ -15,29 +15,52 @@ spec:
restartPolicy: Never
serviceAccountName: {{ include "lib.serviceAccountName" . }}
automountServiceAccountToken: true
initContainers:
{{- if .Values.auth.required }}
{{ if not .Values.test.auth.token }}
{{ if not .Values.devIdProvider.enabled }}
{{ required "If 'auth.required' when using the api-test 'test.auth.token' must be provided or 'devIdProvider.enabled' must be set to 'true'!" .Values.devIdProvider.enabled }}
{{ end }}
initContainers:
- name: wait-for-id-provider
{{- include "lib.image" (dict "imageRoot" .Values.test.api.image "global" .Values.global ) | nindent 10 }}
command: [ "sh", "-ec" ]
command: [ "sh", "-c" ]
args:
- |
URL={{ include "chronicle.jwksUrl" . }}
scheme=$(echo $URL | cut -f 1 -d :)
hostAndPort=$(echo $URL | cut -f 3 -d /)
HOST=$(echo $hostAndPort | cut -f 1 -d :)
port=$(echo $hostAndPort | awk -F: '{print $2}')
if [ "$scheme" = "http" ]; then
defaultPort=80
elif [ "$scheme" = "https" ]; then
defaultPort=443
else
defaultPort=80
fi
PORT=${port:-$defaultPort}
URL="{{ include "chronicle.id-provider.service.jwks.url" . }}"
wait_for_url() {
local url=$1
scheme=$(echo "$url" | cut -f 1 -d :)
hostAndPort=$(echo "$url" | cut -f 3 -d /)
HOST=$(echo "$hostAndPort" | cut -f 1 -d :)
port=$(echo "$hostAndPort" | awk -F: '{print $2}')
case $scheme in
"http")
defaultPort=80
;;
"https")
defaultPort=443
;;
*)
defaultPort=80
;;
esac
PORT=${port:-$defaultPort}
wait-for-it "$HOST:$PORT" --timeout=120
}
echo "Waiting for id-provider to be ready ..."
wait-for-it $HOST:$PORT --timeout=0
echo "Id-provider is ready. Exiting."
wait_for_url "$URL"
if [ $? -eq 0 ]; then
echo "Id-provider is ready. Exiting."
exit 0
else
echo "Timeout occurred. Please check if the correct URL has been provided."
exit 1
fi
- name: token-loader
image: alpine/k8s:1.24.13
command: [ "sh", "-ec" ]
@ -51,6 +74,7 @@ spec:
volumeMounts:
- name: shared-data
mountPath: /shared-data
{{ end }}
{{- end }}
containers:
- name: test
@ -58,6 +82,14 @@ spec:
command: [ "sh", "-ec" ]
args:
- |
{{ if not .Values.test.auth.token }}
{{ if or .Values.auth.jwks.url .Values.auth.userinfo.url }}
echo "Auth endpoints provided but no token provided."
echo "Please provide 'test.auth.token' in the values.yaml file."
exit 1
{{ end }}
{{ end }}
API={{ include "chronicle.api.service" . }}
export PORT={{ .Values.port }}
echo "Waiting for API to be ready ..."
@ -65,13 +97,16 @@ spec:
echo "Getting IP address for API ..."
getent hosts $API | cut -f 1 -d \ | head -n 1 > /shared-data/api-ip || exit 1
{{- if .Values.auth.required }}
{{- if .Values.test.auth.token }}
echo "{{ .Values.test.auth.token }}" > /shared-data/jwks-token
{{- end }}
if [ -f "/shared-data/jwks-token" ]; then
echo "Found token."
sleep 5
export TOKEN=$(cat "/shared-data/jwks-token")
fi
{{- end }}
export HOST=$(cat /shared-data/api-ip)
echo "Testing API with subscribe-submit-test..."
subscribe-submit-test

160
charts/btp/chronicle/templates/tests/auth-endpoints-test.yaml Normal file
View File

@ -0,0 +1,160 @@
{{- if .Values.test.auth.enabled }}
{{ if not (or (.Values.devIdProvider.enabled) (or (.Values.auth.jwks.url) (.Values.auth.userinfo.url)))}}
{{ required "If 'test.auth.enabled' you need to provide 'auth.jwks.url', 'auth.userinfo.url', or enable the `devIdProvider`!" .Values.devIdProvider.enabled }}
{{ end }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "common.names.fullname" . }}-auth-endpoints-test
labels: {{ include "chronicle.labels" . | nindent 4 }}
component: auth-endpoints-test
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": hook-succeeded
spec:
backoffLimit: 0
template:
spec:
restartPolicy: Never
serviceAccountName: {{ include "lib.serviceAccountName" . }}
{{- if .Values.devIdProvider.enabled }}
automountServiceAccountToken: true
initContainers:
- name: wait
{{- include "lib.image" (dict "imageRoot" .Values.test.api.image "global" .Values.global ) | nindent 10 }}
command: [ "sh", "-c" ]
args:
- |
URL="{{ include "chronicle.id-provider.service.jwks.url" . }}"
wait_for_url() {
local url=$1
scheme=$(echo "$url" | cut -f 1 -d :)
hostAndPort=$(echo "$url" | cut -f 3 -d /)
HOST=$(echo "$hostAndPort" | cut -f 1 -d :)
port=$(echo "$hostAndPort" | awk -F: '{print $2}')
case $scheme in
"http")
defaultPort=80
;;
"https")
defaultPort=443
;;
*)
defaultPort=80
;;
esac
PORT=${port:-$defaultPort}
wait-for-it "$HOST:$PORT" --timeout=120
}
echo "Waiting for id-provider to be ready ..."
wait_for_url "$URL"
if [ $? -eq 0 ]; then
echo "Id-provider is ready. Exiting."
exit 0
else
echo "Timeout occurred. Please check if the correct URL has been provided."
exit 1
fi
- name: tok
image: alpine/k8s:1.24.13
command: [ "sh", "-ec" ]
args:
- |
echo "Waiting to ensure id-provider is ready ..."
sleep 20
echo "Getting token from id-provider ..."
kubectl exec {{ include "chronicle.id-provider.service" . }}-0 -c id-provider -- oauth-token > /shared-data/jwks-token
echo "Token loaded. Exiting."
volumeMounts:
- name: shared-data
mountPath: /shared-data
{{- end }}
containers:
- name: jwks
image: alpine/k8s:1.24.13
command: [ "sh", "-c"]
args:
- |
{{ if or (.Values.auth.jwks.url) (.Values.devIdProvider.enabled) }}
{{ if .Values.auth.jwks.url }}
echo "Checking provided JWKS endpoint: {{ .Values.auth.jwks.url }}."
endPoint="{{ .Values.auth.jwks.url }}"
{{ else if .Values.auth.userinfo.url }}
echo "JWKS endpoint not set but userinfo url is set - skipping JWKS check."
exit 0
{{ else }}
echo "Checking JWKS endpoint from id-provider: {{ include "chronicle.id-provider.service.jwks.url" . }}."
endPoint="{{ include "chronicle.id-provider.service.jwks.url" . }}"
{{ end }}
time curl -s -o /shared-data/jwks.json $endPoint
cat /shared-data/jwks.json | jq . > /dev/null \
|| { echo "JWKS endpoint did not return a valid JSON object."; echo "DEBUG: $(cat /shared-data/jwks.json)"; exit 1; }
echo "JWKS endpoint returned a valid JSON object:"
cat /shared-data/jwks.json
echo
{{ else }}
echo "Skipping JWKS endpoint check."
{{ end }}
echo -e "Exiting."
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: userinfo
image: alpine/k8s:1.24.13
command: [ "sh", "-c"]
args:
- |
{{ if or (.Values.auth.userinfo.url) (.Values.devIdProvider.enabled) }}
{{ if .Values.auth.userinfo.url }}
{{ if not .Values.test.auth.token }}
{{ required "If providing 'auth.userinfo.url' you need to provide a 'test.auth.token'!" .Values.test.auth.token}}
{{ end }}
echo "Checking user-provided userinfo endpoint: $endPoint"
endPoint="{{ .Values.auth.userinfo.url }}"
{{ else if .Values.auth.jwks.url }}
echo "Userinfo endpoint not set but JWKS url is set - skipping userinfo check."
exit 0
{{ else }}
echo "Checking id-provider userinfo endpoint: $endPoint"
endPoint="{{ include "chronicle.id-provider.service.userinfo.url" . }}"
{{ end }}
{{ if .Values.test.auth.token }}
{{ if not .Values.auth.userinfo.url }}
{{ required "If providing 'test.auth.token' you need to provide a 'auth.userinfo.url'!" .Values.auth.userinfo.url }}
{{ end }}
echo "Using 'test.auth.token' to check userinfo endpoint."
time curl -s -H "Authorization: Bearer {{ .Values.test.auth.token }}" -o /shared-data/userinfo.json $endPoint
{{ else }}
echo "Using token from id-provider to check userinfo endpoint."
time curl -s -H "Authorization: Bearer $(cat /shared-data/jwks-token)" -o /shared-data/userinfo.json $endPoint
{{ end }}
if jq -e 'has("error")' /shared-data/userinfo.json > /dev/null; then
echo "Userinfo endpoint returned an error:"
echo "DEBUG: $(cat /shared-data/userinfo.json)"
exit 1
else
echo "Userinfo endpoint returned a valid JSON object: $(cat /shared-data/userinfo.json)"
echo
fi
{{ else }}
echo "Skipping userinfo endpoint check."
{{ end }}
echo -e "Exiting."
volumeMounts:
- name: shared-data
mountPath: /shared-data
volumes:
- name: shared-data
emptyDir: {}
{{- end }}

63
charts/btp/chronicle/values.yaml
View File

@ -12,16 +12,46 @@ global:
affinity: {}
auth:
## @md | `auth.required` | if true require authentication | false |
## @md | `auth.required` | if true require authentication, rejecting 'anonymous' requests | false |
required: false
id:
claims: email
## @md | `auth.id.claims` | Chronicle provides default values ["iss", "sub"] | nil |
claims:
jwks:
enabled: true
url:
userinfo:
url:
## @md | `livenessProbe.enabled` | if true, enables the liveness probe | false |
livenessProbe:
enabled: false
## @md | `livenessProbe.timeoutSeconds` | number of seconds after which the probe times out | 10 |
timeoutSeconds: 20
## @md | `livenessProbe.periodSeconds` | how often (in seconds) to perform the probe | 60 |
periodSeconds: 60
## @md | `livenessProbe.failureThreshold` | when a probe fails, Kubernetes will try failureThreshold times before giving up | 1 |
failureThreshold: 1
## @md | `livenessProbe.namespaceName` | the Chronicle namespace in which the probe operates | default |
namespaceName: default
## @md | `livenessProbe.namespaceUuid` | the UUID of the Chronicle namespace in which the probe operates | fd717fd6-70f1-44c1-81de-287d5e101089 |
namespaceUuid: fd717fd6-70f1-44c1-81de-287d5e101089
## @md | `startUpProbe.enabled` | if true, enables the startup probe | true |
startUpProbe:
enabled: false
## @md | `startUpProbe.initialDelaySeconds` | number of seconds after which the probe starts | 5 |
initialDelaySeconds: 5
## @md | `startUpProbe.failureThreshold` | when a probe fails, Kubernetes will try failureThreshold times before giving up | 30 |
failureThreshold: 30
## @md | `startUpProbe.periodSeconds` | how often (in seconds) to perform the probe | 10 |
periodSeconds: 10
## @md | `startUpProbe.timeoutSeconds` | number of seconds after which the probe times out | 3 |
timeoutSeconds: 3
## @md | `startUpProbe.namespaceName` | the Chronicle namespace in which the probe operates | default |
namespaceName: default
## @md | `startUpProbe.namespaceUuid` | the UUID of the Chronicle namespace in which the probe operates | fd717fd6-70f1-44c1-81de-287d5e101089 |
namespaceUuid: fd717fd6-70f1-44c1-81de-287d5e101089
## @md | `backtraceLevel` | backtrace level for Chronicle | nil |
backtraceLevel: full
@ -34,7 +64,7 @@ devIdProvider:
## @md | `devIdProvider.image.repository` | the image repository | blockchaintp/id-provider |
repository: blockchaintp/id-provider-amd64
## @md | `devIdProvider.image.tag` | the image tag | latest |
tag: BTP2.1.0-0.7.3
tag: BTP2.1.0-0.7.6
## @md | `extraVolumes` | a list of additional volumes to add to chronicle | [] |
extraVolumes: []
@ -45,7 +75,7 @@ image:
## @md | `image.repository` | the repository of the image | blockchaintp/chronicle |
repository: blockchaintp/chronicle-amd64
## @md | `image.tag`| the tag of the image to use | latest |
tag: BTP2.1.0-0.7.3
tag: BTP2.1.0-0.7.6
## @md | `image.pullPolicy` | the image pull policy to use | IfNotPresent |
pullPolicy: IfNotPresent
@ -89,7 +119,7 @@ logLevel: info
opa:
## @md | `opa.enabled` | if true set up a full OPA enabled setup | true |
enabled: true
enabled: false
opaInit:
## @md | `opa.init.image` | the image to use for the chronicle-init container | blockchaintp/chronicle-opa-init |
image:
@ -98,7 +128,7 @@ opa:
## @md | `image.repository` | the repository of the image | blockchaintp/chronicle |
repository: blockchaintp/opactl-amd64
## @md | `image.tag`| the tag of the image to use | latest |
tag: BTP2.1.0-0.7.3
tag: BTP2.1.0-0.7.6
policy:
entrypoint: allow_transactions.allowed_users
id: allow_transactions
@ -108,7 +138,7 @@ opa:
## @md | `image.repository` | the repository of the image | blockchaintp/chronicle |
repository: blockchaintp/opa-tp-amd64
## @md | `image.tag`| the tag of the image to use | latest |
tag: BTP2.1.0-0.7.3
tag: BTP2.1.0-0.7.6
## @md | `image.pullPolicy` | the image pull policy to use | IfNotPresent |
pullPolicy: IfNotPresent
## @md | `opa.tp.resources` | resources | map | nil |
@ -131,17 +161,24 @@ serviceAccount:
name:
test:
## @md | `test.enabled` | true to enable test Jobs and Services | true |
enabled: true
## @md | `test.api` | test the chronicle GraphQL server API |
api:
## @md | `api-test-container.image` | the image to use for the api-test container | blockchaintp/chronicle-api-test |
## @md | `test.api.enabled` | true to enable api-test Jobs and Services | true |
enabled: false
## @md | `test.api.image` | the image to use for the api-test container | blockchaintp/chronicle-helm-api-test |
image:
## @md | `test.api.image.pullPolicy` | the image pull policy | IfNotPresent |
pullPolicy: IfNotPresent
## @md | `test.api.image.repository` | the image repository | blockchaintp/chronicle-helm-api-test |
repository: blockchaintp/chronicle-helm-api-test-amd64
## @md | `test.api.image.tag` | the image tag | latest |
tag: BTP2.1.0-0.7.3
tag: BTP2.1.0-0.7.6
## @md | `test.auth` | test the chronicle auth server API |
auth:
## @md | `test.auth.enabled` | true to enable auth-related testing | true |
enabled: true
## @md | `test.auth.token` | provide a token for auth-related testing | nil |
token:
postgres:
# if enabled we allocate a postgres database here
@ -211,7 +248,7 @@ tp:
## @md | `tp.image.repository` | the image repository | blockchaintp/chronicle-tp |
repository: blockchaintp/chronicle-tp-amd64
## @md | `tp.image.tag` | the image tag | latest |
tag: BTP2.1.0-0.7.3
tag: BTP2.1.0-0.7.6
## @md | `tp.extraVolumes` | extra volumes declarations for the chronicle-tp deployment | list | nil
extraVolumes:
## @md | `tp.extraVolumeMounts` | extra volume mounts for chronicle-tp deployment | list | nil

4
charts/external-secrets/external-secrets/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: external-secrets
apiVersion: v2
appVersion: v0.9.16
appVersion: v0.9.17
description: External secret management for Kubernetes
home: https://github.com/external-secrets/external-secrets
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
@ -17,4 +17,4 @@ maintainers:
name: mcavoyk
name: external-secrets
type: application
version: 0.9.16
version: 0.9.17

13
charts/external-secrets/external-secrets/README.md
View File

@ -4,7 +4,7 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.16](https://img.shields.io/badge/Version-0.9.16-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.17](https://img.shields.io/badge/Version-0.9.17-informational?style=flat-square)
External secret management for Kubernetes
@ -58,7 +58,7 @@ The command removes all the Kubernetes components associated with the chart and
| certController.podAnnotations | object | `{}` | Annotations to add to Pod |
| certController.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| certController.podLabels | object | `{}` | |
| certController.podSecurityContext | object | `{}` | |
| certController.podSecurityContext.enabled | bool | `true` | |
| certController.priorityClassName | string | `""` | Pod priority class name. |
| certController.rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
| certController.readinessProbe.address | string | `""` | Address for readiness probe |
@ -69,6 +69,7 @@ The command removes all the Kubernetes components associated with the chart and
| certController.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| certController.securityContext.allowPrivilegeEscalation | bool | `false` | |
| certController.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| certController.securityContext.enabled | bool | `true` | |
| certController.securityContext.readOnlyRootFilesystem | bool | `true` | |
| certController.securityContext.runAsNonRoot | bool | `true` | |
| certController.securityContext.runAsUser | int | `1000` | |
@ -95,10 +96,12 @@ The command removes all the Kubernetes components associated with the chart and
| extraArgs | object | `{}` | |
| extraContainers | list | `[]` | |
| extraEnv | list | `[]` | |
| extraObjects | list | `[]` | |
| extraVolumeMounts | list | `[]` | |
| extraVolumes | list | `[]` | |
| fullnameOverride | string | `""` | |
| global.affinity | object | `{}` | |
| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | Manages the securityContext properties to make them compatible with OpenShift. Possible values: auto - Apply configurations if it is detected that OpenShift is the target platform. force - Always apply configurations. disabled - No modification applied. |
| global.nodeSelector | object | `{}` | |
| global.tolerations | list | `[]` | |
| global.topologySpreadConstraints | list | `[]` | |
@ -120,7 +123,7 @@ The command removes all the Kubernetes components associated with the chart and
| podAnnotations | object | `{}` | Annotations to add to Pod |
| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| podLabels | object | `{}` | |
| podSecurityContext | object | `{}` | |
| podSecurityContext.enabled | bool | `true` | |
| podSpecExtra | object | `{}` | Any extra pod spec on the deployment |
| priorityClassName | string | `""` | Pod priority class name. |
| processClusterExternalSecret | bool | `true` | if true, the operator will process cluster external secret. Else, it will ignore them. |
@ -135,6 +138,7 @@ The command removes all the Kubernetes components associated with the chart and
| scopedRBAC | bool | `false` | Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace and implicitly disable cluster stores and cluster external secrets |
| securityContext.allowPrivilegeEscalation | bool | `false` | |
| securityContext.capabilities.drop[0] | string | `"ALL"` | |
| securityContext.enabled | bool | `true` | |
| securityContext.readOnlyRootFilesystem | bool | `true` | |
| securityContext.runAsNonRoot | bool | `true` | |
| securityContext.runAsUser | int | `1000` | |
@ -190,7 +194,7 @@ The command removes all the Kubernetes components associated with the chart and
| webhook.podAnnotations | object | `{}` | Annotations to add to Pod |
| webhook.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| webhook.podLabels | object | `{}` | |
| webhook.podSecurityContext | object | `{}` | |
| webhook.podSecurityContext.enabled | bool | `true` | |
| webhook.port | int | `10250` | The port the webhook will listen to |
| webhook.priorityClassName | string | `""` | Pod priority class name. |
| webhook.rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
@ -202,6 +206,7 @@ The command removes all the Kubernetes components associated with the chart and
| webhook.secretAnnotations | object | `{}` | Annotations to add to Secret |
| webhook.securityContext.allowPrivilegeEscalation | bool | `false` | |
| webhook.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| webhook.securityContext.enabled | bool | `true` | |
| webhook.securityContext.readOnlyRootFilesystem | bool | `true` | |
| webhook.securityContext.runAsNonRoot | bool | `true` | |
| webhook.securityContext.runAsUser | int | `1000` | |

45
charts/external-secrets/external-secrets/templates/_helpers.tpl
View File

@ -154,3 +154,48 @@ Determine the image to use, including if using a flavour.
{{ printf "%s:%s" .image.repository (.image.tag | default .chartAppVersion) }}
{{- end }}
{{- end }}
<<<<<<< HEAD
{{/*
Renders a complete tree, even values that contains template.
*/}}
{{- define "external-secrets.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{ else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}
=======
{{/*
Return true if the OpenShift is the detected platform
Usage:
{{- include "external-secrets.isOpenShift" . -}}
*/}}
{{- define "external-secrets.isOpenShift" -}}
{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Render the securityContext based on the provided securityContext
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" .Values.securityContext "context" $) -}}
*/}}
{{- define "external-secrets.renderSecurityContext" -}}
{{- $adaptedContext := .securityContext -}}
{{- if .context.Values.global.compatibility -}}
{{- if .context.Values.global.compatibility.openshift -}}
{{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "external-secrets.isOpenShift" .context)) -}}
{{/* Remove OpenShift managed fields */}}
{{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
{{- if not .securityContext.seLinuxOptions -}}
{{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- omit $adaptedContext "enabled" | toYaml -}}
{{- end -}}
>>>>>>> 2218c78b (Methods for managing securityContext and OpenShift support)

8
charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml
View File

@ -35,15 +35,19 @@ spec:
serviceAccountName: {{ include "external-secrets-cert-controller.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.certController.serviceAccount.automount }}
{{- with .Values.certController.podSecurityContext }}
{{- if and (.enabled) (gt (keys . | len) 1) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 8 }}
{{- end }}
{{- end }}
hostNetwork: {{ .Values.certController.hostNetwork }}
containers:
- name: cert-controller
{{- with .Values.certController.securityContext }}
{{- if and (.enabled) (gt (keys . | len) 1) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 12 }}
{{- end }}
{{- end }}
image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.certController.image) | trim }}
imagePullPolicy: {{ .Values.certController.image.pullPolicy }}

2
charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: acraccesstokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

8
charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: clusterexternalsecrets.external-secrets.io
spec:
group: external-secrets.io
@ -526,11 +526,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@ -573,11 +575,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@ -590,7 +594,7 @@ spec:
x-kubernetes-map-type: atomic
type: array
namespaces:
description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
items:
type: string
type: array

4
charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: clustersecretstores.external-secrets.io
spec:
group: external-secrets.io
@ -1577,11 +1577,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string

2
charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: ecrauthorizationtokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

2
charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: externalsecrets.external-secrets.io
spec:
group: external-secrets.io

2
charts/external-secrets/external-secrets/templates/crds/fake.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: fakes.generators.external-secrets.io
spec:
group: generators.external-secrets.io

2
charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: gcraccesstokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

2
charts/external-secrets/external-secrets/templates/crds/githubaccesstoken.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: githubaccesstokens.generators.external-secrets.io
spec:
group: generators.external-secrets.io

2
charts/external-secrets/external-secrets/templates/crds/password.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: passwords.generators.external-secrets.io
spec:
group: generators.external-secrets.io

4
charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: pushsecrets.external-secrets.io
spec:
group: external-secrets.io
@ -140,11 +140,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string

4
charts/external-secrets/external-secrets/templates/crds/secretstore.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: secretstores.external-secrets.io
spec:
group: external-secrets.io
@ -1577,11 +1577,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string

2
charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: vaultdynamicsecrets.generators.external-secrets.io
spec:
group: generators.external-secrets.io

2
charts/external-secrets/external-secrets/templates/crds/webhook.yaml
View File

@ -9,7 +9,7 @@ metadata:
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: webhooks.generators.external-secrets.io
spec:
group: generators.external-secrets.io

8
charts/external-secrets/external-secrets/templates/deployment.yaml
View File

@ -35,15 +35,19 @@ spec:
serviceAccountName: {{ include "external-secrets.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- with .Values.podSecurityContext }}
{{- if and (.enabled) (gt (keys . | len) 1) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 8 }}
{{- end }}
{{- end }}
hostNetwork: {{ .Values.hostNetwork }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
{{- if and (.enabled) (gt (keys . | len) 1) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 12 }}
{{- end }}
{{- end }}
image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.image) | trim }}
imagePullPolicy: {{ .Values.image.pullPolicy }}

4
charts/external-secrets/external-secrets/templates/extra-manifests.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraObjects }}
---
{{ include "external-secrets.render" (dict "value" . "context" $) }}
{{- end }}

8
charts/external-secrets/external-secrets/templates/webhook-deployment.yaml
View File

@ -36,14 +36,18 @@ spec:
serviceAccountName: {{ include "external-secrets-webhook.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automount }}
{{- with .Values.webhook.podSecurityContext }}
{{- if and (.enabled) (gt (keys . | len) 1) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: webhook
{{- with .Values.webhook.securityContext }}
{{- if and (.enabled) (gt (keys . | len) 1) }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- include "external-secrets.renderSecurityContext" (dict "securityContext" . "context" $) | nindent 12 }}
{{- end }}
{{- end }}
image: {{ include "external-secrets.image" (dict "chartAppVersion" .Chart.AppVersion "image" .Values.webhook.image) | trim }}
imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}

10
charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.9.16
helm.sh/chart: external-secrets-0.9.16
app.kubernetes.io/version: v0.9.17
helm.sh/chart: external-secrets-0.9.17
name: RELEASE-NAME-external-secrets-cert-controller
namespace: NAMESPACE
spec:
@ -24,8 +24,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.9.16
helm.sh/chart: external-secrets-0.9.16
app.kubernetes.io/version: v0.9.17
helm.sh/chart: external-secrets-0.9.17
spec:
automountServiceAccountToken: true
containers:
@ -38,7 +38,7 @@ should match snapshot of default values:
- --secret-namespace=NAMESPACE
- --metrics-addr=:8080
- --healthz-addr=:8081
image: ghcr.io/external-secrets/external-secrets:v0.9.16
image: ghcr.io/external-secrets/external-secrets:v0.9.17
imagePullPolicy: IfNotPresent
name: cert-controller
ports:

10
charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.9.16
helm.sh/chart: external-secrets-0.9.16
app.kubernetes.io/version: v0.9.17
helm.sh/chart: external-secrets-0.9.17
name: RELEASE-NAME-external-secrets
namespace: NAMESPACE
spec:
@ -24,15 +24,15 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.9.16
helm.sh/chart: external-secrets-0.9.16
app.kubernetes.io/version: v0.9.17
helm.sh/chart: external-secrets-0.9.17
spec:
automountServiceAccountToken: true
containers:
- args:
- --concurrent=1
- --metrics-addr=:8080
image: ghcr.io/external-secrets/external-secrets:v0.9.16
image: ghcr.io/external-secrets/external-secrets:v0.9.17
imagePullPolicy: IfNotPresent
name: external-secrets
ports:

4
charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap
View File

@ -4,7 +4,7 @@ should match snapshot of default values:
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: secretstores.external-secrets.io
spec:
conversion:
@ -1582,11 +1582,13 @@ should match snapshot of default values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string

14
charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.16
helm.sh/chart: external-secrets-0.9.16
app.kubernetes.io/version: v0.9.17
helm.sh/chart: external-secrets-0.9.17
name: RELEASE-NAME-external-secrets-webhook
namespace: NAMESPACE
spec:
@ -24,8 +24,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.16
helm.sh/chart: external-secrets-0.9.16
app.kubernetes.io/version: v0.9.17
helm.sh/chart: external-secrets-0.9.17
spec:
automountServiceAccountToken: true
containers:
@ -37,7 +37,7 @@ should match snapshot of default values:
- --check-interval=5m
- --metrics-addr=:8080
- --healthz-addr=:8081
image: ghcr.io/external-secrets/external-secrets:v0.9.16
image: ghcr.io/external-secrets/external-secrets:v0.9.17
imagePullPolicy: IfNotPresent
name: webhook
ports:
@ -81,8 +81,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.16
app.kubernetes.io/version: v0.9.17
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.9.16
helm.sh/chart: external-secrets-0.9.17
name: RELEASE-NAME-external-secrets-webhook
namespace: NAMESPACE

15
charts/external-secrets/external-secrets/tests/extra_manifests_test.yaml Normal file
View File

@ -0,0 +1,15 @@
suite: test adding extra kubernetes objects
templates:
- extra-manifests.yaml
tests:
- it: should load extra manifests
set:
extraObjects:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: random
asserts:
- equal:
path: kind
value: ServiceAccount

23
charts/external-secrets/external-secrets/values.yaml
View File

@ -3,6 +3,14 @@ global:
tolerations: []
topologySpreadConstraints: []
affinity: {}
compatibility:
openshift:
# -- Manages the securityContext properties to make them compatible with OpenShift.
# Possible values:
# auto - Apply configurations if it is detected that OpenShift is the target platform.
# force - Always apply configurations.
# disabled - No modification applied.
adaptSecurityContext: auto
replicaCount: 1
@ -114,6 +122,9 @@ extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra Kubernetes objects to deploy with the helm chart
extraObjects: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
@ -128,7 +139,8 @@ podAnnotations: {}
podLabels: {}
podSecurityContext: {}
podSecurityContext:
enabled: true
# fsGroup: 2000
securityContext:
@ -136,6 +148,7 @@ securityContext:
capabilities:
drop:
- ALL
enabled: true
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
@ -361,7 +374,8 @@ webhook:
podLabels: {}
podSecurityContext: {}
podSecurityContext:
enabled: true
# fsGroup: 2000
securityContext:
@ -369,6 +383,7 @@ webhook:
capabilities:
drop:
- ALL
enabled: true
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
@ -474,7 +489,8 @@ certController:
podLabels: {}
podSecurityContext: {}
podSecurityContext:
enabled: true
# fsGroup: 2000
securityContext:
@ -482,6 +498,7 @@ certController:
capabilities:
drop:
- ALL
enabled: true
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000

2
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
## [107.77.10] - April 22, 2024
## [107.77.11] - April 22, 2024
* Removed integration service
* Added recommended postgresql sizing configurations under sizing directory
* Updated artifactory-federation (probes, port, embedded mode)

4
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.77.10
appVersion: 7.77.11
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
version: 107.77.10
version: 107.77.11

2
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [107.77.10] - Nov 23, 2023
## [107.77.11] - Nov 23, 2023
* **IMPORTANT**
* Added min kubeVersion ">= 1.19.0-0" in chart.yaml

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.77.10
appVersion: 7.77.11
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.77.10
version: 107.77.11
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
version: 107.77.10
version: 107.77.11

2
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [107.77.10] - April 22, 2024
## [107.77.11] - April 22, 2024
* Removed integration service
* Added recommended postgresql sizing configurations under sizing directory
* Updated artifactory-federation (probes, port, embedded mode)

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.77.10
appVersion: 7.77.11
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
version: 107.77.10
version: 107.77.11

6
charts/redpanda/redpanda/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/images: |
- name: redpanda
image: docker.redpanda.com/redpandadata/redpanda:v23.3.11
image: docker.redpanda.com/redpandadata/redpanda:v24.1.1
- name: busybox
image: busybox:latest
- name: mintel/docker-alpine-bash-curl-jq
@ -17,7 +17,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: redpanda
apiVersion: v2
appVersion: v23.3.11
appVersion: v24.1.1
dependencies:
- condition: console.enabled
name: console
@ -37,4 +37,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
version: 5.8.2
version: 5.8.3

2
charts/redpanda/redpanda/README.md
View File

@ -3,7 +3,7 @@
description: Find the default values and descriptions of settings in the Redpanda Helm chart.
---
![Version: 5.8.2](https://img.shields.io/badge/Version-5.8.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v23.3.11](https://img.shields.io/badge/AppVersion-v23.3.11-informational?style=flat-square)
![Version: 5.8.3](https://img.shields.io/badge/Version-5.8.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v24.1.1](https://img.shields.io/badge/AppVersion-v24.1.1-informational?style=flat-square)
This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the charts [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/redpanda/values.yaml). Each of the settings is listed and described on this page, along with any default values.

9
charts/redpanda/redpanda/templates/secrets.yaml
View File

@ -174,8 +174,15 @@ stringData:
set -e
# rpk cluster health can exit non-zero if it's unable to dial brokers. This
# can happen for many reasons but we never want this script to crash as it
# would take down yet another broker and make a bad situation worse.
# Instead, just wait for the command to eventually exit zero.
echo "Waiting for cluster to be ready"
rpk cluster health --watch --exit-when-healthy
until rpk cluster health --watch --exit-when-healthy; do
echo "rpk cluster health failed. Waiting 5 seconds before trying again..."
sleep 5
done
{{- if and $sasl.enabled (not (empty $sasl.secretRef )) }}
while true; do

4
charts/speedscale/speedscale-operator/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 2.1.296
appVersion: 2.1.301
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
home: https://speedscale.com
@ -24,4 +24,4 @@ maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
version: 2.1.296
version: 2.1.301

2
charts/speedscale/speedscale-operator/values.yaml
View File

@ -20,7 +20,7 @@ clusterName: "my-cluster"
# Speedscale components image settings.
image:
registry: gcr.io/speedscale
tag: v2.1.296
tag: v2.1.301
pullPolicy: Always
# Log level for Speedscale components.

195
index.yaml
View File

@ -4274,6 +4274,39 @@ entries:
- assets/argo/argo-cd-5.8.0.tgz
version: 5.8.0
artifactory-ha:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.77.11
created: "2024-05-02T00:52:10.96066079Z"
dependencies:
- condition: postgresql.enabled
name: postgresql
repository: file://./charts/postgresql
version: 10.3.18
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
digest: 67ad9a81300436a465fd0a1f4de0bb319c77b19f9513876691e1421da4bb7584
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png
keywords:
- artifactory
- jfrog
- devops
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: installers@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
urls:
- assets/jfrog/artifactory-ha-107.77.11.tgz
version: 107.77.11
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
@ -5918,6 +5951,40 @@ entries:
- assets/jfrog/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.77.11
created: "2024-05-02T00:52:11.339981268Z"
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.77.11
description: JFrog Container Registry
digest: 720367b8720b82d341c645b7f980a3f353302f7b356c370241131f56fa5282e1
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
keywords:
- artifactory
- jfrog
- container
- registry
- devops
- jfrog-container-registry
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: helm@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
urls:
- assets/jfrog/artifactory-jcr-107.77.11.tgz
version: 107.77.11
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
@ -10997,6 +11064,35 @@ entries:
- assets/codefresh/cf-runtime-0.1.401.tgz
version: 0.1.401
chronicle:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Chronicle
catalog.cattle.io/release-name: chronicle
apiVersion: v2
appVersion: 0.7.6
created: "2024-05-02T00:52:09.318693502Z"
dependencies:
- name: standard-defs
repository: file://./charts/standard-defs
version: ~0.1.0
- name: sawtooth
repository: file://./charts/sawtooth
version: ~0.2.0
description: 'Chronicle is an open-source, blockchain-backed, domain-agnostic
provenance product. Chronicle makes it easy for users to record and query immutable
provenance information on a distributed ledger - about any asset, in any domain,
and across multiple parties. '
digest: ce9635e88b9e96cb91a36c33c292876860348ac780eedf7fac7c56e5f3106b8d
home: https://docs.btp.works/chronicle
icon: https://chronicle-resources.s3.amazonaws.com/icons/chronicle-transparent-bg-dark.png
keywords:
- provenance
- blockchain
name: chronicle
type: application
urls:
- assets/btp/chronicle-0.1.25.tgz
version: 0.1.25
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Chronicle
@ -18031,6 +18127,30 @@ entries:
- assets/dynatrace/dynatrace-operator-0.7.2.tgz
version: 0.7.2
external-secrets:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: External Secrets Operator
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: external-secrets
apiVersion: v2
appVersion: v0.9.17
created: "2024-05-02T00:52:09.820419345Z"
description: External secret management for Kubernetes
digest: d34abc8443a9db6ebb7023fed829c49c47402c05df9975b620f214856aba5b07
home: https://github.com/external-secrets/external-secrets
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
keywords:
- kubernetes-external-secrets
- secrets
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: kellinmcavoy@gmail.com
name: mcavoyk
name: external-secrets
type: application
urls:
- assets/external-secrets/external-secrets-0.9.17.tgz
version: 0.9.17
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: External Secrets Operator
@ -44857,6 +44977,50 @@ entries:
- assets/quobyte/quobyte-cluster-0.1.5.tgz
version: 0.1.5
redpanda:
- annotations:
artifacthub.io/images: |
- name: redpanda
image: docker.redpanda.com/redpandadata/redpanda:v24.1.1
- name: busybox
image: busybox:latest
- name: mintel/docker-alpine-bash-curl-jq
image: mintel/docker-alpine-bash-curl-jq:latest
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
url: https://docs.redpanda.com
- name: "Helm (>= 3.10.0)"
url: https://helm.sh/docs/intro/install/
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Redpanda
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: redpanda
apiVersion: v2
appVersion: v24.1.1
created: "2024-05-02T00:52:14.193477918Z"
dependencies:
- condition: console.enabled
name: console
repository: file://./charts/console
version: '>=0.5 <1.0'
- condition: connectors.enabled
name: connectors
repository: file://./charts/connectors
version: '>=0.1.2 <1.0'
description: Redpanda is the real-time engine for modern apps.
digest: f4eeddbb7743528cbb3aeebd209b79e2d35d916e6fb4807b720714370bd98791
icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
kubeVersion: '>=1.21-0'
maintainers:
- name: redpanda-data
url: https://github.com/orgs/redpanda-data/people
name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
urls:
- assets/redpanda/redpanda-5.8.3.tgz
version: 5.8.3
- annotations:
artifacthub.io/images: |
- name: redpanda
@ -49638,6 +49802,37 @@ entries:
- assets/shipa/shipa-1.4.0.tgz
version: 1.4.0
speedscale-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
appVersion: 2.1.301
created: "2024-05-02T00:52:14.283828726Z"
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
digest: 71da5fc8f4d63a8ae94eb7d3e20a53904b0aac7921b57b0c41e14fdfedd4cd74
home: https://speedscale.com
icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png
keywords:
- speedscale
- test
- testing
- regression
- reliability
- load
- replay
- network
- traffic
kubeVersion: '>= 1.17.0-0'
maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
urls:
- assets/speedscale/speedscale-operator-2.1.301.tgz
version: 2.1.301
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator