diff --git a/assets/bitnami/airflow-14.2.4.tgz b/assets/bitnami/airflow-14.2.4.tgz new file mode 100644 index 000000000..67cae551a Binary files /dev/null and b/assets/bitnami/airflow-14.2.4.tgz differ diff --git a/assets/bitnami/cassandra-10.4.0.tgz b/assets/bitnami/cassandra-10.4.0.tgz new file mode 100644 index 000000000..22691e424 Binary files /dev/null and b/assets/bitnami/cassandra-10.4.0.tgz differ diff --git a/assets/bitnami/kafka-22.1.3.tgz b/assets/bitnami/kafka-22.1.3.tgz new file mode 100644 index 000000000..eb751d90a Binary files /dev/null and b/assets/bitnami/kafka-22.1.3.tgz differ diff --git a/assets/bitnami/mariadb-12.2.4.tgz b/assets/bitnami/mariadb-12.2.4.tgz new file mode 100644 index 000000000..d49d50a12 Binary files /dev/null and b/assets/bitnami/mariadb-12.2.4.tgz differ diff --git a/assets/bitnami/mysql-9.10.1.tgz b/assets/bitnami/mysql-9.10.1.tgz new file mode 100644 index 000000000..31acbf7fa Binary files /dev/null and b/assets/bitnami/mysql-9.10.1.tgz differ diff --git a/assets/bitnami/postgresql-12.5.3.tgz b/assets/bitnami/postgresql-12.5.3.tgz new file mode 100644 index 000000000..735eceb32 Binary files /dev/null and b/assets/bitnami/postgresql-12.5.3.tgz differ diff --git a/assets/bitnami/redis-17.11.3.tgz b/assets/bitnami/redis-17.11.3.tgz new file mode 100644 index 000000000..0388f8144 Binary files /dev/null and b/assets/bitnami/redis-17.11.3.tgz differ diff --git a/assets/bitnami/spark-6.6.3.tgz b/assets/bitnami/spark-6.6.3.tgz new file mode 100644 index 000000000..0d0f26015 Binary files /dev/null and b/assets/bitnami/spark-6.6.3.tgz differ diff --git a/assets/bitnami/tomcat-10.9.1.tgz b/assets/bitnami/tomcat-10.9.1.tgz new file mode 100644 index 000000000..8fdf9b9dc Binary files /dev/null and b/assets/bitnami/tomcat-10.9.1.tgz differ diff --git a/assets/bitnami/wordpress-16.1.6.tgz b/assets/bitnami/wordpress-16.1.6.tgz new file mode 100644 index 000000000..4d2d7829e Binary files /dev/null and b/assets/bitnami/wordpress-16.1.6.tgz differ diff --git a/assets/bitnami/zookeeper-11.4.2.tgz b/assets/bitnami/zookeeper-11.4.2.tgz new file mode 100644 index 000000000..01b87d269 Binary files /dev/null and b/assets/bitnami/zookeeper-11.4.2.tgz differ diff --git a/assets/cert-manager/cert-manager-v1.12.0.tgz b/assets/cert-manager/cert-manager-v1.12.0.tgz new file mode 100644 index 000000000..9927e7f93 Binary files /dev/null and b/assets/cert-manager/cert-manager-v1.12.0.tgz differ diff --git a/assets/datadog/datadog-3.29.3.tgz b/assets/datadog/datadog-3.29.3.tgz new file mode 100644 index 000000000..f76130562 Binary files /dev/null and b/assets/datadog/datadog-3.29.3.tgz differ diff --git a/assets/dynatrace/dynatrace-operator-0.11.2.tgz b/assets/dynatrace/dynatrace-operator-0.11.2.tgz new file mode 100644 index 000000000..4bbedeb35 Binary files /dev/null and b/assets/dynatrace/dynatrace-operator-0.11.2.tgz differ diff --git a/assets/external-secrets/external-secrets-0.8.2.tgz b/assets/external-secrets/external-secrets-0.8.2.tgz new file mode 100644 index 000000000..a61e060ae Binary files /dev/null and b/assets/external-secrets/external-secrets-0.8.2.tgz differ diff --git a/assets/gitlab/gitlab-6.11.5.tgz b/assets/gitlab/gitlab-6.11.5.tgz new file mode 100644 index 000000000..2f56c6740 Binary files /dev/null and b/assets/gitlab/gitlab-6.11.5.tgz differ diff --git a/assets/kasten/k10-5.5.1001.tgz b/assets/kasten/k10-5.5.1001.tgz index ef40952b5..9ae29323f 100644 Binary files a/assets/kasten/k10-5.5.1001.tgz and b/assets/kasten/k10-5.5.1001.tgz differ diff --git a/assets/kasten/k10-5.5.1101.tgz b/assets/kasten/k10-5.5.1101.tgz new file mode 100644 index 000000000..2f1d43ba9 Binary files /dev/null and b/assets/kasten/k10-5.5.1101.tgz differ diff --git a/assets/kong/kong-2.22.0.tgz b/assets/kong/kong-2.22.0.tgz new file mode 100644 index 000000000..5b670c0ca Binary files /dev/null and b/assets/kong/kong-2.22.0.tgz differ diff --git a/assets/nats/nats-0.19.14.tgz b/assets/nats/nats-0.19.14.tgz new file mode 100644 index 000000000..721c25ce1 Binary files /dev/null and b/assets/nats/nats-0.19.14.tgz differ diff --git a/assets/pixie/pixie-operator-chart-0.1.1.tgz b/assets/pixie/pixie-operator-chart-0.1.1.tgz index 5294495fa..7f8b7adb5 100644 Binary files a/assets/pixie/pixie-operator-chart-0.1.1.tgz and b/assets/pixie/pixie-operator-chart-0.1.1.tgz differ diff --git a/assets/redpanda/redpanda-4.0.20.tgz b/assets/redpanda/redpanda-4.0.20.tgz new file mode 100644 index 000000000..e7ed0c33a Binary files /dev/null and b/assets/redpanda/redpanda-4.0.20.tgz differ diff --git a/assets/triggermesh/triggermesh-0.8.2.tgz b/assets/triggermesh/triggermesh-0.8.2.tgz new file mode 100644 index 000000000..7962f9f38 Binary files /dev/null and b/assets/triggermesh/triggermesh-0.8.2.tgz differ diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock index ecd56379c..750adad36 100644 --- a/charts/bitnami/airflow/Chart.lock +++ b/charts/bitnami/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 17.10.3 + version: 17.11.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.5.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.3.0 -digest: sha256:6649288f0ca3caa371884aac03ecd59d9197130cda0adb7529616a62ae1cc316 -generated: "2023-05-16T15:46:17.181715321Z" + version: 2.4.0 +digest: sha256:81eb4030fbbbc6e99a0bb43cd55eb507fd38f602badac81c131c19c350977c80 +generated: "2023-05-18T15:49:55.548584259Z" diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml index 64d93a8ff..7d08819da 100644 --- a/charts/bitnami/airflow/Chart.yaml +++ b/charts/bitnami/airflow/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: WorkFlow licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.6.0 +appVersion: 2.6.1 dependencies: - condition: redis.enabled name: redis @@ -37,4 +37,4 @@ maintainers: name: airflow sources: - https://github.com/bitnami/charts/tree/main/bitnami/airflow -version: 14.2.2 +version: 14.2.4 diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md index 3f66e61b0..d0646db7d 100644 --- a/charts/bitnami/airflow/README.md +++ b/charts/bitnami/airflow/README.md @@ -88,7 +88,7 @@ The command removes all the Kubernetes components associated with the chart and | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | | `dags.image.registry` | Init container load-dags image registry | `docker.io` | | `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` | -| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r116` | +| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r118` | | `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | | `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | @@ -107,7 +107,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- | | `web.image.registry` | Airflow image registry | `docker.io` | | `web.image.repository` | Airflow image repository | `bitnami/airflow` | -| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.6.0-debian-11-r7` | +| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.6.1-debian-11-r1` | | `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | | `web.image.pullSecrets` | Airflow image pull secrets | `[]` | @@ -182,7 +182,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- | | `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` | | `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` | -| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.6.0-debian-11-r4` | +| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.6.1-debian-11-r1` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | @@ -236,7 +236,7 @@ The command removes all the Kubernetes components associated with the chart and | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | | `worker.image.registry` | Airflow Worker image registry | `docker.io` | | `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` | -| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.6.0-debian-11-r4` | +| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.6.1-debian-11-r1` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | @@ -316,7 +316,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- | | `git.image.registry` | Git image registry | `docker.io` | | `git.image.repository` | Git image repository | `bitnami/git` | -| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.40.1-debian-11-r6` | +| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.40.1-debian-11-r8` | | `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | | `git.image.pullSecrets` | Git image pull secrets | `[]` | @@ -408,7 +408,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.image.registry` | Airflow exporter image registry | `docker.io` | | `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` | -| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r120` | +| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r123` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | diff --git a/charts/bitnami/airflow/charts/common/Chart.yaml b/charts/bitnami/airflow/charts/common/Chart.yaml index 220717ee1..4fc56bbb7 100644 --- a/charts/bitnami/airflow/charts/common/Chart.yaml +++ b/charts/bitnami/airflow/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.3.0 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.3.0 +version: 2.4.0 diff --git a/charts/bitnami/airflow/charts/common/templates/_capabilities.tpl b/charts/bitnami/airflow/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/airflow/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/airflow/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/airflow/charts/redis/Chart.yaml b/charts/bitnami/airflow/charts/redis/Chart.yaml index 764755800..1c8c2d394 100644 --- a/charts/bitnami/airflow/charts/redis/Chart.yaml +++ b/charts/bitnami/airflow/charts/redis/Chart.yaml @@ -12,16 +12,16 @@ dependencies: description: Redis(R) is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. -home: https://github.com/bitnami/charts/tree/main/bitnami/redis +home: https://bitnami.com icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png keywords: - redis - keyvalue - database maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: redis sources: -- https://github.com/bitnami/containers/tree/main/bitnami/redis -version: 17.10.3 +- https://github.com/bitnami/charts/tree/main/bitnami/redis +version: 17.11.2 diff --git a/charts/bitnami/airflow/charts/redis/README.md b/charts/bitnami/airflow/charts/redis/README.md index 8e91ebdeb..4e8044819 100644 --- a/charts/bitnami/airflow/charts/redis/README.md +++ b/charts/bitnami/airflow/charts/redis/README.md @@ -8,6 +8,8 @@ Redis(R) is an open source, advanced key-value store. It is often referred to as Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. +Looking to use Redis® in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```console @@ -495,6 +497,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | | `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | | `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | +| `metrics.service.clusterIP` | Redis® exporter service Cluster IP | `""` | | `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | | `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | | `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | diff --git a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml index 184916c71..bf38acf03 100644 --- a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml @@ -500,7 +500,7 @@ spec: labels: {{- include "common.labels.matchLabels" . | nindent 10 }} app.kubernetes.io/component: master {{- if .Values.master.persistence.labels }} - {{- toYaml .Values.master.persistence.labels | nindent 4 }} + {{- toYaml .Values.master.persistence.labels | nindent 10 }} {{- end }} {{- if .Values.master.persistence.annotations }} annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }} diff --git a/charts/bitnami/airflow/charts/redis/templates/metrics-svc.yaml b/charts/bitnami/airflow/charts/redis/templates/metrics-svc.yaml index 13c552f38..3eeafc756 100644 --- a/charts/bitnami/airflow/charts/redis/templates/metrics-svc.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/metrics-svc.yaml @@ -20,6 +20,9 @@ metadata: {{- end }} spec: type: {{ .Values.metrics.service.type }} + {{- if and .Values.metrics.service.clusterIP (eq .Values.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} {{- if eq .Values.metrics.service.type "LoadBalancer" }} externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} {{- end }} diff --git a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml index 8a856abf1..0bfe0b5b9 100644 --- a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml @@ -497,7 +497,7 @@ spec: labels: {{- include "common.labels.matchLabels" . | nindent 10 }} app.kubernetes.io/component: replica {{- if .Values.replica.persistence.labels }} - {{- toYaml .Values.replica.persistence.labels | nindent 4 }} + {{- toYaml .Values.replica.persistence.labels | nindent 10 }} {{- end }} {{- if .Values.replica.persistence.annotations }} annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} diff --git a/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml b/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml index b15c44af7..7c2b334be 100644 --- a/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/scripts-configmap.yaml @@ -77,7 +77,7 @@ data: REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" fi - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") + SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") validate_quorum() { if is_boolean_yes "$REDIS_TLS_ENABLED"; then quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}" @@ -302,7 +302,7 @@ data: SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") REDISPORT=$(get_port "$HOSTNAME" "REDIS") - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") + SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL") sentinel_conf_set() { local -r key="${1:?missing key}" @@ -449,8 +449,6 @@ data: . /opt/bitnami/scripts/libos.sh HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - SENTINEL_SERVICE_ENV_NAME={{ printf "%s%s" (upper (include "common.names.fullname" .)| replace "-" "_") "_SERVICE_PORT_TCP_SENTINEL" }} - SENTINEL_SERVICE_PORT=${!SENTINEL_SERVICE_ENV_NAME} get_full_hostname() { hostname="$1" @@ -481,9 +479,9 @@ data: run_sentinel_command() { if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" + redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" else - redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" sentinel "$@" + redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@" fi } sentinel_failover_finished() { @@ -531,8 +529,6 @@ data: } HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - SENTINEL_SERVICE_ENV_NAME={{ printf "%s%s" (upper (include "common.names.fullname" .)| replace "-" "_") "_SERVICE_PORT_TCP_SENTINEL" }} - SENTINEL_SERVICE_PORT=${!SENTINEL_SERVICE_ENV_NAME} get_full_hostname() { hostname="$1" @@ -563,9 +559,9 @@ data: run_sentinel_command() { if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" + {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" else - {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" sentinel "$@" + {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@" fi } sentinel_failover_finished() { diff --git a/charts/bitnami/airflow/charts/redis/values.yaml b/charts/bitnami/airflow/charts/redis/values.yaml index 3ed37e66b..da8cc25e2 100644 --- a/charts/bitnami/airflow/charts/redis/values.yaml +++ b/charts/bitnami/airflow/charts/redis/values.yaml @@ -1589,6 +1589,9 @@ metrics: ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service ## annotations: {} + ## @param metrics.service.clusterIP Redis® exporter service Cluster IP + ## + clusterIP: "" ## Prometheus Service Monitor ## ref: https://github.com/coreos/prometheus-operator ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml index 215d9b78e..63b78788f 100644 --- a/charts/bitnami/airflow/values.yaml +++ b/charts/bitnami/airflow/values.yaml @@ -118,7 +118,7 @@ dags: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r116 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -185,7 +185,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.6.0-debian-11-r7 + tag: 2.6.1-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -443,7 +443,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.6.0-debian-11-r4 + tag: 2.6.1-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -647,7 +647,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.6.0-debian-11-r4 + tag: 2.6.1-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -920,7 +920,7 @@ git: image: registry: docker.io repository: bitnami/git - tag: 2.40.1-debian-11-r6 + tag: 2.40.1-debian-11-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1283,7 +1283,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-11-r120 + tag: 0.20220314.0-debian-11-r123 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/cassandra/Chart.lock b/charts/bitnami/cassandra/Chart.lock index bedcd5ec5..bd0cbbe5b 100644 --- a/charts/bitnami/cassandra/Chart.lock +++ b/charts/bitnami/cassandra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.3.0 -digest: sha256:11bbe86be64062d37b725f4dbc909aba3585b4976624ee9d27522366d3f956ea -generated: "2023-05-16T18:20:15.336798984Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T13:55:28.822228359Z" diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index 59a60ae47..986339e96 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -28,4 +28,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.3.1 +version: 10.4.0 diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md index c6a32ae5c..150f26d35 100644 --- a/charts/bitnami/cassandra/README.md +++ b/charts/bitnami/cassandra/README.md @@ -79,7 +79,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Cassandra image registry | `docker.io` | | `image.repository` | Cassandra image repository | `bitnami/cassandra` | -| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.1-debian-11-r12` | +| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.1-debian-11-r13` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` | @@ -213,6 +213,7 @@ The command removes all the Kubernetes components associated with the chart and | Name | Description | Value | | -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | | `persistence.enabled` | Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir | `true` | +| `persistence.existingClaim` | Name of an existing PVC to use | `""` | | `persistence.storageClass` | PVC Storage Class for Cassandra data volume | `""` | | `persistence.commitStorageClass` | PVC Storage Class for Cassandra Commit Log volume | `""` | | `persistence.annotations` | Persistent Volume Claim annotations | `{}` | @@ -229,7 +230,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r116` | +| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r117` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -244,7 +245,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | -| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r119` | +| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r120` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/cassandra/charts/common/Chart.yaml b/charts/bitnami/cassandra/charts/common/Chart.yaml index 220717ee1..4fc56bbb7 100644 --- a/charts/bitnami/cassandra/charts/common/Chart.yaml +++ b/charts/bitnami/cassandra/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.3.0 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.3.0 +version: 2.4.0 diff --git a/charts/bitnami/cassandra/charts/common/templates/_capabilities.tpl b/charts/bitnami/cassandra/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/cassandra/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/cassandra/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/cassandra/templates/statefulset.yaml b/charts/bitnami/cassandra/templates/statefulset.yaml index de76fd6b8..ceeda6528 100644 --- a/charts/bitnami/cassandra/templates/statefulset.yaml +++ b/charts/bitnami/cassandra/templates/statefulset.yaml @@ -545,7 +545,11 @@ spec: {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} - {{- if not .Values.persistence.enabled }} + {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.persistence.existingClaim $ }} + {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} {{- else }} diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 23fe59877..56d00d45a 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.1-debian-11-r12 + tag: 4.1.1-debian-11-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -552,6 +552,9 @@ persistence: ## @param persistence.enabled Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir ## enabled: true + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" ## @param persistence.storageClass PVC Storage Class for Cassandra data volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -610,7 +613,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r116 + tag: 11-debian-11-r117 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -679,7 +682,7 @@ metrics: registry: docker.io pullPolicy: IfNotPresent repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r119 + tag: 2.3.8-debian-11-r120 digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index 3082f1234..b09114310 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 11.3.1 + version: 11.4.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:4984f680146f66b81e16ca8efbf5cf4d9aa0c8bda60ced0d63d7a7c1920d426c -generated: "2023-05-08T22:16:14.912638007Z" + version: 2.4.0 +digest: sha256:c28eb28d9c6cfe9cc712ea78f7c46c635f11ae787c7cec083ef79162ed6e048a +generated: "2023-05-21T14:41:39.743785146Z" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index 458387e6b..be6450033 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 22.1.2 +version: 22.1.3 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index 2870e1534..f262d19f8 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -8,8 +8,6 @@ Apache Kafka is a distributed streaming platform designed to build real-time pip Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -Looking to use Apache Kafka in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```console @@ -82,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r28` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r33` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -232,56 +230,56 @@ The command removes all the Kubernetes components associated with the chart and ### Traffic Exposure parameters -| Name | Description | Value | -| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.ports.client` | Kafka svc port for client connections | `9092` | -| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` | -| `service.ports.internal` | Kafka svc port for inter-broker connections | `9094` | -| `service.ports.external` | Kafka svc port for external connections | `9095` | -| `service.nodePorts.client` | Node port for the Kafka client connections | `""` | -| `service.nodePorts.external` | Node port for the Kafka external connections | `""` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.clusterIP` | Kafka service Cluster IP | `""` | -| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for Kafka service | `{}` | -| `service.headless.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | -| `service.headless.annotations` | Annotations for the headless service. | `{}` | -| `service.headless.labels` | Labels for the headless service. | `{}` | -| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` | -| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` | -| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | -| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | -| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.9-debian-11-r8` | -| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | -| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | -| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | -| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | -| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | -| `externalAccess.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | -| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | -| `externalAccess.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | -| `externalAccess.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | -| `externalAccess.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | -| `externalAccess.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | -| `externalAccess.service.labels` | Service labels for external access | `{}` | -| `externalAccess.service.annotations` | Service annotations for external access | `{}` | -| `externalAccess.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | -| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` | -| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | +| Name | Description | Value | +| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.ports.client` | Kafka svc port for client connections | `9092` | +| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` | +| `service.ports.internal` | Kafka svc port for inter-broker connections | `9094` | +| `service.ports.external` | Kafka svc port for external connections | `9095` | +| `service.nodePorts.client` | Node port for the Kafka client connections | `""` | +| `service.nodePorts.external` | Node port for the Kafka external connections | `""` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.clusterIP` | Kafka service Cluster IP | `""` | +| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for Kafka service | `{}` | +| `service.headless.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `service.headless.labels` | Labels for the headless service. | `{}` | +| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` | +| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` | +| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | +| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | +| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.10-debian-11-r0` | +| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | +| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | +| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | +| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | +| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | +| `externalAccess.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | +| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | +| `externalAccess.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | +| `externalAccess.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | +| `externalAccess.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | +| `externalAccess.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | +| `externalAccess.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | +| `externalAccess.service.labels` | Service labels for external access | `{}` | +| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | +| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | ### Persistence parameters @@ -312,7 +310,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r114` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -337,7 +335,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r86` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r89` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -385,7 +383,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r18` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r21` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/kafka/charts/common/Chart.yaml b/charts/bitnami/kafka/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/kafka/charts/common/Chart.yaml +++ b/charts/bitnami/kafka/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/kafka/charts/common/README.md b/charts/bitnami/kafka/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/kafka/charts/common/README.md +++ b/charts/bitnami/kafka/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl b/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/kafka/charts/common/templates/_images.tpl b/charts/bitnami/kafka/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/kafka/charts/common/templates/_images.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.lock b/charts/bitnami/kafka/charts/zookeeper/Chart.lock index 3f125b6b0..30e0321c1 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.lock +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.4 -digest: sha256:829fc25cbbb396161e735c83d152d74a8b3a82d07f08866b885b812d30b920df -generated: "2023-04-25T10:37:10.358793+02:00" + version: 2.2.5 +digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 +generated: "2023-05-08T19:52:25.626211407Z" diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml index a170ad48b..ce2e10dcf 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml @@ -11,15 +11,14 @@ dependencies: version: 2.x.x description: Apache ZooKeeper provides a reliable, centralized register of configuration data and services for distributed applications. -home: https://github.com/bitnami/charts/tree/main/bitnami/zookeeper +home: https://bitnami.com icon: https://bitnami.com/assets/stacks/zookeeper/img/zookeeper-stack-220x234.png keywords: - zookeeper maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: zookeeper sources: -- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper -- https://zookeeper.apache.org/ -version: 11.3.1 +- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper +version: 11.4.1 diff --git a/charts/bitnami/kafka/charts/zookeeper/README.md b/charts/bitnami/kafka/charts/zookeeper/README.md index 6bf4d31d2..e3f1e037f 100644 --- a/charts/bitnami/kafka/charts/zookeeper/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/README.md @@ -8,6 +8,8 @@ Apache ZooKeeper provides a reliable, centralized register of configuration data Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. +Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```console @@ -80,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r27` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r31` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -246,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r109` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r114` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml index 8583e628a..8f0fff689 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.4 +appVersion: 2.2.5 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -21,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.4 +version: 2.2.5 diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/README.md b/charts/bitnami/kafka/charts/zookeeper/charts/common/README.md index 825639f2a..6381c3b72 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/README.md @@ -1,6 +1,6 @@ # Bitnami Common Library Chart -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. ## TL;DR @@ -8,7 +8,7 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for gro dependencies: - name: common version: 1.x.x - repository: https://charts.bitnami.com/bitnami + repository: oci://registry-1.docker.io/bitnamicharts ``` ```console diff --git a/charts/bitnami/kafka/charts/zookeeper/templates/scripts-configmap.yaml b/charts/bitnami/kafka/charts/zookeeper/templates/scripts-configmap.yaml index d0a7ddb49..d77ab857b 100644 --- a/charts/bitnami/kafka/charts/zookeeper/templates/scripts-configmap.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/templates/scripts-configmap.yaml @@ -95,7 +95,7 @@ data: ORD=${BASH_REMATCH[2]} export ZOO_SERVER_ID="$((ORD + {{ .Values.minServerId }} ))" else - echo "Failed to get index from hostname $HOST" + echo "Failed to get index from hostname $HOSTNAME" exit 1 fi fi diff --git a/charts/bitnami/kafka/charts/zookeeper/values.yaml b/charts/bitnami/kafka/charts/zookeeper/values.yaml index 77268f04c..1ea1e75e0 100644 --- a/charts/bitnami/kafka/charts/zookeeper/values.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.1-debian-11-r27 + tag: 3.8.1-debian-11-r31 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r109 + tag: 11-debian-11-r114 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index f54971853..f51416e6e 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -77,7 +77,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.4.0-debian-11-r28 + tag: 3.4.0-debian-11-r33 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -781,7 +781,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.25.9-debian-11-r8 + tag: 1.25.10-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1030,7 +1030,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r114 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1112,7 +1112,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.6.0-debian-11-r86 + tag: 1.6.0-debian-11-r89 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1348,7 +1348,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.18.0-debian-11-r18 + tag: 0.18.0-debian-11-r21 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/mariadb/Chart.lock b/charts/bitnami/mariadb/Chart.lock index d1d3040cd..cc6e4f153 100644 --- a/charts/bitnami/mariadb/Chart.lock +++ b/charts/bitnami/mariadb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 -generated: "2023-05-03T08:30:13.051138201Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T18:46:17.326179513Z" diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index ca9c9365e..04ce8511e 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -30,4 +30,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 12.2.3 +version: 12.2.4 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index 576576a80..5ca40481c 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | MariaDB image registry | `docker.io` | | `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.3-debian-11-r1` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.3-debian-11-r5` | | `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -306,7 +306,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r114` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -320,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r116` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r119` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/mariadb/charts/common/Chart.yaml b/charts/bitnami/mariadb/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/mariadb/charts/common/Chart.yaml +++ b/charts/bitnami/mariadb/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/mariadb/charts/common/README.md b/charts/bitnami/mariadb/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/mariadb/charts/common/README.md +++ b/charts/bitnami/mariadb/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl b/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/mariadb/charts/common/templates/_images.tpl b/charts/bitnami/mariadb/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_images.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index d98fb62c2..7507e88cc 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -87,7 +87,7 @@ serviceBindings: image: registry: docker.io repository: bitnami/mariadb - tag: 10.11.3-debian-11-r1 + tag: 10.11.3-debian-11-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1001,7 +1001,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r114 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1037,7 +1037,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r116 + tag: 0.14.0-debian-11-r119 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/mysql/Chart.lock b/charts/bitnami/mysql/Chart.lock index 0f3713d63..7567cfc4d 100644 --- a/charts/bitnami/mysql/Chart.lock +++ b/charts/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 -generated: "2023-05-08T16:48:54.901678555Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T16:18:55.681404482Z" diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index e7e2de344..f5219cd2a 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -15,7 +15,7 @@ dependencies: version: 2.x.x description: MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications. -home: https://github.com/bitnami/charts/tree/main/bitnami/mysql +home: https://bitnami.com icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png keywords: - mysql @@ -24,10 +24,9 @@ keywords: - cluster - high availability maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: mysql sources: -- https://github.com/bitnami/containers/tree/main/bitnami/mysql -- https://mysql.com -version: 9.9.1 +- https://github.com/bitnami/charts/tree/main/bitnami/mysql +version: 9.10.1 diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md index 241113fc9..c83c3e50e 100644 --- a/charts/bitnami/mysql/README.md +++ b/charts/bitnami/mysql/README.md @@ -77,28 +77,28 @@ The command removes all the Kubernetes components associated with the chart and ### MySQL common parameters -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | MySQL image registry | `docker.io` | -| `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r7` | -| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` | -| `auth.createDatabase` | Whether to create the .Values.auth.database or not | `true` | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | -| `auth.replicationUser` | MySQL replication user | `replicator` | -| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` | -| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | MySQL image registry | `docker.io` | +| `image.repository` | MySQL image repository | `bitnami/mysql` | +| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r12` | +| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | +| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` | +| `auth.createDatabase` | Whether to create the .Values.auth.database or not | `true` | +| `auth.database` | Name for a custom database to create | `my_database` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | +| `auth.replicationUser` | MySQL replication user | `replicator` | +| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` | +| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` | +| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | +| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | ### MySQL Primary parameters @@ -305,7 +305,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r113` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -318,7 +318,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r116` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r119` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/mysql/charts/common/Chart.yaml b/charts/bitnami/mysql/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/mysql/charts/common/Chart.yaml +++ b/charts/bitnami/mysql/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/mysql/charts/common/README.md b/charts/bitnami/mysql/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/mysql/charts/common/README.md +++ b/charts/bitnami/mysql/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl b/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/mysql/charts/common/templates/_images.tpl b/charts/bitnami/mysql/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/mysql/charts/common/templates/_images.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml index 3880ca57b..200e75c90 100644 --- a/charts/bitnami/mysql/values.yaml +++ b/charts/bitnami/mysql/values.yaml @@ -82,7 +82,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.33-debian-11-r7 + tag: 8.0.33-debian-11-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1008,7 +1008,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r113 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1042,7 +1042,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r116 + tag: 0.14.0-debian-11-r119 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/postgresql/Chart.lock b/charts/bitnami/postgresql/Chart.lock index 424a235e6..ec67d36bd 100644 --- a/charts/bitnami/postgresql/Chart.lock +++ b/charts/bitnami/postgresql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 -generated: "2023-05-08T19:26:58.084687094Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T19:47:56.903329844Z" diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 2fbfdc8a3..e0d312a90 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -31,4 +31,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 12.5.2 +version: 12.5.3 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index 865a5580c..a65e490a4 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -98,7 +98,7 @@ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r0` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.3.0-debian-11-r3` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -375,7 +375,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r115` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -403,7 +403,7 @@ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r86` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r89` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | diff --git a/charts/bitnami/postgresql/charts/common/Chart.yaml b/charts/bitnami/postgresql/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/postgresql/charts/common/Chart.yaml +++ b/charts/bitnami/postgresql/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/postgresql/charts/common/README.md b/charts/bitnami/postgresql/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/postgresql/charts/common/README.md +++ b/charts/bitnami/postgresql/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl b/charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/postgresql/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/postgresql/charts/common/templates/_images.tpl b/charts/bitnami/postgresql/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/postgresql/charts/common/templates/_images.tpl +++ b/charts/bitnami/postgresql/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index ec802fe44..4a3a26e1f 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.3.0-debian-11-r0 + tag: 15.3.0-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1136,7 +1136,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r115 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1231,7 +1231,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.12.0-debian-11-r86 + tag: 0.12.0-debian-11-r89 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/redis/Chart.lock b/charts/bitnami/redis/Chart.lock index 482854689..01481166f 100644 --- a/charts/bitnami/redis/Chart.lock +++ b/charts/bitnami/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 -generated: "2023-05-09T00:40:30.988475033Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T16:05:08.152199835Z" diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index ee46c1cf0..af47c5c30 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -28,4 +28,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 17.11.2 +version: 17.11.3 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index 4e8044819..c76ede516 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -8,8 +8,6 @@ Redis(R) is an open source, advanced key-value store. It is often referred to as Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. -Looking to use Redis® in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```console @@ -97,15 +95,15 @@ The command removes all the Kubernetes components associated with the chart and ### Redis® Image parameters -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Redis® image registry | `docker.io` | -| `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.11-debian-11-r7` | -| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Redis® image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | +| Name | Description | Value | +| ------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | Redis® image registry | `docker.io` | +| `image.repository` | Redis® image repository | `bitnami/redis` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.11-debian-11-r12` | +| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Redis® image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | ### Redis® common configuration parameters @@ -335,7 +333,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.11-debian-11-r6` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.11-debian-11-r10` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -453,7 +451,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.50.0-debian-11-r9` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.50.0-debian-11-r13` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -519,7 +517,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r114` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -529,7 +527,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | | `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r114` | +| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r118` | | `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | diff --git a/charts/bitnami/redis/charts/common/Chart.yaml b/charts/bitnami/redis/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/redis/charts/common/Chart.yaml +++ b/charts/bitnami/redis/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/redis/charts/common/README.md b/charts/bitnami/redis/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/redis/charts/common/README.md +++ b/charts/bitnami/redis/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/redis/charts/common/templates/_capabilities.tpl b/charts/bitnami/redis/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/redis/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/redis/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/redis/charts/common/templates/_images.tpl b/charts/bitnami/redis/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/redis/charts/common/templates/_images.tpl +++ b/charts/bitnami/redis/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index da8cc25e2..fa7cb0781 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -88,7 +88,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.0.11-debian-11-r7 + tag: 7.0.11-debian-11-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1001,7 +1001,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.0.11-debian-11-r6 + tag: 7.0.11-debian-11-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1443,7 +1443,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.50.0-debian-11-r9 + tag: 1.50.0-debian-11-r13 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1697,7 +1697,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r114 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1745,7 +1745,7 @@ sysctl: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r114 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/spark/Chart.lock b/charts/bitnami/spark/Chart.lock index 838521de8..691403b1a 100644 --- a/charts/bitnami/spark/Chart.lock +++ b/charts/bitnami/spark/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.3.0 -digest: sha256:11bbe86be64062d37b725f4dbc909aba3585b4976624ee9d27522366d3f956ea -generated: "2023-05-15T18:10:36.415128525Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T17:52:25.235313837Z" diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index c800a1a74..fcaf47d62 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -27,4 +27,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 6.6.2 +version: 6.6.3 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index cbbef6fe2..01ebd73a3 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | ----------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Spark image registry | `docker.io` | | `image.repository` | Spark image repository | `bitnami/spark` | -| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r28` | +| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r30` | | `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/spark/charts/common/Chart.yaml b/charts/bitnami/spark/charts/common/Chart.yaml index 220717ee1..4fc56bbb7 100644 --- a/charts/bitnami/spark/charts/common/Chart.yaml +++ b/charts/bitnami/spark/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.3.0 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.3.0 +version: 2.4.0 diff --git a/charts/bitnami/spark/charts/common/templates/_capabilities.tpl b/charts/bitnami/spark/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/spark/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/spark/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index 5bcd07585..08cc1e3ee 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -92,7 +92,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.3.2-debian-11-r28 + tag: 3.3.2-debian-11-r30 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/tomcat/Chart.lock b/charts/bitnami/tomcat/Chart.lock index 26ee4de6e..2c9d2ab00 100644 --- a/charts/bitnami/tomcat/Chart.lock +++ b/charts/bitnami/tomcat/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 -generated: "2023-05-08T12:37:14.476817499Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T18:42:05.725170752Z" diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml index 6ebc27ad4..cf17799de 100644 --- a/charts/bitnami/tomcat/Chart.yaml +++ b/charts/bitnami/tomcat/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: ApplicationServer licenses: Apache-2.0 apiVersion: v2 -appVersion: 10.1.8 +appVersion: 10.1.9 dependencies: - name: common repository: file://./charts/common @@ -16,7 +16,7 @@ dependencies: description: Apache Tomcat is an open-source web server designed to host and run Java-based web applications. It is a lightweight server with a good performance for applications running in production environments. -home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat +home: https://bitnami.com icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg keywords: - tomcat @@ -26,10 +26,9 @@ keywords: - application server - jsp maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: tomcat sources: -- https://github.com/bitnami/containers/tree/main/bitnami/tomcat -- http://tomcat.apache.org -version: 10.8.2 +- https://github.com/bitnami/charts/tree/main/bitnami/tomcat +version: 10.9.1 diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md index 95158195e..e25009351 100644 --- a/charts/bitnami/tomcat/README.md +++ b/charts/bitnami/tomcat/README.md @@ -79,7 +79,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | ------------------------------------------------------------------------------------------------------ | --------------------- | | `image.registry` | Tomcat image registry | `docker.io` | | `image.repository` | Tomcat image repository | `bitnami/tomcat` | -| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.8-debian-11-r7` | +| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.9-debian-11-r0` | | `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -201,7 +201,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r113` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r118` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -216,7 +216,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r17` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r22` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/tomcat/charts/common/Chart.yaml b/charts/bitnami/tomcat/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/tomcat/charts/common/Chart.yaml +++ b/charts/bitnami/tomcat/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/tomcat/charts/common/README.md b/charts/bitnami/tomcat/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/tomcat/charts/common/README.md +++ b/charts/bitnami/tomcat/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl b/charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/tomcat/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/tomcat/charts/common/templates/_images.tpl b/charts/bitnami/tomcat/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/tomcat/charts/common/templates/_images.tpl +++ b/charts/bitnami/tomcat/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml index b26b76999..0db0c0fc9 100644 --- a/charts/bitnami/tomcat/values.yaml +++ b/charts/bitnami/tomcat/values.yaml @@ -58,7 +58,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/tomcat - tag: 10.1.8-debian-11-r7 + tag: 10.1.9-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -582,7 +582,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r113 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -642,7 +642,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.18.0-debian-11-r17 + tag: 0.18.0-debian-11-r22 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index dd2e3f6ad..4413ee937 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 12.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.3.0 -digest: sha256:220319398a85a996e25863bac89c26538955c239c8c848a9ccb7ec618b205de7 -generated: "2023-05-17T07:52:56.060555972Z" + version: 2.4.0 +digest: sha256:f91611db01189c8aa9d44ef11478df1f5b9dd47289936ddfad8dbf50f29f9d08 +generated: "2023-05-21T17:08:37.275529069Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 03e044e36..d233c923f 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: CMS licenses: Apache-2.0 apiVersion: v2 -appVersion: 6.2.1 +appVersion: 6.2.2 dependencies: - condition: memcached.enabled name: memcached @@ -40,4 +40,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 16.1.5 +version: 16.1.6 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index f09c8e5a4..65dc4f7e1 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.1-debian-11-r1` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r0` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -247,7 +247,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r117` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -279,7 +279,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.3-debian-11-r7` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.3-debian-11-r9` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/charts/common/Chart.yaml b/charts/bitnami/wordpress/charts/common/Chart.yaml index 220717ee1..4fc56bbb7 100644 --- a/charts/bitnami/wordpress/charts/common/Chart.yaml +++ b/charts/bitnami/wordpress/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.3.0 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.3.0 +version: 2.4.0 diff --git a/charts/bitnami/wordpress/charts/common/templates/_capabilities.tpl b/charts/bitnami/wordpress/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/wordpress/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/wordpress/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 360c88402..71487feb6 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.2.1-debian-11-r1 + tag: 6.2.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -763,7 +763,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r117 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -857,7 +857,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.13.3-debian-11-r7 + tag: 0.13.3-debian-11-r9 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/zookeeper/Chart.lock b/charts/bitnami/zookeeper/Chart.lock index 30e0321c1..5812ea269 100644 --- a/charts/bitnami/zookeeper/Chart.lock +++ b/charts/bitnami/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.2.5 -digest: sha256:318f438acfeaced11d9060877d615caf1985417d2865810defaa886d3496f8d3 -generated: "2023-05-08T19:52:25.626211407Z" + version: 2.4.0 +digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 +generated: "2023-05-21T17:05:21.743633346Z" diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index a52371510..bb3aa391c 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -25,4 +25,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 11.4.1 +version: 11.4.2 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index e3f1e037f..fc1e1e78e 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -8,8 +8,6 @@ Apache ZooKeeper provides a reliable, centralized register of configuration data Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. -Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```console @@ -82,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r31` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r36` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -248,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r114` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | diff --git a/charts/bitnami/zookeeper/charts/common/Chart.yaml b/charts/bitnami/zookeeper/charts/common/Chart.yaml index 8f0fff689..4fc56bbb7 100644 --- a/charts/bitnami/zookeeper/charts/common/Chart.yaml +++ b/charts/bitnami/zookeeper/charts/common/Chart.yaml @@ -2,10 +2,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.5 +appVersion: 2.4.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common +home: https://bitnami.com icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -14,11 +14,10 @@ keywords: - function - bitnami maintainers: -- name: Bitnami +- name: VMware, Inc. url: https://github.com/bitnami/charts name: common sources: - https://github.com/bitnami/charts -- https://www.bitnami.com/ type: library -version: 2.2.5 +version: 2.4.0 diff --git a/charts/bitnami/zookeeper/charts/common/README.md b/charts/bitnami/zookeeper/charts/common/README.md index 6381c3b72..72fca33da 100644 --- a/charts/bitnami/zookeeper/charts/common/README.md +++ b/charts/bitnami/zookeeper/charts/common/README.md @@ -2,6 +2,8 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## TL;DR ```yaml diff --git a/charts/bitnami/zookeeper/charts/common/templates/_capabilities.tpl b/charts/bitnami/zookeeper/charts/common/templates/_capabilities.tpl index 9d9b76004..697486a31 100644 --- a/charts/bitnami/zookeeper/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/zookeeper/charts/common/templates/_capabilities.tpl @@ -48,6 +48,17 @@ Return the appropriate apiVersion for cronjob. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + {{/* Return the appropriate apiVersion for deployment. */}} @@ -141,6 +152,21 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/zookeeper/charts/common/templates/_images.tpl b/charts/bitnami/zookeeper/charts/common/templates/_images.tpl index 2e7b15151..d60c22e25 100644 --- a/charts/bitnami/zookeeper/charts/common/templates/_images.tpl +++ b/charts/bitnami/zookeeper/charts/common/templates/_images.tpl @@ -45,7 +45,7 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} @@ -73,7 +73,7 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if (not (empty $pullSecrets)) }} imagePullSecrets: - {{- range $pullSecrets }} + {{- range $pullSecrets | uniq }} - name: {{ . }} {{- end }} {{- end }} diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index 1ea1e75e0..51ae4470d 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.1-debian-11-r31 + tag: 3.8.1-debian-11-r36 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r114 + tag: 11-debian-11-r118 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/cert-manager/cert-manager/Chart.yaml b/charts/cert-manager/cert-manager/Chart.yaml index 260ba1150..d78ca5ce3 100644 --- a/charts/cert-manager/cert-manager/Chart.yaml +++ b/charts/cert-manager/cert-manager/Chart.yaml @@ -5,11 +5,11 @@ annotations: url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg catalog.cattle.io/certified: partner catalog.cattle.io/display-name: cert-manager - catalog.cattle.io/kube-version: '>= 1.21.0-0' + catalog.cattle.io/kube-version: '>= 1.22.0-0' catalog.cattle.io/namespace: cert-manager catalog.cattle.io/release-name: cert-manager apiVersion: v1 -appVersion: v1.11.2 +appVersion: v1.12.0 description: A Helm chart for cert-manager home: https://github.com/cert-manager/cert-manager icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png @@ -18,7 +18,7 @@ keywords: - kube-lego - letsencrypt - tls -kubeVersion: '>= 1.21.0-0' +kubeVersion: '>= 1.22.0-0' maintainers: - email: cert-manager-maintainers@googlegroups.com name: cert-manager-maintainers @@ -26,4 +26,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.11.2 +version: v1.12.0 diff --git a/charts/cert-manager/cert-manager/README.md b/charts/cert-manager/cert-manager/README.md index 7ad150e09..63a30fec3 100644 --- a/charts/cert-manager/cert-manager/README.md +++ b/charts/cert-manager/cert-manager/README.md @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.2/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.crds.yaml ``` To install the chart with the release name `my-release`: @@ -29,7 +29,7 @@ To install the chart with the release name `my-release`: $ helm repo add jetstack https://charts.jetstack.io ## Install the cert-manager helm chart -$ helm install my-release --namespace cert-manager --version v1.11.2 jetstack/cert-manager +$ helm install my-release --namespace cert-manager --version v1.12.0 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.2/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.crds.yaml ``` ## Configuration @@ -86,7 +86,7 @@ The following table lists the configurable parameters of the cert-manager chart | `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | | | `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` | | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v1.11.2` | +| `image.tag` | Image tag | `v1.12.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicaCount` | Number of cert-manager replicas | `1` | | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod | @@ -106,6 +106,13 @@ The following table lists the configurable parameters of the cert-manager chart | `affinity` | Node affinity for pod assignment | `{}` | | `tolerations` | Node tolerations for pod assignment | `[]` | | `topologySpreadConstraints` | Topology spread constraints for pod assignment | `[]` | +| `livenessProbe.enabled` | Enable or disable the liveness probe for the controller container in the controller Pod. See https://cert-manager.io/docs/installation/best-practice/ to learn about when you might want to enable this livenss probe. | `false` | +| `livenessProbe.initialDelaySeconds` | The liveness probe initial delay (in seconds) | `10` | +| `livenessProbe.periodSeconds` | The liveness probe period (in seconds) | `10` | +| `livenessProbe.timeoutSeconds` | The liveness probe timeout (in seconds) | `10` | +| `livenessProbe.periodSeconds` | The liveness probe period (in seconds) | `10` | +| `livenessProbe.successThreshold` | The liveness probe success threshold | `1` | +| `livenessProbe.failureThreshold` | The liveness probe failure threshold | `8` | | `ingressShim.defaultIssuerName` | Optional default issuer to use for ingress resources | | | `ingressShim.defaultIssuerKind` | Optional default issuer kind to use for ingress resources | | | `ingressShim.defaultIssuerGroup` | Optional default issuer group to use for ingress resources | | @@ -121,6 +128,9 @@ The following table lists the configurable parameters of the cert-manager chart | `prometheus.servicemonitor.honorLabels` | Enable label honoring for metrics scraped by Prometheus (see [Prometheus scrape config docs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) for details). By setting `honorLabels` to `true`, Prometheus will prefer label contents given by cert-manager on conflicts. Can be used to remove the "exported_namespace" label for example. | `false` | | `podAnnotations` | Annotations to add to the cert-manager pod | `{}` | | `deploymentAnnotations` | Annotations to add to the cert-manager deployment | `{}` | +| `podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the cert-manager deployment | `false` | +| `podDisruptionBudget.minAvailable` | Configures the minimum available pods for voluntary disruptions. Cannot used if `maxUnavailable` is set. | `1` | +| `podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for voluntary disruptions. Cannot used if `minAvailable` is set. | | | `podDnsPolicy` | Optional cert-manager pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy) | | | `podDnsConfig` | Optional cert-manager pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) | | | `podLabels` | Labels to add to the cert-manager pod | `{}` | @@ -129,12 +139,18 @@ The following table lists the configurable parameters of the cert-manager chart | `http_proxy` | Value of the `HTTP_PROXY` environment variable in the cert-manager pod | | | `https_proxy` | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod | | | `no_proxy` | Value of the `NO_PROXY` environment variable in the cert-manager pod | | +| `dns01RecursiveNameservers` | Comma separated string with host and port of the recursive nameservers cert-manager should query | `` | +| `dns01RecursiveNameserversOnly` | Forces cert-manager to only use the recursive nameservers for verification. | `false` | +| `enableCertificateOwnerRef` | When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted | `false` | | `webhook.replicaCount` | Number of cert-manager webhook replicas | `1` | | `webhook.timeoutSeconds` | Seconds the API server should wait the webhook to respond before treating the call as a failure. | `10` | | `webhook.podAnnotations` | Annotations to add to the webhook pods | `{}` | | `webhook.podLabels` | Labels to add to the cert-manager webhook pod | `{}` | | `webhook.serviceLabels` | Labels to add to the cert-manager webhook service | `{}` | | `webhook.deploymentAnnotations` | Annotations to add to the webhook deployment | `{}` | +| `webhook.podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the cert-manager deployment | `false` | +| `webhook.podDisruptionBudget.minAvailable` | Configures the minimum available pods for voluntary disruptions. Cannot used if `maxUnavailable` is set. | `1` | +| `webhook.podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for voluntary disruptions. Cannot used if `minAvailable` is set. | | | `webhook.mutatingWebhookConfigurationAnnotations` | Annotations to add to the mutating webhook configuration | `{}` | | `webhook.validatingWebhookConfigurationAnnotations` | Annotations to add to the validating webhook configuration | `{}` | | `webhook.serviceAnnotations` | Annotations to add to the webhook service | `{}` | @@ -153,7 +169,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` | | `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` | | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v1.11.2` | +| `webhook.image.tag` | Webhook image tag | `v1.12.0` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | | `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` | | `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -177,6 +193,9 @@ The following table lists the configurable parameters of the cert-manager chart | `cainjector.podAnnotations` | Annotations to add to the cainjector pods | `{}` | | `cainjector.podLabels` | Labels to add to the cert-manager cainjector pod | `{}` | | `cainjector.deploymentAnnotations` | Annotations to add to the cainjector deployment | `{}` | +| `cainjector.podDisruptionBudget.enabled` | Adds a PodDisruptionBudget for the cert-manager deployment | `false` | +| `cainjector.podDisruptionBudget.minAvailable` | Configures the minimum available pods for voluntary disruptions. Cannot used if `maxUnavailable` is set. | `1` | +| `cainjector.podDisruptionBudget.maxUnavailable` | Configures the maximum unavailable pods for voluntary disruptions. Cannot used if `minAvailable` is set. | | | `cainjector.extraArgs` | Optional flags for cert-manager cainjector component | `[]` | | `cainjector.serviceAccount.create` | If `true`, create a new service account for the cainjector component | `true` | | `cainjector.serviceAccount.name` | Service account for the cainjector component to be used. If not set and `cainjector.serviceAccount.create` is `true`, a name is generated using the fullname template | | @@ -188,12 +207,12 @@ The following table lists the configurable parameters of the cert-manager chart | `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` | | `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` | | `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` | -| `cainjector.image.tag` | cainjector image tag | `v1.11.2` | +| `cainjector.image.tag` | cainjector image tag | `v1.12.0` | | `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` | | `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) | | `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) | | `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` | -| `acmesolver.image.tag` | acmesolver image tag | `v1.11.2` | +| `acmesolver.image.tag` | acmesolver image tag | `v1.12.0` | | `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` | | `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` | | `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -209,7 +228,7 @@ The following table lists the configurable parameters of the cert-manager chart | `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` | | `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` | | `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` | -| `startupapicheck.image.tag` | startupapicheck image tag | `v1.11.2` | +| `startupapicheck.image.tag` | startupapicheck image tag | `v1.12.0` | | `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` | | `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` | | `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | | diff --git a/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml b/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml index fbfed0fce..122017374 100644 --- a/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/cainjector-deployment.yaml @@ -90,6 +90,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.cainjector.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.cainjector.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -106,4 +110,8 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.cainjector.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml new file mode 100644 index 000000000..f080b753a --- /dev/null +++ b/charts/cert-manager/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -0,0 +1,26 @@ +{{- if .Values.cainjector.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "cainjector.fullname" . }} + namespace: {{ include "cert-manager.namespace" . }} + labels: + app: {{ include "cainjector.name" . }} + app.kubernetes.io/name: {{ include "cainjector.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "cainjector" + {{- include "labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "cainjector.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "cainjector" + + {{- with .Values.cainjector.podDisruptionBudget.minAvailable }} + minAvailable: {{ . }} + {{- end }} + {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/cert-manager/cert-manager/templates/cainjector-rbac.yaml b/charts/cert-manager/cert-manager/templates/cainjector-rbac.yaml index 0393f92be..2aa59eee9 100644 --- a/charts/cert-manager/cert-manager/templates/cainjector-rbac.yaml +++ b/charts/cert-manager/cert-manager/templates/cainjector-rbac.yaml @@ -22,13 +22,13 @@ rules: verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/cert-manager/cert-manager/templates/crds.yaml b/charts/cert-manager/cert-manager/templates/crds.yaml index cef6d539d..820698742 100644 --- a/charts/cert-manager/cert-manager/templates/crds.yaml +++ b/charts/cert-manager/cert-manager/templates/crds.yaml @@ -333,7 +333,7 @@ spec: - passwordSecretRef properties: create: - description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority type: boolean passwordSecretRef: description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. @@ -355,7 +355,7 @@ spec: - passwordSecretRef properties: create: - description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority type: boolean passwordSecretRef: description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. @@ -544,7 +544,7 @@ spec: description: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). type: integer lastFailureTime: - description: LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time. + description: LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. type: string format: date-time nextPrivateKeySecretName: @@ -1014,7 +1014,10 @@ spec: type: object properties: class: - description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + type: string + ingressClassName: + description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. type: string ingressTemplate: description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. @@ -1035,7 +1038,7 @@ spec: additionalProperties: type: string name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. type: string podTemplate: description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. @@ -1056,7 +1059,7 @@ spec: additionalProperties: type: string spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. type: object properties: affinity: @@ -1531,6 +1534,17 @@ spec: topologyKey: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string + imagePullSecrets: + description: If specified, the pod's imagePullSecrets + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + x-kubernetes-map-type: atomic nodeSelector: description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object @@ -1637,7 +1651,7 @@ metadata: labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/instance: "{{ .Release.Name }}" # Generated labels {{- include "labels" . | nindent 4 }} spec: group: cert-manager.io @@ -2115,7 +2129,10 @@ spec: type: object properties: class: - description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + type: string + ingressClassName: + description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. type: string ingressTemplate: description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. @@ -2136,7 +2153,7 @@ spec: additionalProperties: type: string name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. type: string podTemplate: description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. @@ -2157,7 +2174,7 @@ spec: additionalProperties: type: string spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. type: object properties: affinity: @@ -2632,6 +2649,17 @@ spec: topologyKey: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string + imagePullSecrets: + description: If specified, the pod's imagePullSecrets + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + x-kubernetes-map-type: atomic nodeSelector: description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object @@ -2759,7 +2787,6 @@ spec: type: object required: - role - - secretRef properties: mountPath: description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. @@ -2779,6 +2806,15 @@ spec: name: description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + serviceAccountRef: + description: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + name: + description: Name of the ServiceAccount used to request a token. + type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. type: object @@ -2877,6 +2913,9 @@ spec: description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. type: object properties: + lastPrivateKeyHash: + description: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + type: string lastRegisteredEmail: description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer type: string @@ -2930,7 +2969,7 @@ metadata: labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' - app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/instance: "{{ .Release.Name }}" # Generated labels {{- include "labels" . | nindent 4 }} spec: group: cert-manager.io @@ -3408,7 +3447,10 @@ spec: type: object properties: class: - description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + type: string + ingressClassName: + description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. type: string ingressTemplate: description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. @@ -3429,7 +3471,7 @@ spec: additionalProperties: type: string name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. type: string podTemplate: description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. @@ -3450,7 +3492,7 @@ spec: additionalProperties: type: string spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. type: object properties: affinity: @@ -3925,6 +3967,17 @@ spec: topologyKey: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string + imagePullSecrets: + description: If specified, the pod's imagePullSecrets + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + x-kubernetes-map-type: atomic nodeSelector: description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object @@ -4052,7 +4105,6 @@ spec: type: object required: - role - - secretRef properties: mountPath: description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. @@ -4072,6 +4124,15 @@ spec: name: description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + serviceAccountRef: + description: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + name: + description: Name of the ServiceAccount used to request a token. + type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. type: object @@ -4170,6 +4231,9 @@ spec: description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. type: object properties: + lastPrivateKeyHash: + description: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + type: string lastRegisteredEmail: description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer type: string diff --git a/charts/cert-manager/cert-manager/templates/deployment.yaml b/charts/cert-manager/cert-manager/templates/deployment.yaml index 6e74f1e82..aea5736c0 100644 --- a/charts/cert-manager/cert-manager/templates/deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/deployment.yaml @@ -113,10 +113,22 @@ spec: {{- if .Values.maxConcurrentChallenges }} - --max-concurrent-challenges={{ .Values.maxConcurrentChallenges }} {{- end }} + {{- if .Values.enableCertificateOwnerRef }} + - --enable-certificate-owner-ref=true + {{- end }} + {{- if .Values.dns01RecursiveNameserversOnly }} + - --dns01-recursive-nameservers-only=true + {{- end }} + {{- with .Values.dns01RecursiveNameservers }} + - --dns01-recursive-nameservers={{ . }} + {{- end }} ports: - containerPort: 9402 name: http-metrics protocol: TCP + - containerPort: 9403 + name: http-healthz + protocol: TCP {{- with .Values.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} @@ -149,6 +161,24 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + + {{- with .Values.livenessProbe }} + {{- if .enabled }} + # LivenessProbe settings are based on those used for the Kubernetes + # controller-manager. See: + # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 + livenessProbe: + httpGet: + port: http-healthz + path: /livez + scheme: HTTP + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml b/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..dab75ce68 --- /dev/null +++ b/charts/cert-manager/cert-manager/templates/poddisruptionbudget.yaml @@ -0,0 +1,26 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "cert-manager.fullname" . }} + namespace: {{ include "cert-manager.namespace" . }} + labels: + app: {{ include "cert-manager.name" . }} + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + {{- include "labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + + {{- with .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ . }} + {{- end }} + {{- with .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/cert-manager/cert-manager/templates/rbac.yaml b/charts/cert-manager/cert-manager/templates/rbac.yaml index 361b1a223..830e37285 100644 --- a/charts/cert-manager/cert-manager/templates/rbac.yaml +++ b/charts/cert-manager/cert-manager/templates/rbac.yaml @@ -70,7 +70,6 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["create", "patch"] - --- # ClusterIssuer controller role diff --git a/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml b/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml index f55b5fe15..a9b965e18 100644 --- a/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml +++ b/charts/cert-manager/cert-manager/templates/startupapicheck-job.yaml @@ -34,6 +34,9 @@ spec: spec: restartPolicy: OnFailure serviceAccountName: {{ template "startupapicheck.serviceAccountName" . }} + {{- if hasKey .Values.startupapicheck "automountServiceAccountToken" }} + automountServiceAccountToken: {{ .Values.startupapicheck.automountServiceAccountToken }} + {{- end }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -62,6 +65,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.startupapicheck.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.startupapicheck.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -74,4 +81,8 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.startupapicheck.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml index 259a96c79..043c4b150 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml @@ -146,10 +146,15 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- if .Values.webhook.config }} + {{- if or .Values.webhook.config .Values.webhook.volumeMounts }} volumeMounts: + {{- if .Values.webhook.config }} - name: config mountPath: /var/cert-manager/config + {{- end }} + {{- if .Values.webhook.volumeMounts }} + {{- toYaml .Values.webhook.volumeMounts | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.webhook.nodeSelector }} nodeSelector: @@ -167,9 +172,14 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.webhook.config }} + {{- if or .Values.webhook.config .Values.webhook.volumes }} volumes: + {{- if .Values.webhook.config }} - name: config configMap: name: {{ include "webhook.fullname" . }} + {{- end }} + {{- if .Values.webhook.volumes }} + {{- toYaml .Values.webhook.volumes | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml b/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml new file mode 100644 index 000000000..c8a357cb1 --- /dev/null +++ b/charts/cert-manager/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -0,0 +1,26 @@ +{{- if .Values.webhook.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "webhook.fullname" . }} + namespace: {{ include "cert-manager.namespace" . }} + labels: + app: {{ include "webhook.name" . }} + app.kubernetes.io/name: {{ include "webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "webhook" + {{- include "labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "webhook" + + {{- with .Values.webhook.podDisruptionBudget.minAvailable }} + minAvailable: {{ . }} + {{- end }} + {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/cert-manager/cert-manager/templates/webhook-psp-clusterrole.yaml b/charts/cert-manager/cert-manager/templates/webhook-psp-clusterrole.yaml index 2a8808e7d..f6fa4c55e 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-psp-clusterrole.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-psp-clusterrole.yaml @@ -15,4 +15,4 @@ rules: verbs: ['use'] resourceNames: - {{ template "webhook.fullname" . }} -{{- end }} +{{- end }} diff --git a/charts/cert-manager/cert-manager/values.yaml b/charts/cert-manager/cert-manager/values.yaml index 35ec9766a..def8de1b9 100644 --- a/charts/cert-manager/cert-manager/values.yaml +++ b/charts/cert-manager/cert-manager/values.yaml @@ -60,6 +60,15 @@ strategy: {} # maxSurge: 0 # maxUnavailable: 1 +podDisruptionBudget: + enabled: false + + minAvailable: 1 + # maxUnavailable: 1 + + # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) + # or a percentage value (e.g. 25%) + # Comma separated list of feature gates that should be enabled on the # controller pod & webhook pod. featureGates: "" @@ -107,11 +116,22 @@ serviceAccount: # Automounting API credentials for a particular pod # automountServiceAccountToken: true +# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted +enableCertificateOwnerRef: false + +# Setting Nameservers for DNS01 Self Check +# See: https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check + +# Comma separated string with host and port of the recursive nameservers cert-manager should query +dns01RecursiveNameservers: "" + +# Forces cert-manager to only use the recursive nameservers for verification. +# Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers +dns01RecursiveNameserversOnly: false + # Additional command line flags to pass to cert-manager controller binary. # To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help extraArgs: [] - # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted - # - --enable-certificate-owner-ref=true # Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver # - --controllers=*,-certificaterequests-approver @@ -197,7 +217,7 @@ prometheus: # https_proxy: "https://proxy:8080" # no_proxy: 127.0.0.1,localhost -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core +# A Kubernetes Affinty, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core # for example: # affinity: # nodeAffinity: @@ -210,7 +230,7 @@ prometheus: # - master affinity: {} -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core +# A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core # for example: # tolerations: # - key: foo.bar.com/role @@ -219,7 +239,7 @@ affinity: {} # effect: NoSchedule tolerations: [] -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#topologyspreadconstraint-v1-core +# A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core # for example: # topologySpreadConstraints: # - maxSkew: 2 @@ -231,6 +251,22 @@ tolerations: [] # app.kubernetes.io/component: controller topologySpreadConstraints: [] +# LivenessProbe settings for the controller container of the controller Pod. +# +# Disabled by default, because the controller has a leader election mechanism +# which should cause it to exit if it is unable to renew its leader election +# record. +# LivenessProbe durations and thresholds are based on those used for the Kubernetes +# controller-manager. See: +# https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 +livenessProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 8 + webhook: replicaCount: 1 timeoutSeconds: 10 @@ -265,6 +301,15 @@ webhook: seccompProfile: type: RuntimeDefault + podDisruptionBudget: + enabled: false + + minAvailable: 1 + # maxUnavailable: 1 + + # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) + # or a percentage value (e.g. 25%) + # Container Security Context to be set on the webhook component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ containerSecurityContext: @@ -409,10 +454,17 @@ webhook: protocol: TCP - port: 53 protocol: UDP + # On OpenShift and OKD, the Kubernetes API server listens on + # port 6443. + - port: 6443 + protocol: TCP to: - ipBlock: cidr: 0.0.0.0/0 + volumes: [] + volumeMounts: [] + cainjector: enabled: true replicaCount: 1 @@ -430,6 +482,15 @@ cainjector: seccompProfile: type: RuntimeDefault + podDisruptionBudget: + enabled: false + + minAvailable: 1 + # maxUnavailable: 1 + + # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) + # or a percentage value (e.g. 25%) + # Container Security Context to be set on the cainjector component container # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ containerSecurityContext: @@ -501,6 +562,9 @@ cainjector: # Automounting API credentials for a particular pod # automountServiceAccountToken: true + volumes: [] + volumeMounts: [] + acmesolver: image: repository: quay.io/jetstack/cert-manager-acmesolver @@ -598,6 +662,9 @@ startupapicheck: helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + # Automounting API credentials for a particular pod + # automountServiceAccountToken: true + serviceAccount: # Specifies whether a service account should be created create: true @@ -617,3 +684,6 @@ startupapicheck: # Optional additional labels to add to the startupapicheck's ServiceAccount # labels: {} + + volumes: [] + volumeMounts: [] diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 2f466a85b..8ac5c838f 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.29.3 + +* Add `inotify_add_watch`, `inotify_init`, `inotify_init1`, and `inotify_rm_watch` to the default seccomp profile of system-probe. + ## 3.29.2 * Default `Agent` and `Cluster-Agent` to `7.44.1` version. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 2a85bcaf8..4e8c368b8 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.29.2 +version: 3.29.3 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index 213d815d9..b3c9300de 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.29.2](https://img.shields.io/badge/Version-3.29.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.29.3](https://img.shields.io/badge/Version-3.29.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/datadog/templates/system-probe-configmap.yaml b/charts/datadog/datadog/templates/system-probe-configmap.yaml index 12e01d26a..b15c1e728 100644 --- a/charts/datadog/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/datadog/templates/system-probe-configmap.yaml @@ -159,6 +159,10 @@ data: "gettimeofday", "getuid", "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", "ioctl", "ipc", "listen", diff --git a/charts/dynatrace/dynatrace-operator/Chart.yaml b/charts/dynatrace/dynatrace-operator/Chart.yaml index e80126fac..44bc06ed3 100644 --- a/charts/dynatrace/dynatrace-operator/Chart.yaml +++ b/charts/dynatrace/dynatrace-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19.0-0' catalog.cattle.io/release-name: dynatrace-operator apiVersion: v2 -appVersion: 0.11.1 +appVersion: 0.11.2 description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift home: https://www.dynatrace.com/ icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png @@ -20,4 +20,4 @@ name: dynatrace-operator sources: - https://github.com/Dynatrace/dynatrace-operator type: application -version: 0.11.1 +version: 0.11.2 diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml index e92606d32..5ad7c4314 100644 --- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml +++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml @@ -18,6 +18,9 @@ kind: CSIDriver metadata: name: csi.oneagent.dynatrace.com labels: + {{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} + security.openshift.io/csi-ephemeral-volume-profile: "restricted" + {{- end }} {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} spec: attachRequired: false diff --git a/charts/dynatrace/dynatrace-operator/templates/_helpers.tpl b/charts/dynatrace/dynatrace-operator/templates/_helpers.tpl index 0da070c89..20787424c 100644 --- a/charts/dynatrace/dynatrace-operator/templates/_helpers.tpl +++ b/charts/dynatrace/dynatrace-operator/templates/_helpers.tpl @@ -21,13 +21,15 @@ Create chart name and version as used by the chart label. {{- end }} {{/* -Check if default image is used +Check if default image or imageref is used */}} {{- define "dynatrace-operator.image" -}} {{- if .Values.image -}} {{- printf "%s" .Values.image -}} {{- else -}} - {{- if eq (include "dynatrace-operator.platform" .) "google-marketplace" -}} + {{- if (.Values.imageRef).repository -}} + {{- .Values.imageRef.tag | default (printf "v%s" .Chart.AppVersion) | printf "%s:%s" .Values.imageRef.repository -}} + {{- else if eq (include "dynatrace-operator.platform" .) "google-marketplace" -}} {{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" .Chart.AppVersion }} {{- else -}} {{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }} diff --git a/charts/dynatrace/dynatrace-operator/values.yaml b/charts/dynatrace/dynatrace-operator/values.yaml index 3462f8f3c..356ffda29 100644 --- a/charts/dynatrace/dynatrace-operator/values.yaml +++ b/charts/dynatrace/dynatrace-operator/values.yaml @@ -15,7 +15,15 @@ # may be set to "kubernetes", "openshift", or "gke-autopilot" platform: "" +#image qualifier; OBSOLETE -> use imageref instead! +# supply either image or imageref; if both supplied, imageref will be disregarded image: "" +#image description using tags +#resulting image will be named :v +imageRef: + repository: "" #path to repo + tag: "" #defaults to chart version + customPullSecret: "" installCRD: false diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index 5142bcf25..80204bfb3 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.8.1 +appVersion: v0.8.2 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.8.1 +version: 0.8.2 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index 7da27c880..93e30d898 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) External secret management for Kubernetes @@ -43,6 +43,7 @@ The command removes all the Kubernetes components associated with the chart and | certController.extraVolumeMounts | list | `[]` | | | certController.extraVolumes | list | `[]` | | | certController.fullnameOverride | string | `""` | | +| certController.hostNetwork | bool | `false` | Run the certController on the host network | | certController.image.pullPolicy | string | `"IfNotPresent"` | | | certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | certController.image.tag | string | `""` | | @@ -64,7 +65,12 @@ The command removes all the Kubernetes components associated with the chart and | certController.requeueInterval | string | `"5m"` | | | certController.resources | object | `{}` | | | certController.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | -| certController.securityContext | object | `{}` | | +| certController.securityContext.allowPrivilegeEscalation | bool | `false` | | +| certController.securityContext.capabilities.drop[0] | string | `"ALL"` | | +| certController.securityContext.readOnlyRootFilesystem | bool | `true` | | +| certController.securityContext.runAsNonRoot | bool | `true` | | +| certController.securityContext.runAsUser | int | `1000` | | +| certController.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | certController.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | | certController.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod | | certController.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | @@ -75,6 +81,7 @@ The command removes all the Kubernetes components associated with the chart and | certController.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics | | certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | certController.tolerations | list | `[]` | | +| certController.topologySpreadConstraints | list | `[]` | | | concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. | | controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. | | crds.annotations | object | `{}` | | @@ -85,12 +92,14 @@ The command removes all the Kubernetes components associated with the chart and | createOperator | bool | `true` | Specifies whether an external secret operator deployment be created. | | deploymentAnnotations | object | `{}` | Annotations to add to Deployment | | dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment | +| extendedMetricLabels | bool | `false` | If true external secrets will use recommended kubernetes annotations as prometheus metric labels. | | extraArgs | object | `{}` | | | extraContainers | list | `[]` | | | extraEnv | list | `[]` | | | extraVolumeMounts | list | `[]` | | | extraVolumes | list | `[]` | | | fullnameOverride | string | `""` | | +| hostNetwork | bool | `false` | Run the controller on the host network | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | image.tag | string | `""` | The image tag to use. The default is the chart appVersion. There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. | @@ -112,12 +121,18 @@ The command removes all the Kubernetes components associated with the chart and | prometheus.enabled | bool | `false` | deprecated. will be removed with 0.7.0, use serviceMonitor instead. | | prometheus.service.port | int | `8080` | deprecated. will be removed with 0.7.0, use serviceMonitor instead. | | rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. | +| rbac.servicebindings.create | bool | `true` | Specifies whether a clusterrole to give servicebindings read access should be created. | | replicaCount | int | `1` | | | resources | object | `{}` | | | revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | | scopedNamespace | string | `""` | If set external secrets are only reconciled in the provided namespace | | scopedRBAC | bool | `false` | Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace and implicitly disable cluster stores and cluster external secrets | -| securityContext | object | `{}` | | +| securityContext.allowPrivilegeEscalation | bool | `false` | | +| securityContext.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.readOnlyRootFilesystem | bool | `true` | | +| securityContext.runAsNonRoot | bool | `true` | | +| securityContext.runAsUser | int | `1000` | | +| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | | serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | @@ -128,6 +143,7 @@ The command removes all the Kubernetes components associated with the chart and | serviceMonitor.honorLabels | bool | `false` | Let prometheus add an exported_ prefix to conflicting labels | | serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics | | serviceMonitor.metricRelabelings | list | `[]` | Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) | +| serviceMonitor.namespace | string | `""` | namespace where you want to install ServiceMonitors | | serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) | | serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | tolerations | list | `[]` | | @@ -169,7 +185,12 @@ The command removes all the Kubernetes components associated with the chart and | webhook.resources | object | `{}` | | | webhook.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | | webhook.secretAnnotations | object | `{}` | Annotations to add to Secret | -| webhook.securityContext | object | `{}` | | +| webhook.securityContext.allowPrivilegeEscalation | bool | `false` | | +| webhook.securityContext.capabilities.drop[0] | string | `"ALL"` | | +| webhook.securityContext.readOnlyRootFilesystem | bool | `true` | | +| webhook.securityContext.runAsNonRoot | bool | `true` | | +| webhook.securityContext.runAsUser | int | `1000` | | +| webhook.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | webhook.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | | webhook.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod | | webhook.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | @@ -180,3 +201,4 @@ The command removes all the Kubernetes components associated with the chart and | webhook.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics | | webhook.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | webhook.tolerations | list | `[]` | | +| webhook.topologySpreadConstraints | list | `[]` | | diff --git a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml index c8d38c2f4..a9a6dee8b 100644 --- a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml @@ -38,6 +38,7 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + hostNetwork: {{ .Values.certController.hostNetwork }} containers: - name: cert-controller {{- with .Values.certController.securityContext }} @@ -102,6 +103,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.certController.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.certController.priorityClassName }} priorityClassName: {{ .Values.certController.priorityClassName }} {{- end }} diff --git a/charts/external-secrets/external-secrets/templates/cert-controller-rbac.yaml b/charts/external-secrets/external-secrets/templates/cert-controller-rbac.yaml index df37edeb7..a61851438 100644 --- a/charts/external-secrets/external-secrets/templates/cert-controller-rbac.yaml +++ b/charts/external-secrets/external-secrets/templates/cert-controller-rbac.yaml @@ -51,6 +51,15 @@ rules: - "watch" - "update" - "patch" + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "create" + - "update" + - "patch" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml index 7e882dbe0..edfcaf9f4 100644 --- a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml index f48233bff..c553e52c5 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -297,6 +296,9 @@ spec: engineVersion: default: v2 type: string + mergePolicy: + default: Replace + type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index 8e7ac84ba..b811e88ca 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -47,7 +46,7 @@ spec: description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: - description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property' + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' type: string provider: description: Used to configure the provider. Only one provider may be set @@ -186,6 +185,23 @@ spec: auth: description: AlibabaAuth contains a secretRef for credentials. properties: + rrsa: + description: Authenticate against Alibaba using RRSA. + properties: + oidcProviderArn: + type: string + oidcTokenFilePath: + type: string + roleArn: + type: string + sessionName: + type: string + required: + - oidcProviderArn + - oidcTokenFilePath + - roleArn + - sessionName + type: object secretRef: description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. properties: @@ -219,11 +235,7 @@ spec: - accessKeyIDSecretRef - accessKeySecretSecretRef type: object - required: - - secretRef type: object - endpoint: - type: string regionID: description: Alibaba Region to be used for the provider type: string @@ -456,7 +468,7 @@ spec: type: string type: object gitlab: - description: Gitlab configures this store to sync secrets using Gitlab Variables provider + description: GitLab configures this store to sync secrets using GitLab Variables provider properties: auth: description: Auth configures how secret-manager authenticates with a GitLab instance. @@ -1196,7 +1208,7 @@ spec: type: object type: array controller: - description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property' + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' type: string provider: description: Used to configure the provider. Only one provider may be set @@ -1335,6 +1347,23 @@ spec: auth: description: AlibabaAuth contains a secretRef for credentials. properties: + rrsa: + description: Authenticate against Alibaba using RRSA. + properties: + oidcProviderArn: + type: string + oidcTokenFilePath: + type: string + roleArn: + type: string + sessionName: + type: string + required: + - oidcProviderArn + - oidcTokenFilePath + - roleArn + - sessionName + type: object secretRef: description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. properties: @@ -1368,11 +1397,7 @@ spec: - accessKeyIDSecretRef - accessKeySecretSecretRef type: object - required: - - secretRef type: object - endpoint: - type: string regionID: description: Alibaba Region to be used for the provider type: string @@ -1456,6 +1481,9 @@ spec: type: object type: object type: object + externalID: + description: AWS External ID set on assumed IAM roles + type: string region: description: AWS Region to be used for the provider type: string @@ -1686,7 +1714,7 @@ spec: type: string type: object gitlab: - description: Gitlab configures this store to sync secrets using Gitlab Variables provider + description: GitLab configures this store to sync secrets using GitLab Variables provider properties: auth: description: Auth configures how secret-manager authenticates with a GitLab instance. @@ -2126,6 +2154,19 @@ spec: roleId: description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. type: string + roleRef: + description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object secretRef: description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. properties: @@ -2141,7 +2182,6 @@ spec: type: object required: - path - - roleId - secretRef type: object cert: @@ -2174,6 +2214,94 @@ spec: type: string type: object type: object + iam: + description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + properties: + externalID: + description: AWS External ID set on assumed IAM roles + type: string + jwt: + description: Specify a service account with IRSA enabled + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + type: object + path: + description: 'Path where the AWS auth method is enabled in Vault, e.g: "aws"' + type: string + region: + description: AWS region + type: string + role: + description: This is the AWS role to be assumed before talking to vault + type: string + secretRef: + description: Specify credentials in a Secret object + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + vaultAwsIamServerID: + description: 'X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' + type: string + vaultRole: + description: Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine + type: string + required: + - vaultRole + type: object jwt: description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml index 21a92446d..afe49a89c 100644 --- a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml index fa91bcf90..a62b4b05a 100644 --- a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -205,6 +204,14 @@ spec: type: object status: properties: + binding: + description: Binding represents a servicebinding.io Provisioned Service reference to the secret + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic conditions: items: properties: @@ -507,6 +514,9 @@ spec: engineVersion: default: v2 type: string + mergePolicy: + default: Replace + type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. properties: @@ -576,6 +586,14 @@ spec: type: object status: properties: + binding: + description: Binding represents a servicebinding.io Provisioned Service reference to the secret + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic conditions: items: properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/fake.yaml b/charts/external-secrets/external-secrets/templates/crds/fake.yaml index 624e48e24..261a4a889 100644 --- a/charts/external-secrets/external-secrets/templates/crds/fake.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/fake.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -38,6 +37,9 @@ spec: spec: description: FakeSpec contains the static data. properties: + controller: + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property' + type: string data: additionalProperties: type: string diff --git a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml index 4a7051c33..b733f2692 100644 --- a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/password.yaml b/charts/external-secrets/external-secrets/templates/crds/password.yaml index e5c94bcfb..2b9e59c92 100644 --- a/charts/external-secrets/external-secrets/templates/crds/password.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/password.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml index 4e8b37bf6..48f7f2946 100644 --- a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -52,6 +51,9 @@ spec: remoteRef: description: Remote Refs to push to providers. properties: + property: + description: Name of the property in the resulting secret + type: string remoteKey: description: Name of the resulting provider secret. type: string @@ -177,6 +179,9 @@ spec: remoteRef: description: Remote Refs to push to providers. properties: + property: + description: Name of the property in the resulting secret + type: string remoteKey: description: Name of the resulting provider secret. type: string diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index 99235bd5a..a37d10969 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -47,7 +46,7 @@ spec: description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: - description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property' + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' type: string provider: description: Used to configure the provider. Only one provider may be set @@ -186,6 +185,23 @@ spec: auth: description: AlibabaAuth contains a secretRef for credentials. properties: + rrsa: + description: Authenticate against Alibaba using RRSA. + properties: + oidcProviderArn: + type: string + oidcTokenFilePath: + type: string + roleArn: + type: string + sessionName: + type: string + required: + - oidcProviderArn + - oidcTokenFilePath + - roleArn + - sessionName + type: object secretRef: description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. properties: @@ -219,11 +235,7 @@ spec: - accessKeyIDSecretRef - accessKeySecretSecretRef type: object - required: - - secretRef type: object - endpoint: - type: string regionID: description: Alibaba Region to be used for the provider type: string @@ -456,7 +468,7 @@ spec: type: string type: object gitlab: - description: Gitlab configures this store to sync secrets using Gitlab Variables provider + description: GitLab configures this store to sync secrets using GitLab Variables provider properties: auth: description: Auth configures how secret-manager authenticates with a GitLab instance. @@ -1196,7 +1208,7 @@ spec: type: object type: array controller: - description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property' + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' type: string provider: description: Used to configure the provider. Only one provider may be set @@ -1335,6 +1347,23 @@ spec: auth: description: AlibabaAuth contains a secretRef for credentials. properties: + rrsa: + description: Authenticate against Alibaba using RRSA. + properties: + oidcProviderArn: + type: string + oidcTokenFilePath: + type: string + roleArn: + type: string + sessionName: + type: string + required: + - oidcProviderArn + - oidcTokenFilePath + - roleArn + - sessionName + type: object secretRef: description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. properties: @@ -1368,11 +1397,7 @@ spec: - accessKeyIDSecretRef - accessKeySecretSecretRef type: object - required: - - secretRef type: object - endpoint: - type: string regionID: description: Alibaba Region to be used for the provider type: string @@ -1456,6 +1481,9 @@ spec: type: object type: object type: object + externalID: + description: AWS External ID set on assumed IAM roles + type: string region: description: AWS Region to be used for the provider type: string @@ -1686,7 +1714,7 @@ spec: type: string type: object gitlab: - description: Gitlab configures this store to sync secrets using Gitlab Variables provider + description: GitLab configures this store to sync secrets using GitLab Variables provider properties: auth: description: Auth configures how secret-manager authenticates with a GitLab instance. @@ -2126,6 +2154,19 @@ spec: roleId: description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. type: string + roleRef: + description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object secretRef: description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. properties: @@ -2141,7 +2182,6 @@ spec: type: object required: - path - - roleId - secretRef type: object cert: @@ -2174,6 +2214,94 @@ spec: type: string type: object type: object + iam: + description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + properties: + externalID: + description: AWS External ID set on assumed IAM roles + type: string + jwt: + description: Specify a service account with IRSA enabled + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + type: object + path: + description: 'Path where the AWS auth method is enabled in Vault, e.g: "aws"' + type: string + region: + description: AWS region + type: string + role: + description: This is the AWS role to be assumed before talking to vault + type: string + secretRef: + description: Specify credentials in a Secret object + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + vaultAwsIamServerID: + description: 'X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' + type: string + vaultRole: + description: Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine + type: string + required: + - vaultRole + type: object jwt: description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml index 39932a88c..5933773a5 100644 --- a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml @@ -6,8 +6,7 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -36,6 +35,9 @@ spec: type: object spec: properties: + controller: + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters VDS based on this property' + type: string method: description: Vault API method to use (GET/POST/other) type: string @@ -61,6 +63,19 @@ spec: roleId: description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. type: string + roleRef: + description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object secretRef: description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. properties: @@ -76,7 +91,6 @@ spec: type: object required: - path - - roleId - secretRef type: object cert: @@ -109,6 +123,94 @@ spec: type: string type: object type: object + iam: + description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + properties: + externalID: + description: AWS External ID set on assumed IAM roles + type: string + jwt: + description: Specify a service account with IRSA enabled + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + type: object + path: + description: 'Path where the AWS auth method is enabled in Vault, e.g: "aws"' + type: string + region: + description: AWS region + type: string + role: + description: This is the AWS role to be assumed before talking to vault + type: string + secretRef: + description: Specify credentials in a Secret object + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + vaultAwsIamServerID: + description: 'X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' + type: string + vaultRole: + description: Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine + type: string + required: + - vaultRole + type: object jwt: description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method properties: @@ -304,6 +406,10 @@ spec: - auth - server type: object + resultType: + default: Data + description: Result type defines which data is returned from the generator. By default it is the "data" section of the Vault API response. When using e.g. /auth/token/create the "data" section is empty but the "auth" section contains the generated token. Please refer to the vault docs regarding the result data structure. + type: string required: - path - provider diff --git a/charts/external-secrets/external-secrets/templates/deployment.yaml b/charts/external-secrets/external-secrets/templates/deployment.yaml index 4760683dc..6db2fc403 100644 --- a/charts/external-secrets/external-secrets/templates/deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/deployment.yaml @@ -38,6 +38,7 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + hostNetwork: {{ .Values.hostNetwork }} containers: - name: {{ .Chart.Name }} {{- with .Values.securityContext }} @@ -68,6 +69,9 @@ spec: {{- if .Values.controllerClass }} - --controller-class={{ .Values.controllerClass }} {{- end }} + {{- if .Values.extendedMetricLabels }} + - --enable-extended-metric-labels={{ .Values.extendedMetricLabels }} + {{- end }} {{- if .Values.concurrent }} - --concurrent={{ .Values.concurrent }} {{- end }} diff --git a/charts/external-secrets/external-secrets/templates/rbac.yaml b/charts/external-secrets/external-secrets/templates/rbac.yaml index abb795a44..da5d648ca 100644 --- a/charts/external-secrets/external-secrets/templates/rbac.yaml +++ b/charts/external-secrets/external-secrets/templates/rbac.yaml @@ -138,6 +138,19 @@ rules: - "get" - "watch" - "list" + - apiGroups: + - "generators.external-secrets.io" + resources: + - "acraccesstokens" + - "ecrauthorizationtokens" + - "fakes" + - "gcraccesstokens" + - "passwords" + - "vaultdynamicsecrets" + verbs: + - "get" + - "watch" + - "list" --- apiVersion: rbac.authorization.k8s.io/v1 {{- if and .Values.scopedNamespace .Values.scopedRBAC }} @@ -168,6 +181,21 @@ rules: - "deletecollection" - "patch" - "update" + - apiGroups: + - "generators.external-secrets.io" + resources: + - "acraccesstokens" + - "ecrauthorizationtokens" + - "fakes" + - "gcraccesstokens" + - "passwords" + - "vaultdynamicsecrets" + verbs: + - "create" + - "delete" + - "deletecollection" + - "patch" + - "update" --- apiVersion: rbac.authorization.k8s.io/v1 {{- if and .Values.scopedNamespace .Values.scopedRBAC }} @@ -244,4 +272,23 @@ subjects: - kind: ServiceAccount name: {{ include "external-secrets.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} +{{- if .Values.rbac.servicebindings.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "external-secrets.fullname" . }}-servicebindings + labels: + servicebinding.io/controller: "true" + {{- include "external-secrets.labels" . | nindent 4 }} +rules: + - apiGroups: + - "external-secrets.io" + resources: + - "externalsecrets" + verbs: + - "get" + - "list" + - "watch" +{{- end }} {{- end }} diff --git a/charts/external-secrets/external-secrets/templates/servicemonitor.yaml b/charts/external-secrets/external-secrets/templates/servicemonitor.yaml index 69cbd5c88..241ae4715 100644 --- a/charts/external-secrets/external-secrets/templates/servicemonitor.yaml +++ b/charts/external-secrets/external-secrets/templates/servicemonitor.yaml @@ -24,7 +24,7 @@ metadata: {{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }} {{- end }} name: {{ include "external-secrets.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace | quote }} spec: selector: matchLabels: @@ -72,7 +72,7 @@ metadata: {{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }} {{- end }} name: {{ include "external-secrets.fullname" . }}-webhook-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace | quote }} spec: selector: matchLabels: @@ -121,7 +121,7 @@ metadata: {{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }} {{- end }} name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace | quote }} spec: selector: matchLabels: diff --git a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml index 853013db5..1b9e66bfe 100644 --- a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml @@ -112,6 +112,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.webhook.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.webhook.priorityClassName }} priorityClassName: {{ .Values.webhook.priorityClassName }} {{- end }} diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap new file mode 100644 index 000000000..19354ea31 --- /dev/null +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -0,0 +1,60 @@ +should match snapshot of default values: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: external-secrets-cert-controller + app.kubernetes.io/version: v0.8.2 + helm.sh/chart: external-secrets-0.8.2 + name: RELEASE-NAME-external-secrets-cert-controller + namespace: NAMESPACE + spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: external-secrets-cert-controller + template: + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: external-secrets-cert-controller + spec: + automountServiceAccountToken: true + containers: + - args: + - certcontroller + - --crd-requeue-interval=5m + - --service-name=RELEASE-NAME-external-secrets-webhook + - --service-namespace=NAMESPACE + - --secret-name=RELEASE-NAME-external-secrets-webhook + - --secret-namespace=NAMESPACE + image: ghcr.io/external-secrets/external-secrets:v0.8.2 + imagePullPolicy: IfNotPresent + name: cert-controller + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 20 + periodSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + hostNetwork: false + serviceAccountName: external-secrets-cert-controller diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index e3ab59bda..916c964bd 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.8.1 - helm.sh/chart: external-secrets-0.8.1 + app.kubernetes.io/version: v0.8.2 + helm.sh/chart: external-secrets-0.8.2 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -28,11 +28,22 @@ should match snapshot of default values: containers: - args: - --concurrent=1 - image: ghcr.io/external-secrets/external-secrets:v0.8.1 + image: ghcr.io/external-secrets/external-secrets:v0.8.2 imagePullPolicy: IfNotPresent name: external-secrets ports: - containerPort: 8080 name: metrics protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + hostNetwork: false serviceAccountName: RELEASE-NAME-external-secrets diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 64664197f..53ca18a0d 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,8 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: secretstores.external-secrets.io spec: conversion: @@ -55,7 +54,7 @@ should match snapshot of default values: description: SecretStoreSpec defines the desired state of SecretStore. properties: controller: - description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property' + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' type: string provider: description: Used to configure the provider. Only one provider may be set @@ -194,6 +193,23 @@ should match snapshot of default values: auth: description: AlibabaAuth contains a secretRef for credentials. properties: + rrsa: + description: Authenticate against Alibaba using RRSA. + properties: + oidcProviderArn: + type: string + oidcTokenFilePath: + type: string + roleArn: + type: string + sessionName: + type: string + required: + - oidcProviderArn + - oidcTokenFilePath + - roleArn + - sessionName + type: object secretRef: description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. properties: @@ -227,11 +243,7 @@ should match snapshot of default values: - accessKeyIDSecretRef - accessKeySecretSecretRef type: object - required: - - secretRef type: object - endpoint: - type: string regionID: description: Alibaba Region to be used for the provider type: string @@ -464,7 +476,7 @@ should match snapshot of default values: type: string type: object gitlab: - description: Gitlab configures this store to sync secrets using Gitlab Variables provider + description: GitLab configures this store to sync secrets using GitLab Variables provider properties: auth: description: Auth configures how secret-manager authenticates with a GitLab instance. @@ -1204,7 +1216,7 @@ should match snapshot of default values: type: object type: array controller: - description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property' + description: 'Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property' type: string provider: description: Used to configure the provider. Only one provider may be set @@ -1343,6 +1355,23 @@ should match snapshot of default values: auth: description: AlibabaAuth contains a secretRef for credentials. properties: + rrsa: + description: Authenticate against Alibaba using RRSA. + properties: + oidcProviderArn: + type: string + oidcTokenFilePath: + type: string + roleArn: + type: string + sessionName: + type: string + required: + - oidcProviderArn + - oidcTokenFilePath + - roleArn + - sessionName + type: object secretRef: description: AlibabaAuthSecretRef holds secret references for Alibaba credentials. properties: @@ -1376,11 +1405,7 @@ should match snapshot of default values: - accessKeyIDSecretRef - accessKeySecretSecretRef type: object - required: - - secretRef type: object - endpoint: - type: string regionID: description: Alibaba Region to be used for the provider type: string @@ -1464,6 +1489,9 @@ should match snapshot of default values: type: object type: object type: object + externalID: + description: AWS External ID set on assumed IAM roles + type: string region: description: AWS Region to be used for the provider type: string @@ -1694,7 +1722,7 @@ should match snapshot of default values: type: string type: object gitlab: - description: Gitlab configures this store to sync secrets using Gitlab Variables provider + description: GitLab configures this store to sync secrets using GitLab Variables provider properties: auth: description: Auth configures how secret-manager authenticates with a GitLab instance. @@ -2134,6 +2162,19 @@ should match snapshot of default values: roleId: description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. type: string + roleRef: + description: Reference to a key in a Secret that contains the App Role ID used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role id. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object secretRef: description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. properties: @@ -2149,7 +2190,6 @@ should match snapshot of default values: type: object required: - path - - roleId - secretRef type: object cert: @@ -2182,6 +2222,94 @@ should match snapshot of default values: type: string type: object type: object + iam: + description: Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials AWS IAM authentication method + properties: + externalID: + description: AWS External ID set on assumed IAM roles + type: string + jwt: + description: Specify a service account with IRSA enabled + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + type: object + path: + description: 'Path where the AWS auth method is enabled in Vault, e.g: "aws"' + type: string + region: + description: AWS region + type: string + role: + description: This is the AWS role to be assumed before talking to vault + type: string + secretRef: + description: Specify credentials in a Secret object + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html' + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + type: object + vaultAwsIamServerID: + description: 'X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' + type: string + vaultRole: + description: Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine + type: string + required: + - vaultRole + type: object jwt: description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method properties: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap new file mode 100644 index 000000000..7a1c3fef7 --- /dev/null +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -0,0 +1,72 @@ +should match snapshot of default values: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: external-secrets-webhook + app.kubernetes.io/version: v0.8.2 + helm.sh/chart: external-secrets-0.8.2 + name: RELEASE-NAME-external-secrets-webhook + namespace: NAMESPACE + spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: external-secrets-webhook + template: + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: external-secrets-webhook + spec: + automountServiceAccountToken: true + containers: + - args: + - webhook + - --port=10250 + - --dns-name=RELEASE-NAME-external-secrets-webhook.NAMESPACE.svc + - --cert-dir=/tmp/certs + - --check-interval=5m + - --metrics-addr=:8080 + - --healthz-addr=:8081 + image: ghcr.io/external-secrets/external-secrets:v0.8.2 + imagePullPolicy: IfNotPresent + name: webhook + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + - containerPort: 10250 + name: webhook + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 20 + periodSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp/certs + name: certs + readOnly: true + hostNetwork: false + serviceAccountName: external-secrets-webhook + volumes: + - name: certs + secret: + secretName: RELEASE-NAME-external-secrets-webhook diff --git a/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml b/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml new file mode 100644 index 000000000..5d66e32df --- /dev/null +++ b/charts/external-secrets/external-secrets/tests/cert_controller_test.yaml @@ -0,0 +1,49 @@ +suite: test cert controller deployment +templates: + - cert-controller-deployment.yaml +tests: + - it: should match snapshot of default values + asserts: + - matchSnapshot: {} + - it: should set imagePullPolicy to Always + set: + certController.image.pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + - it: should imagePullPolicy to be default value IfNotPresent + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - it: should override securityContext + set: + certController.podSecurityContext: + runAsUser: 2000 + certController.securityContext: + runAsUser: 3000 + asserts: + - equal: + path: spec.template.spec.securityContext + value: + runAsUser: 2000 + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 3000 + seccompProfile: + type: RuntimeDefault + - it: should override hostNetwork + set: + certController.hostNetwork: true + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true diff --git a/charts/external-secrets/external-secrets/tests/controller_test.yaml b/charts/external-secrets/external-secrets/tests/controller_test.yaml index 1a61e75fb..727e71cf6 100644 --- a/charts/external-secrets/external-secrets/tests/controller_test.yaml +++ b/charts/external-secrets/external-secrets/tests/controller_test.yaml @@ -31,4 +31,19 @@ tests: - equal: path: spec.template.spec.containers[0].securityContext value: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true runAsUser: 3000 + seccompProfile: + type: RuntimeDefault + - it: should override hostNetwork + set: + hostNetwork: true + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true diff --git a/charts/external-secrets/external-secrets/tests/webhook_test.yaml b/charts/external-secrets/external-secrets/tests/webhook_test.yaml new file mode 100644 index 000000000..9c6eb695e --- /dev/null +++ b/charts/external-secrets/external-secrets/tests/webhook_test.yaml @@ -0,0 +1,49 @@ +suite: test webhook deployment +templates: + - webhook-deployment.yaml +tests: + - it: should match snapshot of default values + asserts: + - matchSnapshot: {} + - it: should set imagePullPolicy to Always + set: + webhook.image.pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + - it: should imagePullPolicy to be default value IfNotPresent + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - it: should override securityContext + set: + webhook.podSecurityContext: + runAsUser: 2000 + webhook.securityContext: + runAsUser: 3000 + asserts: + - equal: + path: spec.template.spec.securityContext + value: + runAsUser: 2000 + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 3000 + seccompProfile: + type: RuntimeDefault + - it: should override hostNetwork + set: + webhook.hostNetwork: true + asserts: + - equal: + path: spec.template.spec.hostNetwork + value: true diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml index 852b9b317..fa3cfc87f 100644 --- a/charts/external-secrets/external-secrets/values.yaml +++ b/charts/external-secrets/external-secrets/values.yaml @@ -38,6 +38,10 @@ leaderElect: false # Secret Stores with the appropriate controller values. controllerClass: "" +# -- If true external secrets will use recommended kubernetes +# annotations as prometheus metric labels. +extendedMetricLabels: false + # -- If set external secrets are only reconciled in the # provided namespace scopedNamespace: "" @@ -76,6 +80,10 @@ rbac: # -- Specifies whether role and rolebinding resources should be created. create: true + servicebindings: + # -- Specifies whether a clusterrole to give servicebindings read access should be created. + create: true + ## -- Extra environment variables to add to container. extraEnv: [] @@ -102,13 +110,16 @@ podLabels: {} podSecurityContext: {} # fsGroup: 2000 -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault resources: {} # requests: @@ -126,6 +137,9 @@ serviceMonitor: # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics enabled: false + # -- namespace where you want to install ServiceMonitors + namespace: "" + # -- Additional labels additionalLabels: {} @@ -184,6 +198,9 @@ podDisruptionBudget: minAvailable: 1 # maxUnavailable: 1 +# -- Run the controller on the host network +hostNetwork: false + webhook: # -- Specifies whether a webhook deployment be created. create: true @@ -230,6 +247,8 @@ webhook: tolerations: [] + topologySpreadConstraints: [] + affinity: {} # -- Pod priority class name. @@ -305,13 +324,16 @@ webhook: podSecurityContext: {} # fsGroup: 2000 - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault resources: {} # requests: @@ -353,8 +375,13 @@ certController: tolerations: [] + topologySpreadConstraints: [] + affinity: {} + # -- Run the certController on the host network + hostNetwork: false + # -- Pod priority class name. priorityClassName: "" @@ -419,13 +446,16 @@ certController: podSecurityContext: {} # fsGroup: 2000 - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault resources: {} # requests: diff --git a/charts/gitlab/gitlab/CHANGELOG.md b/charts/gitlab/gitlab/CHANGELOG.md index 842d607c3..91c4cc901 100644 --- a/charts/gitlab/gitlab/CHANGELOG.md +++ b/charts/gitlab/gitlab/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 6.11.5 (2023-05-19) + +No changes. + ## 6.11.4 (2023-05-16) ### Added (1 change) diff --git a/charts/gitlab/gitlab/Chart.yaml b/charts/gitlab/gitlab/Chart.yaml index b7b77a20c..4bb02b5b7 100644 --- a/charts/gitlab/gitlab/Chart.yaml +++ b/charts/gitlab/gitlab/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: GitLab catalog.cattle.io/release-name: gitlab apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: The One DevOps Platform home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png @@ -15,4 +15,4 @@ maintainers: name: gitlab sources: - https://gitlab.com/gitlab-org/charts/gitlab -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml index 0c00cac6e..3a5e51af7 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: GitLab Geo logcursor home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: geo-logcursor sources: - https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml index c3e9a23dd..4e9e4d478 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.11.4 +appVersion: 15.11.5 description: Git RPC service for handling all the git calls made by GitLab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitaly sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 5c20d98ed..7577ea884 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter - https://gitlab.com/gitlab-org/gitlab-exporter -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 48ac5aeb3..9fd2a97a9 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: Adapt the Grafana chart to interface to the GitLab App home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitlab-grafana sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml index a622a5a13..7afe87d0d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.11.4 +appVersion: 15.11.5 description: Daemon for serving static websites from GitLab projects home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages - https://gitlab.com/gitlab-org/gitlab-pages -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml index 10d4fceb0..0b648e0d9 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -14,4 +14,4 @@ name: gitlab-shell sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml index b7921d1a4..d9c5d387e 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml @@ -17,4 +17,4 @@ name: kas sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml index 3b7effff2..e40fb5e31 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: Handling incoming emails home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: mailroom sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml index f56c5e4ed..7be791aba 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: Database migrations and other versioning tasks for upgrading Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: migrations sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml index da4509568..192c4d76d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.11.4 +appVersion: 15.11.5 description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. home: https://about.gitlab.com/ @@ -16,4 +16,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly - https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml index d51ab78ee..6f2a3e40d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: Gitlab Sidekiq for asynchronous task processing in rails home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: sidekiq sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml index 4f84db7d5..495835994 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml @@ -355,13 +355,7 @@ spec: {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.duo.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} - {{- if $.Values.global.appConfig.microsoft_graph_mailer.enabled }} - - secret: - name: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.secret | required "Missing required secret containing the OAuth2 Client ID for outgoing email. Make sure to set `global.appConfig.microsoft_graph_mailer.client_secret.secret`" }} - items: - - key: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.key }} - path: microsoft_graph_mailer/client_secret - {{- end }} + {{- include "gitlab.appConfig.microsoftGraphMailer.mountSecrets" $ | nindent 10 }} {{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }} - secret: name: {{ $.Values.global.smtp.password.secret | required "Missing required secret containing the SMTP password. Make sure to set `global.smtp.password.secret`" }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml index a30a8124a..dd01a0c68 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml @@ -14,4 +14,4 @@ name: spamcheck sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck - https://gitlab.com/gitlab-org/spamcheck -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml index 22a96f300..89d6a87fb 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: For manually running rake tasks through kubectl home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: toolbox sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml index 6c2236200..2e35ea024 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml @@ -218,6 +218,7 @@ spec: {{- include "gitlab.appConfig.objectStorage.mountSecrets" (dict "name" "pages" "config" $.Values.global.pages.objectStore) | nindent 16 }} {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 16 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 16 }} + {{- include "gitlab.appConfig.microsoftGraphMailer.mountSecrets" $ | nindent 16 }} - name: toolbox-secrets emptyDir: medium: "Memory" diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml index 131c15add..24da57095 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml @@ -254,13 +254,7 @@ spec: {{- include "gitlab.appConfig.ldap.servers.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.duo.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.omniauth.mountSecrets" $ | nindent 10 }} - {{- if $.Values.global.appConfig.microsoft_graph_mailer.enabled }} - - secret: - name: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.secret | required "Missing required secret containing the OAuth2 Client ID for outgoing email. Make sure to set `global.appConfig.microsoft_graph_mailer.client_secret.secret`" }} - items: - - key: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.key }} - path: microsoft_graph_mailer/client_secret - {{- end }} + {{- include "gitlab.appConfig.microsoftGraphMailer.mountSecrets" $ | nindent 10 }} {{- if and $.Values.global.smtp.enabled $.Values.global.smtp.authentication }} - secret: name: {{ $.Values.global.smtp.password.secret | required "Missing required secret containing the SMTP password. Make sure to set `global.smtp.password.secret`" }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml index 08a34fcd9..3b3108e16 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v15.11.4 +appVersion: v15.11.5 description: HTTP server for Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ name: webservice sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice -version: 6.11.4 +version: 6.11.5 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml index b05816ea7..fbdae74ef 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -486,13 +486,7 @@ spec: - key: "tls.key" path: "webservice-metrics/webservice-metrics.key" {{- end }} - {{- if $.Values.global.appConfig.microsoft_graph_mailer.enabled }} - - secret: - name: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.secret | required "Missing required secret containing the OAuth2 Client ID for outgoing email. Make sure to set `global.appConfig.microsoft_graph_mailer.client_secret.secret`" }} - items: - - key: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.key }} - path: microsoft_graph_mailer/client_secret - {{- end }} + {{- include "gitlab.appConfig.microsoftGraphMailer.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.incomingEmail.mountSecrets" $ | nindent 10 }} {{- include "gitlab.appConfig.serviceDeskEmail.mountSecrets" $ | nindent 10 }} {{- include "gitlab.gitaly.clientSecrets" $ | nindent 10 }} diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_smtp.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_smtp.tpl index b6c91888e..ae53509bd 100644 --- a/charts/gitlab/gitlab/charts/gitlab/templates/_smtp.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_smtp.tpl @@ -81,3 +81,15 @@ email_smime: cert_file: /home/git/gitlab/.gitlab_smime_cert {{- end }} {{- end }} + +{{/* microsoftGraphMailer secrets */}} +{{- define "gitlab.appConfig.microsoftGraphMailer.mountSecrets" -}} +# mount secrets for microsoftGraphMailer +{{- if $.Values.global.appConfig.microsoft_graph_mailer.enabled }} +- secret: + name: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.secret | required "Missing required secret containing the OAuth2 Client ID for outgoing email. Make sure to set `global.appConfig.microsoft_graph_mailer.client_secret.secret`" }} + items: + - key: {{ $.Values.global.appConfig.microsoft_graph_mailer.client_secret.key }} + path: microsoft_graph_mailer/client_secret +{{- end }} +{{- end -}}{{/* "gitlab.appConfig.microsoftGraphMailer.mountSecrets" "*/}} diff --git a/charts/gitlab/gitlab/requirements.lock b/charts/gitlab/gitlab/requirements.lock index d65923f20..967f930ee 100644 --- a/charts/gitlab/gitlab/requirements.lock +++ b/charts/gitlab/gitlab/requirements.lock @@ -36,4 +36,4 @@ dependencies: repository: https://charts.gitlab.io/ version: 0.3.0 digest: sha256:67477d660a351df330393ce9ed84458eafbc419de2c454339ed7539bde9c45ca -generated: "2023-05-17T06:40:49.376876693Z" +generated: "2023-05-19T12:16:15.557348485Z" diff --git a/charts/gitlab/gitlab/values.yaml b/charts/gitlab/gitlab/values.yaml index fada73ac1..648d7ac94 100644 --- a/charts/gitlab/gitlab/values.yaml +++ b/charts/gitlab/gitlab/values.yaml @@ -40,7 +40,7 @@ global: edition: ee ## https://docs.gitlab.com/charts/charts/globals#gitlab-version - gitlabVersion: "15.11.4" + gitlabVersion: "15.11.5" ## https://docs.gitlab.com/charts/charts/globals#application-resource application: diff --git a/charts/kasten/k10/Chart.lock b/charts/kasten/k10/Chart.lock index 547820377..d2aceed1f 100644 --- a/charts/kasten/k10/Chart.lock +++ b/charts/kasten/k10/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: "" version: 15.8.5 digest: sha256:4399c78f4e445e4fbb26151707c9b481fece2002ac02ae20612d9f26e6b66643 -generated: "2023-05-08T13:15:02.108279459Z" +generated: "2023-05-21T12:59:55.505429939Z" diff --git a/charts/kasten/k10/Chart.yaml b/charts/kasten/k10/Chart.yaml index 0f9a61fbb..db5ae3b0f 100644 --- a/charts/kasten/k10/Chart.yaml +++ b/charts/kasten/k10/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 5.5.10 +appVersion: 5.5.11 dependencies: - name: grafana repository: file://./charts/grafana @@ -20,4 +20,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 5.5.1001 +version: 5.5.1101 diff --git a/charts/kasten/k10/charts/grafana/values.yaml b/charts/kasten/k10/charts/grafana/values.yaml index 2a8842d1c..00a3692dc 100644 --- a/charts/kasten/k10/charts/grafana/values.yaml +++ b/charts/kasten/k10/charts/grafana/values.yaml @@ -580,23 +580,451 @@ dashboards: ] }, "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 1, - "iteration": 1645712665620, + "id": 12, "links": [], + "liveNow": false, "panels": [ { "collapsed": false, - "datasource": null, + "datasource": "Prometheus", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, + "id": 53, + "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], + "title": "K10 System Resource Usage", + "type": "row" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 55, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total[5m]))", + "legendFormat": "Total CPU seconds", + "range": true, + "refId": "A" + } + ], + "title": "K10 CPU total seconds ", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 57, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(process_virtual_memory_bytes)", + "hide": false, + "legendFormat": "Total memory consumption", + "range": true, + "refId": "C" + } + ], + "title": "K10 total memory consumption", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 81, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "rate(process_cpu_seconds_total{job=\"httpServiceDiscovery\"}[5m])", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total{job=\"k10-pods\"}[5m]))", + "hide": false, + "legendFormat": "executor", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total{job=\"pushAggregator\"}[5m]))", + "hide": false, + "legendFormat": "ephemeral pods", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(rate(process_cpu_seconds_total{job=\"prometheus\"}[5m]))", + "hide": false, + "legendFormat": "prometheus", + "range": true, + "refId": "D" + } + ], + "title": "CPU total seconds per service", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 82, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "process_virtual_memory_bytes{job=\"pushAggregator\"}", + "hide": false, + "legendFormat": "ephemeral pods", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "process_virtual_memory_bytes{job=\"httpServiceDiscovery\"}", + "hide": false, + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(process_virtual_memory_bytes{job=\"k10-pods\"})", + "hide": false, + "legendFormat": "executor", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "builder", + "expr": "sum(process_virtual_memory_bytes{job=\"prometheus\"})", + "hide": false, + "legendFormat": "executor", + "range": true, + "refId": "D" + } + ], + "title": "Memory consumption by service", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": "Prometheus", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, "id": 18, "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], "title": "Applications", "type": "row" }, @@ -629,7 +1057,7 @@ dashboards: "h": 7, "w": 5, "x": 0, - "y": 1 + "y": 18 }, "id": 24, "interval": "1m", @@ -648,9 +1076,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_backup_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "hide": false, @@ -659,7 +1088,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Backups Completed", "type": "stat" }, @@ -702,7 +1130,7 @@ dashboards: "h": 7, "w": 3, "x": 5, - "y": 1 + "y": 18 }, "id": 33, "interval": "1m", @@ -721,9 +1149,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_backup_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", "hide": false, @@ -732,7 +1161,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Backups Failed", "type": "stat" }, @@ -775,7 +1203,7 @@ dashboards: "h": 7, "w": 3, "x": 8, - "y": 1 + "y": 18 }, "id": 34, "interval": "1m", @@ -794,9 +1222,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_backup_skipped_overall{cluster=\"$cluster\"}[$__range])))", "hide": false, @@ -805,7 +1234,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Backups Skipped", "type": "stat" }, @@ -848,7 +1276,7 @@ dashboards: "h": 7, "w": 5, "x": 13, - "y": 1 + "y": 18 }, "id": 35, "interval": "1m", @@ -867,9 +1295,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_restore_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "hide": false, @@ -878,7 +1307,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Restores Completed", "type": "stat" }, @@ -921,7 +1349,7 @@ dashboards: "h": 7, "w": 3, "x": 18, - "y": 1 + "y": 18 }, "id": 36, "interval": "1m", @@ -940,9 +1368,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_restore_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", "hide": false, @@ -951,7 +1380,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Restores Failed", "type": "stat" }, @@ -994,7 +1422,7 @@ dashboards: "h": 7, "w": 3, "x": 21, - "y": 1 + "y": 18 }, "id": 23, "interval": "1m", @@ -1013,9 +1441,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_restore_skipped_overall{cluster=\"$cluster\"}[$__range])))", "hide": false, @@ -1024,21 +1453,26 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Restores Skipped", "type": "stat" }, { "collapsed": false, - "datasource": null, + "datasource": "Prometheus", "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 8 + "y": 25 }, "id": 16, "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], "title": "Cluster", "type": "row" }, @@ -1071,7 +1505,7 @@ dashboards: "h": 7, "w": 5, "x": 0, - "y": 9 + "y": 26 }, "id": 10, "interval": "1m", @@ -1090,9 +1524,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_backup_cluster_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "hide": false, @@ -1101,7 +1536,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Cluster Backups Completed", "type": "stat" }, @@ -1144,7 +1578,7 @@ dashboards: "h": 7, "w": 3, "x": 5, - "y": 9 + "y": 26 }, "id": 19, "interval": "1m", @@ -1163,9 +1597,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_backup_cluster_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", "hide": false, @@ -1174,7 +1609,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Cluster Backups Failed", "type": "stat" }, @@ -1217,7 +1651,7 @@ dashboards: "h": 7, "w": 3, "x": 8, - "y": 9 + "y": 26 }, "id": 28, "interval": "1m", @@ -1236,9 +1670,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_backup_cluster_skipped_overall{cluster=\"$cluster\"}[$__range])))", "hide": false, @@ -1247,7 +1682,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Cluster Backups Skipped", "type": "stat" }, @@ -1290,7 +1724,7 @@ dashboards: "h": 7, "w": 5, "x": 13, - "y": 9 + "y": 26 }, "id": 21, "interval": "1m", @@ -1309,9 +1743,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_restore_cluster_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "hide": false, @@ -1320,7 +1755,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Cluster Restores Completed", "type": "stat" }, @@ -1363,7 +1797,7 @@ dashboards: "h": 7, "w": 3, "x": 18, - "y": 9 + "y": 26 }, "id": 22, "interval": "1m", @@ -1382,9 +1816,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_restore_cluster_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", "hide": false, @@ -1393,7 +1828,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Cluster Restores Failed", "type": "stat" }, @@ -1436,7 +1870,7 @@ dashboards: "h": 7, "w": 3, "x": 21, - "y": 9 + "y": 26 }, "id": 25, "interval": "1m", @@ -1455,9 +1889,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_restore_cluster_skipped_overall{cluster=\"$cluster\"}[$__range])))", "hide": false, @@ -1466,21 +1901,26 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Cluster Restores Skipped", "type": "stat" }, { "collapsed": false, - "datasource": null, + "datasource": "Prometheus", "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 16 + "y": 33 }, "id": 31, "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], "title": "Backup Exports", "type": "row" }, @@ -1513,7 +1953,7 @@ dashboards: "h": 6, "w": 5, "x": 0, - "y": 17 + "y": 34 }, "id": 38, "interval": "1m", @@ -1532,9 +1972,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_export_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "hide": false, @@ -1543,7 +1984,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Exports Completed", "type": "stat" }, @@ -1586,7 +2026,7 @@ dashboards: "h": 6, "w": 3, "x": 5, - "y": 17 + "y": 34 }, "id": 29, "interval": "1m", @@ -1605,9 +2045,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_export_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", "hide": false, @@ -1616,7 +2057,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Exports Failed", "type": "stat" }, @@ -1659,7 +2099,7 @@ dashboards: "h": 6, "w": 3, "x": 8, - "y": 17 + "y": 34 }, "id": 20, "interval": "1m", @@ -1678,9 +2118,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_export_skipped_overall{cluster=\"$cluster\"}[$__range])))", "hide": false, @@ -1689,7 +2130,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Exports Skipped", "type": "stat" }, @@ -1722,7 +2162,7 @@ dashboards: "h": 6, "w": 5, "x": 13, - "y": 17 + "y": 34 }, "id": 27, "interval": "1m", @@ -1741,9 +2181,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_import_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "hide": false, @@ -1752,7 +2193,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Imports Completed", "type": "stat" }, @@ -1795,7 +2235,7 @@ dashboards: "h": 6, "w": 3, "x": 18, - "y": 17 + "y": 34 }, "id": 39, "interval": "1m", @@ -1814,9 +2254,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_import_ended_overall{cluster=\"$cluster\", state=~\"failed|cancelled\"}[$__range])))", "hide": false, @@ -1825,7 +2266,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Imports Failed", "type": "stat" }, @@ -1868,7 +2308,7 @@ dashboards: "h": 6, "w": 3, "x": 21, - "y": 17 + "y": 34 }, "id": 37, "interval": "1m", @@ -1887,9 +2327,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_import_skipped_overall{cluster=\"$cluster\"}[$__range])))", "hide": false, @@ -1898,21 +2339,26 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Imports Skipped", "type": "stat" }, { "collapsed": false, - "datasource": null, + "datasource": "Prometheus", "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 23 + "y": 40 }, "id": 14, "panels": [], + "targets": [ + { + "datasource": "Prometheus", + "refId": "A" + } + ], "title": "System", "type": "row" }, @@ -1956,7 +2402,7 @@ dashboards: "h": 6, "w": 3, "x": 0, - "y": 24 + "y": 41 }, "id": 12, "interval": "1m", @@ -1975,9 +2421,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_run_ended_overall{cluster=\"$cluster\", state=\"succeeded\"}[$__range])))", "format": "time_series", @@ -1987,7 +2434,6 @@ dashboards: "refId": "A" } ], - "timeFrom": null, "title": "Policy Runs", "type": "stat" }, @@ -2032,7 +2478,7 @@ dashboards: "h": 6, "w": 3, "x": 3, - "y": 24 + "y": 41 }, "id": 40, "interval": "1m", @@ -2051,9 +2497,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "sum(round(increase(action_run_skipped_overall{cluster=\"$cluster\"}[$__range])))", "format": "time_series", @@ -2063,7 +2510,6 @@ dashboards: "refId": "A" } ], - "timeFrom": null, "title": "Policy Runs Skipped", "type": "stat" }, @@ -2094,7 +2540,7 @@ dashboards: "h": 6, "w": 3, "x": 6, - "y": 24 + "y": 41 }, "id": 6, "options": { @@ -2112,9 +2558,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "catalog_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", "interval": "", @@ -2167,10 +2614,11 @@ dashboards: "h": 6, "w": 3, "x": 9, - "y": 24 + "y": 41 }, "id": 2, "options": { + "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" @@ -2182,9 +2630,10 @@ dashboards: "showThresholdMarkers": true, "text": {} }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "100-catalog_persistent_volume_free_space_percent{cluster=\"$cluster\"}", "interval": "", @@ -2223,7 +2672,7 @@ dashboards: "h": 6, "w": 3, "x": 12, - "y": 24 + "y": 41 }, "id": 8, "options": { @@ -2241,9 +2690,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "jobs_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", "interval": "", @@ -2296,10 +2746,11 @@ dashboards: "h": 6, "w": 3, "x": 15, - "y": 24 + "y": 41 }, "id": 4, "options": { + "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" @@ -2311,9 +2762,10 @@ dashboards: "showThresholdMarkers": true, "text": {} }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "100-jobs_persistent_volume_free_space_percent{cluster=\"$cluster\"}", "interval": "", @@ -2352,7 +2804,7 @@ dashboards: "h": 6, "w": 3, "x": 18, - "y": 24 + "y": 41 }, "id": 7, "options": { @@ -2370,9 +2822,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "logging_persistent_volume_disk_space_used_bytes{cluster=\"$cluster\"}", "interval": "", @@ -2425,10 +2878,11 @@ dashboards: "h": 6, "w": 3, "x": 21, - "y": 24 + "y": 41 }, "id": 3, "options": { + "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" @@ -2440,9 +2894,10 @@ dashboards: "showThresholdMarkers": true, "text": {} }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "100-logging_persistent_volume_free_space_percent{cluster=\"$cluster\"}", "interval": "", @@ -2483,7 +2938,7 @@ dashboards: "h": 6, "w": 3, "x": 0, - "y": 30 + "y": 47 }, "id": 41, "interval": "1m", @@ -2502,9 +2957,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "compliance_count{state=\"Compliant\"}", "hide": false, @@ -2513,7 +2969,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Compliant Applications", "type": "stat" }, @@ -2546,7 +3001,7 @@ dashboards: "h": 6, "w": 3, "x": 3, - "y": 30 + "y": 47 }, "id": 42, "interval": "1m", @@ -2565,9 +3020,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "compliance_count{state=\"NotCompliant\"}", "hide": false, @@ -2576,7 +3032,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Non-Compliant Applications", "type": "stat" }, @@ -2609,7 +3064,7 @@ dashboards: "h": 6, "w": 3, "x": 6, - "y": 30 + "y": 47 }, "id": 43, "interval": "1m", @@ -2628,9 +3083,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": false, "expr": "compliance_count{state=\"Unmanaged\"}", "hide": false, @@ -2639,7 +3095,6 @@ dashboards: "refId": "B" } ], - "timeFrom": null, "title": "Unmanaged Applications", "type": "stat" }, @@ -2670,7 +3125,7 @@ dashboards: "h": 6, "w": 3, "x": 12, - "y": 30 + "y": 47 }, "id": 44, "options": { @@ -2688,9 +3143,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "snapshot_storage_size_bytes{cluster=\"$cluster\", type=\"physical\"}", "interval": "", @@ -2729,7 +3185,7 @@ dashboards: "h": 6, "w": 3, "x": 15, - "y": 30 + "y": 47 }, "id": 45, "options": { @@ -2747,9 +3203,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "snapshot_storage_size_bytes{cluster=\"$cluster\", type=\"logical\"}", "interval": "", @@ -2788,7 +3245,7 @@ dashboards: "h": 6, "w": 3, "x": 18, - "y": 30 + "y": 47 }, "id": 46, "options": { @@ -2806,9 +3263,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "export_storage_size_bytes{cluster=\"$cluster\", type=\"physical\"}", "interval": "", @@ -2847,7 +3305,7 @@ dashboards: "h": 6, "w": 3, "x": 21, - "y": 30 + "y": 47 }, "id": 47, "options": { @@ -2865,9 +3323,10 @@ dashboards: "text": {}, "textMode": "auto" }, - "pluginVersion": "8.1.8", + "pluginVersion": "9.1.5", "targets": [ { + "datasource": "Prometheus", "exemplar": true, "expr": "export_storage_size_bytes{cluster=\"$cluster\", type=\"logical\"}", "interval": "", @@ -2886,1751 +3345,1751 @@ dashboards: "h": 1, "w": 24, "x": 0, - "y": 36 + "y": 53 }, "id": 49, "panels": [ - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic" + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" + { + "color": "red", + "value": 80 } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Worker Count" }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Worker Count" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 37 - }, - "id": 57, - "interval": "5s", - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" + } + ] } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(exec_executor_worker_count)", - "legendFormat": "Worker Count", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(exec_active_job_count) OR on() vector(0)", - "hide": false, - "legendFormat": "Worker Load", - "range": true, - "refId": "B" - } - ], - "title": "Executor Worker Load", - "type": "timeseries" + ] }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 37 - }, - "id": 68, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_backup_duration_seconds_sum_overall[5m])) / sum(rate(action_backup_ended_overall[5m]))", - "hide": false, - "legendFormat": "Backup", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_backup_cluster_duration_seconds_overall_sum[5m])) / sum(rate(action_backup_cluster_ended_overall[5m]))", - "hide": false, - "legendFormat": "Backup Cluster", - "range": true, - "refId": "B" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_export_duration_seconds_sum_overall[5m])) / sum(rate(action_export_ended_overall[5m]))", - "hide": false, - "legendFormat": "Export", - "range": true, - "refId": "C" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_import_duration_seconds_sum_overall[5m])) / sum(rate(action_import_ended_overall[5m]))", - "hide": false, - "legendFormat": "Import", - "range": true, - "refId": "D" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_report_duration_seconds_sum_overall[5m])) / sum(rate(action_report_ended_overall[5m]))", - "hide": false, - "legendFormat": "Report", - "range": true, - "refId": "E" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_retire_duration_seconds_sum_overall[5m])) / sum(rate(action_retire_ended_overall[5m]))", - "hide": false, - "legendFormat": "Retire", - "range": true, - "refId": "F" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_restore_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_ended_overall[5m]))", - "hide": false, - "legendFormat": "Restore", - "range": true, - "refId": "G" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(action_restore_cluster_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_cluster_ended_overall[5m]))", - "hide": false, - "legendFormat": "Restore Cluster", - "range": true, - "refId": "H" - } - ], - "title": "Average Action Duration", - "type": "timeseries" + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 54 }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] + "id": 57, + "interval": "5s", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 44 - }, - "id": 74, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_backup_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Backups", - "transformations": [], - "type": "timeseries" + "tooltip": { + "mode": "single", + "sort": "none" + } }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(exec_executor_worker_count)", + "legendFormat": "Worker Count", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(exec_active_job_count) OR on() vector(0)", + "hide": false, + "legendFormat": "Worker Load", + "range": true, + "refId": "B" + } + ], + "title": "Executor Worker Load", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 44 - }, - "id": 69, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_backup_cluster_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Cluster Backups", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 44 - }, - "id": 75, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_export_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Exports", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 44 - }, - "id": 76, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_import_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Imports", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 0, - "y": 51 - }, - "id": 77, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_report_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Reports", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 6, - "y": 51 - }, - "id": 79, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_retire_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Retires", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 51 - }, - "id": 80, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_restore_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Restores", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "axisSoftMax": 0, - "axisSoftMin": 0, - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "succeeded" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "failed" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "cancelled" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "skipped" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "semi-dark-blue", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 51 - }, - "id": 78, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(round(increase(action_restore_cluster_ended_overall[1m:10s]))) by (state)", - "hide": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Finished Cluster Restores", - "transformations": [], - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 58 - }, - "id": 63, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(limiter_request_seconds_sum{stage=\"hold\"}[5m])) by (operation) / sum(rate(limiter_request_seconds_count{stage=\"hold\"}[5m])) by (operation) ", - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Rate Limiter - avg operation duration", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] + "thresholdsStyle": { + "mode": "off" } }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Limit" + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 54 + }, + "id": 68, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_backup_duration_seconds_sum_overall[5m])) / sum(rate(action_backup_ended_overall[5m]))", + "hide": false, + "legendFormat": "Backup", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_backup_cluster_duration_seconds_overall_sum[5m])) / sum(rate(action_backup_cluster_ended_overall[5m]))", + "hide": false, + "legendFormat": "Backup Cluster", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_export_duration_seconds_sum_overall[5m])) / sum(rate(action_export_ended_overall[5m]))", + "hide": false, + "legendFormat": "Export", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_import_duration_seconds_sum_overall[5m])) / sum(rate(action_import_ended_overall[5m]))", + "hide": false, + "legendFormat": "Import", + "range": true, + "refId": "D" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_report_duration_seconds_sum_overall[5m])) / sum(rate(action_report_ended_overall[5m]))", + "hide": false, + "legendFormat": "Report", + "range": true, + "refId": "E" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_retire_duration_seconds_sum_overall[5m])) / sum(rate(action_retire_ended_overall[5m]))", + "hide": false, + "legendFormat": "Retire", + "range": true, + "refId": "F" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_restore_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_ended_overall[5m]))", + "hide": false, + "legendFormat": "Restore", + "range": true, + "refId": "G" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_restore_cluster_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_cluster_ended_overall[5m]))", + "hide": false, + "legendFormat": "Restore Cluster", + "range": true, + "refId": "H" + } + ], + "title": "Average Action Duration", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false }, - { - "matcher": { - "id": "byName", - "options": "inflight" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" }, - { - "matcher": { - "id": "byName", - "options": "pending" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" } - ] - }, - "gridPos": { - "h": 7, - "w": 4.8, - "x": 0, - "y": 65 - }, - "id": 51, - "maxPerRow": 6, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true }, - "tooltip": { - "mode": "single", - "sort": "none" + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 61 + }, + "id": 74, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_backup_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Backups", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 61 + }, + "id": 69, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_backup_cluster_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Cluster Backups", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 61 + }, + "id": 75, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_export_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Exports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 61 + }, + "id": 76, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_import_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Imports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 68 + }, + "id": 77, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_report_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Reports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 68 + }, + "id": 79, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_retire_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Retires", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 68 + }, + "id": 80, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_restore_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Restores", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 68 + }, + "id": 78, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_restore_cluster_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Cluster Restores", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 75 + }, + "id": 63, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(limiter_request_seconds_sum{stage=\"hold\"}[5m])) by (operation) / sum(rate(limiter_request_seconds_count{stage=\"hold\"}[5m])) by (operation) ", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Rate Limiter - avg operation duration", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] } }, - "repeat": "operation", - "repeatDirection": "h", - "targets": [ + "overrides": [ { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_inflight_count{operation=\"$operation\"}", - "legendFormat": "Inflight", - "range": true, - "refId": "A" + "matcher": { + "id": "byName", + "options": "Limit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] }, { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_pending_count{operation=\"$operation\"}", - "hide": false, - "legendFormat": "Pending", - "range": true, - "refId": "B" + "matcher": { + "id": "byName", + "options": "inflight" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] }, { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_inflight_limit_value{operation=\"$operation\"}", - "hide": false, - "legendFormat": "Limit", - "range": true, - "refId": "C" + "matcher": { + "id": "byName", + "options": "pending" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] } - ], - "title": "Rate Limiter - $operation", - "type": "timeseries" - } + ] + }, + "gridPos": { + "h": 7, + "w": 4.8, + "x": 0, + "y": 82 + }, + "id": 51, + "maxPerRow": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "repeat": "operation", + "repeatDirection": "h", + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_inflight_count{operation=\"$operation\"}", + "legendFormat": "Inflight", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_pending_count{operation=\"$operation\"}", + "hide": false, + "legendFormat": "Pending", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_inflight_limit_value{operation=\"$operation\"}", + "hide": false, + "legendFormat": "Limit", + "range": true, + "refId": "C" + } + ], + "title": "Rate Limiter - $operation", + "type": "timeseries" + } ], "targets": [ { @@ -4642,14 +5101,12 @@ dashboards: "type": "row" } ], - "schemaVersion": 31, + "schemaVersion": 37, "style": "dark", "tags": [], "templating": { "list": [ { - "description": null, - "error": null, "hide": 2, "label": "Cluster", "name": "cluster", diff --git a/charts/kasten/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl index 02d6ea9e1..cee8f8f65 100644 --- a/charts/kasten/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -31,9 +31,9 @@ vbrintegrationapi: {{- end -}} {{- define "k10.colocatedServiceLookup" -}} crypto: -- garbagecollector - bloblifecyclemanager - events +- garbagecollector dashboardbff: - vbrintegrationapi state: diff --git a/charts/kasten/k10/templates/_k10_container.tpl b/charts/kasten/k10/templates/_k10_container.tpl index 71abfaf8e..e580c1552 100644 --- a/charts/kasten/k10/templates/_k10_container.tpl +++ b/charts/kasten/k10/templates/_k10_container.tpl @@ -448,6 +448,11 @@ stating that types are not same for the equality check configMapKeyRef: name: k10-config key: KanisterEFSPostRestoreTimeout + - name: K10_JOB_MAX_WAIT_DURATION + valueFrom: + configMapKeyRef: + name: k10-config + key: k10JobMaxWaitDuration {{- end }} {{- if and (eq $service "executor") (.Values.awsConfig.efsBackupVaultName) }} - name: EFS_BACKUP_VAULT_NAME @@ -499,6 +504,12 @@ stating that types are not same for the equality check configMapKeyRef: name: k10-config key: kanisterFunctionVersion +{{- if and (eq $service "controllermanager") (.Values.global.airgapped.repository) }} + - name: K10_AIRGAPPED_INSTALL + value: "true" + - name: K10_IMAGE_PULL_SECRET + value: {{ .Values.global.imagePullSecret }} +{{- end }} {{- if and (eq $service "controllermanager") (.Values.injectKanisterSidecar.enabled) }} - name: K10_MUTATING_WEBHOOK_ENABLED value: "true" diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index 3e0a81c00..ef8e47d49 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}5.5.10{{- end -}} \ No newline at end of file +{{- define "k10.imageTag" -}}5.5.11{{- end -}} \ No newline at end of file diff --git a/charts/kasten/k10/templates/_k10_metering.tpl b/charts/kasten/k10/templates/_k10_metering.tpl index 58546a851..3e4a90e1a 100644 --- a/charts/kasten/k10/templates/_k10_metering.tpl +++ b/charts/kasten/k10/templates/_k10_metering.tpl @@ -252,7 +252,23 @@ spec: value: {{ .Values.global.prometheus.external.baseURL }} {{- end -}} {{- end }} - +{{- if .Values.kanisterPodMetricSidecar.enabled }} + - name: K10_KANISTER_POD_METRICS_ENABLED + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarEnabled + - name: K10_PROMETHEUS_PUSHGATEWAY_METRIC_LIFETIME + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarMetricLifetime + - name: PUSHGATEWAY_METRICS_INTERVAL + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodPushgatewayMetricsInterval +{{- end }} {{- if .Values.reportingSecret }} - name: AGENT_CONSUMER_ID valueFrom: diff --git a/charts/kasten/k10/templates/k10-config.yaml b/charts/kasten/k10/templates/k10-config.yaml index 92fd8bfc8..04dbb7276 100644 --- a/charts/kasten/k10/templates/k10-config.yaml +++ b/charts/kasten/k10/templates/k10-config.yaml @@ -53,6 +53,8 @@ data: kubeVirtVMsUnFreezeTimeout: {{ default (include "k10.defaultKubeVirtVMsUnfreezeTimeout" .) .Values.kubeVirtVMs.snapshot.unfreezeTimeout | quote }} + k10JobMaxWaitDuration: {{ .Values.maxJobWaitDuration | quote }} + {{- if .Values.awsConfig.efsBackupVaultName }} efsBackupVaultName: {{ quote .Values.awsConfig.efsBackupVaultName }} {{- end }} diff --git a/charts/kasten/k10/templates/k10-scc.yaml b/charts/kasten/k10/templates/k10-scc.yaml new file mode 100644 index 000000000..91cdb6465 --- /dev/null +++ b/charts/kasten/k10/templates/k10-scc.yaml @@ -0,0 +1,46 @@ +{{- if .Values.scc.create }} +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: {{ .Release.Name }}-scc + labels: +{{ include "helm.labels" . | indent 4 }} +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +allowedCapabilities: + - CHOWN + - FOWNER + - DAC_OVERRIDE +defaultAddCapabilities: null +fsGroup: + type: RunAsAny +groups: + - system:authenticated +priority: 0 +readOnlyRootFilesystem: false +requiredDropCapabilities: + - KILL + - MKNOD + - SETUID + - SETGID +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{.Release.Namespace}}:{{ template "serviceAccountName" . }} +volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +{{- end }} diff --git a/charts/kasten/k10/templates/networkpolicy.yaml b/charts/kasten/k10/templates/networkpolicy.yaml index f088431a7..f775255b0 100644 --- a/charts/kasten/k10/templates/networkpolicy.yaml +++ b/charts/kasten/k10/templates/networkpolicy.yaml @@ -160,6 +160,29 @@ spec: - protocol: TCP port: {{ $admin_port }} {{- end -}} +{{- if .Values.kanisterPodMetricSidecar.enabled }} +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-metrics-kanister-pods + namespace: {{ .Release.Namespace }} + labels: +{{ include "helm.labels" . | indent 4 }} +spec: + podSelector: + matchLabels: + release: {{ .Release.Name }} + run: metering-svc + ingress: + - from: + - podSelector: + matchLabels: + createdBy: kanister + ports: + - protocol: TCP + port: {{ .Values.service.externalPort }} +{{- end -}} {{- if .Values.injectKanisterSidecar.enabled }} --- kind: NetworkPolicy diff --git a/charts/kasten/k10/templates/prometheus-configmap.yaml b/charts/kasten/k10/templates/prometheus-configmap.yaml index ef6997de3..9010e5303 100644 --- a/charts/kasten/k10/templates/prometheus-configmap.yaml +++ b/charts/kasten/k10/templates/prometheus-configmap.yaml @@ -21,10 +21,11 @@ data: - url: {{ printf "http://metering-svc.%s.svc.%s:8000/v0/listScrapeTargets" .Release.Namespace .Values.cluster.domainName }} {{- if .Values.kanisterPodMetricSidecar.enabled }} - job_name: pushAggregator - honor_labels: true honor_timestamps: true - http_sd_configs: - - url: {{ printf "http://metering-svc.%s.svc.%s:8000/v0/push-metric-agg/metrics" .Release.Namespace .Values.cluster.domainName }} + metrics_path: /v0/push-metric-agg/metrics + static_configs: + - targets: + - {{ printf "metering-svc.%s.svc.%s:8000" .Release.Namespace .Values.cluster.domainName }} {{- end -}} {{- if .Values.prometheus.scrapeCAdvisor }} - job_name: 'kubernetes-cadvisor' diff --git a/charts/kasten/k10/templates/scc.yaml b/charts/kasten/k10/templates/prometheus-scc.yaml similarity index 100% rename from charts/kasten/k10/templates/scc.yaml rename to charts/kasten/k10/templates/prometheus-scc.yaml diff --git a/charts/kasten/k10/values.schema.json b/charts/kasten/k10/values.schema.json index 5f39f4b73..f5fb84c4e 100644 --- a/charts/kasten/k10/values.schema.json +++ b/charts/kasten/k10/values.schema.json @@ -403,6 +403,12 @@ "default": "", "title": "Garbagecollector service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." + }, + "metric-sidecar": { + "type": "string", + "default": "", + "title": "Metric-sidecar service container image", + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." } } }, @@ -2012,13 +2018,13 @@ }, "metricLifetime":{ "type": "string", - "default": "720h", - "title": "Lifetime of ephemeral pods metrics", - "description": "Lifetime of ephemeral pods metrics" + "default": "2m", + "title": "The period we check if there are metrics which should be removed", + "description": "The period we check if there are metrics which should be removed" }, "pushGatewayInterval":{ "type": "string", - "default": "1m", + "default": "30s", "title": "Pushgateway metrics interval", "description": "The interval of sending metrics into the Pushgateway" } @@ -2623,6 +2629,12 @@ "default": true } } + }, + "maxJobWaitDuration": { + "type": "string", + "default": "", + "title": "Maximum duration for jobs in minutes", + "description": "Set a maximum duration of waiting for child jobs. If the execution of the subordinate jobs exceeds this value, the parent job will be canceled. If no value is set, a default of 10 hours will be used" } } } diff --git a/charts/kasten/k10/values.yaml b/charts/kasten/k10/values.yaml index 1089d47c2..483a8c4fd 100644 --- a/charts/kasten/k10/values.yaml +++ b/charts/kasten/k10/values.yaml @@ -89,6 +89,7 @@ global: upgrade: '' vbrintegrationapi: '' garbagecollector: '' + metric-sidecar: '' imagePullSecret: '' ingress: create: false @@ -383,8 +384,8 @@ kanisterPodCustomAnnotations : "" kanisterPodMetricSidecar: enabled: false - metricLifetime: "720h" - pushGatewayInterval: "1m" + metricLifetime: "2m" + pushGatewayInterval: "30s" genericVolumeSnapshot: resources: @@ -494,3 +495,5 @@ kubeVirtVMs: reporting: pdfReports: true + +maxJobWaitDuration: "" diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 84c1385a9..099edd67c 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -1,5 +1,21 @@ # Changelog +## Unreleased + +## 2.22.0 + +### Improvements + +* Removed redundant RBAC permissions for non-existing subresources `secrets/status` + and `endpoints/status`. + [#798](https://github.com/Kong/charts/pull/798) +* For Kong Ingress Controller in version >= 2.10, RBAC permissions for `Endpoints` + are not configured anymore (because it uses `EndpointSlices`). + [#798](https://github.com/Kong/charts/pull/798) +* Added support for setting `certificates.cluster.commonName`. This allows a custom + certificate `CommonName` to be provided when deploying Kong Gateway in hybrid + mode using Cert Manager [#804](https://github.com/Kong/charts/pull/804) + ## 2.21.0 ### Improvements diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 3508fe117..a28f7742c 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.21.0 +version: 2.22.0 diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md index bc60c4bf8..66570dc86 100644 --- a/charts/kong/kong/README.md +++ b/charts/kong/kong/README.md @@ -336,6 +336,9 @@ first and then upgrade the data plane release](https://docs.konghq.com/gateway/l #### Certificates +> This example shows how to use Kong Hybrid mode with `cluster_mtls: shared`. +> For an example of `cluster_mtls: pki` see the [hybrid-cert-manager example](https://github.com/Kong/charts/blob/main/charts/kong/example-values/hybrid-cert-manager/) + Hybrid mode uses TLS to secure the CP/DP node communication channel, and requires certificates for it. You can generate these either using `kong hybrid gen_cert` on a local Kong installation or using OpenSSL: @@ -432,7 +435,7 @@ admin: ```yaml env: role: data_plane - database: off + database: "off" cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key lua_ssl_trusted_certificate: /etc/secrets/kong-cluster-cert/tls.crt diff --git a/charts/kong/kong/crds/custom-resource-definitions.yaml b/charts/kong/kong/crds/custom-resource-definitions.yaml index 869c82096..890ee0bd3 100644 --- a/charts/kong/kong/crds/custom-resource-definitions.yaml +++ b/charts/kong/kong/crds/custom-resource-definitions.yaml @@ -448,8 +448,8 @@ spec: type: object upstream: description: Upstream represents a virtual hostname and can be used to - loadbalance incoming requests over multiple targets (e.g. Kubernetes - `Services` can be a target, OR `Endpoints` can be targets). + load balance incoming requests over multiple targets (e.g. Kubernetes + Services can be a target, or URLs can be targets). properties: algorithm: description: Algorithm is the load balancing algorithm to use. diff --git a/charts/kong/kong/example-values/hybrid-cert-manager/README.md b/charts/kong/kong/example-values/hybrid-cert-manager/README.md new file mode 100644 index 000000000..7196e2259 --- /dev/null +++ b/charts/kong/kong/example-values/hybrid-cert-manager/README.md @@ -0,0 +1,83 @@ +This README explains how to install Kong in DB-backed mode with Postgres and Cert Manager + +# Install Postgres + +Use the bitnami chart to install Postgres. Read the output to understand how to connect to the database. + +```bash +helm install postgres oci://registry-1.docker.io/bitnamicharts/postgresql -n db --create-namespace +``` + +Once connected, create a postgres user and database: + +```sql +CREATE USER kong WITH PASSWORD 'super_secret'; CREATE DATABASE kong OWNER kong; +``` + +# Cert Manager + +Install Cert Manager in to your cluster: + +```bash +kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml +helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --create-namespace \ + --version v1.11.0 +``` + +Create a self signed CA + Issuer for future use: + +```yaml +echo " +apiVersion: v1 +kind: Namespace +metadata: + name: kong +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: my-selfsigned-ca + namespace: kong +spec: + isCA: true + commonName: my-selfsigned-ca + secretName: root-secret + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: my-ca-issuer + namespace: kong +spec: + ca: + secretName: root-secret +" | kubectl apply -f - +``` + +# Kong + +Deploy Kong using the `cp-values.yaml` and `dp-values.yaml` in this folder: + +```bash +helm install kong-cp kong/kong -n kong --values cp-values.yaml +helm install kong-dp kong/kong -n kong --values dp-values.yaml +``` + +You should now have Kong running in hybrid mode diff --git a/charts/kong/kong/example-values/hybrid-cert-manager/cp-values.yaml b/charts/kong/kong/example-values/hybrid-cert-manager/cp-values.yaml new file mode 100644 index 000000000..749c08e91 --- /dev/null +++ b/charts/kong/kong/example-values/hybrid-cert-manager/cp-values.yaml @@ -0,0 +1,25 @@ +env: + role: control_plane + database: postgres + pg_host: postgres-postgresql.db.svc.cluster.local + pg_user: kong + pg_password: super_secret + +cluster: + enabled: true + tls: + enabled: true + +certificates: + enabled: true + issuer: my-ca-issuer + cluster: + enabled: true + commonName: custom.example.com + +proxy: + enabled: false + +ingressController: + env: + publish_service: kong/kong-cp-kong-proxy diff --git a/charts/kong/kong/example-values/hybrid-cert-manager/dp-values.yaml b/charts/kong/kong/example-values/hybrid-cert-manager/dp-values.yaml new file mode 100644 index 000000000..4e53377fc --- /dev/null +++ b/charts/kong/kong/example-values/hybrid-cert-manager/dp-values.yaml @@ -0,0 +1,22 @@ +env: + role: data_plane + database: "off" + cluster_control_plane: kong-cp-kong-cluster.kong.svc.cluster.local:8005 + +cluster: + enabled: true + tls: + enabled: true + +certificates: + enabled: true + issuer: my-ca-issuer + cluster: + enabled: true + commonName: custom.example.com + +admin: + enabled: false + +ingressController: + enabled: false diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index 9d97bf5f6..84f95279c 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -494,10 +494,10 @@ The name of the service used for the ingress controller's validation webhook {{- define "kong.volumes" -}} - name: {{ template "kong.fullname" . }}-prefix-dir - emptyDir: + emptyDir: sizeLimit: {{ .Values.deployment.prefixDir.sizeLimit }} - name: {{ template "kong.fullname" . }}-tmp - emptyDir: + emptyDir: sizeLimit: {{ .Values.deployment.tmpDir.sizeLimit }} {{- if and ( .Capabilities.APIVersions.Has "cert-manager.io/v1" ) .Values.certificates.enabled -}} {{- if .Values.certificates.cluster.enabled }} @@ -867,6 +867,8 @@ the template that it itself is using form the above sections. {{- if and ( .Capabilities.APIVersions.Has "cert-manager.io/v1" ) .Values.certificates.enabled -}} {{- if (and .Values.certificates.cluster.enabled .Values.cluster.enabled) -}} + {{- $_ := set $autoEnv "KONG_CLUSTER_MTLS" "pki" -}} + {{- $_ := set $autoEnv "KONG_CLUSTER_SERVER_NAME" .Values.certificates.cluster.commonName -}} {{- $_ := set $autoEnv "KONG_CLUSTER_CA_CERT" "/etc/cert-manager/cluster/ca.crt" -}} {{- $_ := set $autoEnv "KONG_CLUSTER_CERT" "/etc/cert-manager/cluster/tls.crt" -}} {{- $_ := set $autoEnv "KONG_CLUSTER_CERT_KEY" "/etc/cert-manager/cluster/tls.key" -}} @@ -1142,6 +1144,7 @@ role sets used in the charts. Updating these requires separating out cluster resource roles into their separate templates. */}} {{- define "kong.kubernetesRBACRules" -}} +{{- if (semverCompare "< 2.10.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} - apiGroups: - "" resources: @@ -1149,14 +1152,7 @@ resource roles into their separate templates. verbs: - list - watch -- apiGroups: - - "" - resources: - - endpoints/status - verbs: - - get - - patch - - update +{{- end }} - apiGroups: - "" resources: @@ -1186,14 +1182,6 @@ resource roles into their separate templates. verbs: - list - watch -- apiGroups: - - "" - resources: - - secrets/status - verbs: - - get - - patch - - update - apiGroups: - "" resources: diff --git a/charts/kong/kong/templates/certificate.yaml b/charts/kong/kong/templates/certificate.yaml index 9da641bb1..a7079cd9f 100644 --- a/charts/kong/kong/templates/certificate.yaml +++ b/charts/kong/kong/templates/certificate.yaml @@ -30,10 +30,7 @@ {{- if .Values.certificates.cluster.enabled }} {{- $certificateConfig := dict -}} -{{- $certificateConfig = mustMerge (mustDeepCopy $genericCertificateConfig) $certificateConfig -}} -{{- $_ := set $certificateConfig "dnsNames" (list) -}} -{{- $_ := set $certificateConfig "commonName" "kong_cluster" -}} -{{- $certificateConfig = (mustMerge $certificateConfig .Values.certificates.cluster) -}} +{{- $certificateConfig = mustMerge (mustDeepCopy $genericCertificateConfig) .Values.certificates.cluster -}} {{- $_ := set $certificateConfig "serviceName" "cluster" -}} {{- include "kong.certificate" $certificateConfig -}} {{- end }} diff --git a/charts/kong/kong/templates/controller-rbac-resources.yaml b/charts/kong/kong/templates/controller-rbac-resources.yaml index f1a817f46..f5873f052 100644 --- a/charts/kong/kong/templates/controller-rbac-resources.yaml +++ b/charts/kong/kong/templates/controller-rbac-resources.yaml @@ -35,12 +35,14 @@ rules: - configmaps verbs: - create +{{- if (semverCompare "< 2.10.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} - apiGroups: - "" resources: - endpoints verbs: - get +{{- end }} # Begin KIC 2.x leader permissions - apiGroups: - "" @@ -67,7 +69,6 @@ rules: - "" resources: - services - - endpoints verbs: - get --- diff --git a/charts/kong/kong/values.yaml b/charts/kong/kong/values.yaml index 4db4b720e..5e318db49 100644 --- a/charts/kong/kong/values.yaml +++ b/charts/kong/kong/values.yaml @@ -728,8 +728,8 @@ certificates: # Issuers used by the control and data plane releases must match for this certificate. issuer: "" clusterIssuer: "" - # commonName: "kong_cluster" - # dnsNames: [] + commonName: "kong_clustering" + dnsNames: [] # ----------------------------------------------------------------------------- # Miscellaneous parameters diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index 3cdb04ea6..7b3d122de 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: nats apiVersion: v2 -appVersion: 2.9.16 +appVersion: 2.9.17 description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. home: http://github.com/nats-io/k8s @@ -18,4 +18,4 @@ maintainers: name: The NATS Authors url: https://github.com/nats-io name: nats -version: 0.19.13 +version: 0.19.14 diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index 5015ea4f6..8812d58e6 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -6,7 +6,7 @@ nats: image: repository: nats - tag: 2.9.16-alpine + tag: 2.9.17-alpine pullPolicy: IfNotPresent # registry: docker.io @@ -623,7 +623,7 @@ exporter: enabled: true image: repository: natsio/prometheus-nats-exporter - tag: 0.10.1 + tag: 0.11.0 pullPolicy: IfNotPresent # registry: docker.io diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 5b6b0e2b5..8560b222f 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -31,4 +31,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.17 +version: 4.0.20 diff --git a/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml b/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml new file mode 100644 index 000000000..fece78e6e --- /dev/null +++ b/charts/redpanda/redpanda/ci/11-update-sasl-users-values.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This relies on .github/create-sasl-secret.sh and moving those files into the redpanda template directory +auth: + sasl: + enabled: true + secretRef: "some-users" + users: [] diff --git a/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml b/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml new file mode 100644 index 000000000..cd9622148 --- /dev/null +++ b/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +license_secret_ref: + secret_name: redpanda-license + secret_key: license-key + +storage: + tieredConfig: + cloud_storage_enabled: true + cloud_storage_secret_key: test + cloud_storage_access_key: test + cloud_storage_region: test + cloud_storage_bucket: test + storage_zero_value: 0 + storage_null_value: null + storage_empty_array_value: [] + storage_empty_map_value: {} + storage_empty_string_value: "" + +config: + cluster: + enable_idempotence: false + cluster_zero_value: 0 + cluster_null_value: null + cluster_empty_array_value: [] + cluster_empty_map_value: {} + cluster_empty_string_value: "" + tunable: + tunable_zero_value: 0 + tunable_null_value: null + tunable_empty_array_value: [] + tunable_empty_map_value: {} + tunable_empty_string_value: "" + node: + node_zero_value: 0 + node_null_value: null + node_empty_array_value: [] + node_empty_map_value: {} + node_empty_string_value: "" diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index 6afdc49c0..319e58be3 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -352,7 +352,7 @@ than 1 core. {{- end -}} {{- define "api-urls" -}} -{{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" .}}:{{ .Values.listeners.admin.port }} +{{ include "redpanda.internal.domain" .}}:{{ .Values.listeners.admin.port }} {{- end -}} {{- define "sasl-mechanism" -}} diff --git a/charts/redpanda/redpanda/templates/configmap.yaml b/charts/redpanda/redpanda/templates/configmap.yaml index 3ac9dca77..0aef9ceac 100644 --- a/charts/redpanda/redpanda/templates/configmap.yaml +++ b/charts/redpanda/redpanda/templates/configmap.yaml @@ -244,10 +244,14 @@ data: port: {{ $values.listeners.rpc.port }} {{- end }} {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} - {{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }} - {{- toYaml .Values.storage.tieredConfig | nindent 6 }} - {{- else }} - {{- unset .Values.storage.tieredConfig "cloud_storage_credentials_source" | toYaml | nindent 6 }} + {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }} + {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }} + {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}} + {{- end }} + {{- range $key, $element := $tieredStorageConfig}} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} {{- end }} {{- end }} {{- /* Schema Registry API */}} diff --git a/charts/redpanda/redpanda/templates/console/deployment.yaml b/charts/redpanda/redpanda/templates/console/deployment.yaml index 18c75c5a6..2eeb747f1 100644 --- a/charts/redpanda/redpanda/templates/console/deployment.yaml +++ b/charts/redpanda/redpanda/templates/console/deployment.yaml @@ -92,7 +92,7 @@ limitations under the License. {{ end }} {{ end }} -{{ $adminTLS := list }} +{{ $adminAPI := list }} {{ if (include "admin-internal-tls-enabled" . | fromJson).bool }} {{ $service := .Values.listeners.admin }} {{ $cert := get .Values.tls.certs $service.tls.cert }} @@ -101,7 +101,11 @@ limitations under the License. {{- $secretName = $cert.secretRef.name }} {{- end }} {{ if $cert.caEnabled }} - {{ $adminTLS = append $adminTLS (dict + {{ $adminAPI = append $adminAPI (dict + "name" "REDPANDA_ADMINAPI_TLS_ENABLED" + "value" "true" + ) }} + {{ $adminAPI = append $adminAPI (dict "name" "REDPANDA_ADMINAPI_TLS_CAFILEPATH" "value" (printf "/mnt/cert/adminapi/%s/ca.crt" $service.tls.cert) )}} @@ -119,8 +123,16 @@ limitations under the License. )}} {{ end }} {{ end }} +{{ $adminAPI := append $adminAPI (dict + "name" "REDPANDA_ADMINAPI_ENABLED" + "value" "true" +)}} +{{ $adminAPI = append $adminAPI (dict + "name" "REDPANDA_ADMINAPI_URLS" + "value" (print (include "admin-http-protocol" .) "://" (include "api-urls" .)) +)}} -{{ $extraEnv := concat $kafkaTLS $adminTLS $schemaRegistryTLS }} +{{ $extraEnv := concat $kafkaTLS $schemaRegistryTLS $adminAPI}} {{ $consoleValues := dict "Values" (dict "extraVolumes" $extraVolumes "extraVolumeMounts" $extraVolumeMounts diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index c4f928bd7..ade553daf 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -76,34 +76,6 @@ spec: args: - | set -e - {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} - USERS_FILE=$(find /etc/secrets/users/* -print) - while read p; do - IFS=":" read -r USER_NAME PASSWORD MECHANISM <<< $p - # Do not process empty lines - if [ -z "$USER_NAME" ]; then - continue - fi - echo "Creating user ${USER_NAME}..." - MECHANISM=${MECHANISM:-{{- include "sasl-mechanism" . }}} - creation_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code - if [[ $creation_result_exit_code -ne 0 ]]; then - # Check if the stderr contains "User already exists" - if [[ $creation_result == *"User already exists"* ]]; then - # TODO: change user password instead in the future when api enables this. - echo "the user ${USER_NAME} already exists, skipping creation." - else - # Another error occurred, so output the original message and exit code - echo "error creating user ${USER_NAME}: ${creation_result}" - exit $creation_result_exit_code - fi - # On a success, the user was created so output that - else - echo "Created user ${USER_NAME}." - fi - done < $USERS_FILE - {{- end }} - {{- if (include "redpanda-atleast-22-2-0" . | fromJson).bool }} {{- if not (empty .Values.license_secret_ref) }} rpk cluster license set "$REDPANDA_LICENSE" {{ template "rpk-flags-no-sasl" $ }} diff --git a/charts/redpanda/redpanda/templates/secrets.yaml b/charts/redpanda/redpanda/templates/secrets.yaml index b11778922..df653056a 100644 --- a/charts/redpanda/redpanda/templates/secrets.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -136,3 +136,119 @@ stringData: {{- end }} # intentional empty line {{- end }} + +{{- if .Values.statefulset.sideCars.configWatcher.enabled }} + {{- $values := .Values }} + {{- $sasl := .Values.auth.sasl }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "redpanda.fullname" . }}-config-watcher + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} +type: Opaque +stringData: + sasl-user.sh: |- + #!/usr/bin/env bash + set -e + + ready_result_exit_code=1 + while [[ ${ready_result_exit_code} -ne 0 ]]; do + ready_result=$(rpk cluster health {{ (include "rpk-flags" . | fromJson).admin }} | grep 'Healthy:.*true' 2>&1) && ready_result_exit_code=$? + sleep 2 + done + + while true; do + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + echo "RUNNING: Monitoring and Updating SASL users" + USERS_DIR="/etc/secrets/users" + + new_users_list(){ + LIST=$1 + NEW_USER=$2 + if [[ -n "${LIST}" ]]; then + LIST="${NEW_USER},${LIST}" + else + LIST="${NEW_USER}" + fi + + echo "${LIST}" + } + + process_users() { + USERS_DIR=${1-"/etc/secrets/users"} + USERS_FILE=$(find ${USERS_DIR}/* -print) + USERS_LIST="" + READ_LIST_SUCCESS=0 + while read p; do + IFS=":" read -r USER_NAME PASSWORD MECHANISM <<< $p + # Do not process empty lines + if [ -z "$USER_NAME" ]; then + continue + fi + echo "Creating user ${USER_NAME}..." + MECHANISM=${MECHANISM:-{{- include "sasl-mechanism" . }}} + creation_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code + if [[ $creation_result_exit_code -ne 0 ]]; then + # Check if the stderr contains "User already exists" + # this error occurs when password has changed + if [[ $creation_result == *"User already exists"* ]]; then + echo "Update user ${USER_NAME}" + # we will try to update by first deleting + deletion_result=$(rpk acl user delete ${USER_NAME} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && deletion_result_exit_code=$? || deletion_result_exit_code=$? + if [[ $deletion_result_exit_code -ne 0 ]]; then + echo "deletion of user ${USER_NAME} failed: ${deletion_result}" + READ_LIST_SUCCESS=1 + break + fi + # Now we update the user + update_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && update_result_exit_code=$? || update_result_exit_code=$? # On a non-success exit code + if [[ $update_result_exit_code -ne 0 ]]; then + echo "updating user ${USER_NAME} failed: ${update_result}" + READ_LIST_SUCCESS=1 + break + else + echo "Updated user ${USER_NAME}..." + USERS_LIST=$(new_users_list "${USERS_LIST}" "${USER_NAME}") + fi + else + # Another error occurred, so output the original message and exit code + echo "error creating user ${USER_NAME}: ${creation_result}" + READ_LIST_SUCCESS=1 + break + fi + # On a success, the user was created so output that + else + echo "Created user ${USER_NAME}..." + USERS_LIST=$(new_users_list "${USERS_LIST}" "${USER_NAME}") + fi + done < $USERS_FILE + + if [[ -n "${USERS_LIST}" && ${READ_LIST_SUCCESS} ]]; then + echo "Setting superusers configurations with users [${USERS_LIST}]" + superuser_result=$(rpk cluster config set superusers [${USERS_LIST}] {{ template "rpk-flags-no-sasl" $ }} 2>&1) && superuser_result_exit_code=$? || superuser_result_exit_code=$? + if [[ $superuser_result_exit_code -ne 0 ]]; then + echo "Setting superusers configurations failed: ${superuser_result}" + else + echo "Completed setting superusers configurations" + fi + fi + } + + # first time processing + process_users $USERS_DIR + + # subsequent changes detected here + # watching delete_self as documented in https://ahmet.im/blog/kubernetes-inotify/ + USERS_FILE=$(find ${USERS_DIR}/* -print) + while RES=$(inotifywait -q -e delete_self ${USERS_FILE}); do + process_users $USERS_DIR + done + {{- end }} + sleep infinity + done +{{- end }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 1ccfca0e7..eb9adcb8d 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -321,6 +321,30 @@ spec: limits: cpu: {{ .Values.resources.cpu.cores }} memory: {{ .Values.resources.memory.container.max }} + {{- if .Values.statefulset.sideCars.configWatcher.enabled }} + - name: config-watcher + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /bin/bash # could be expanded for multiple scripts + - -c + - /etc/secrets/config-watcher/scripts/sasl-user.sh + volumeMounts: + - name: {{ template "redpanda.fullname" . }}-config-watcher + mountPath: /etc/secrets/config-watcher/scripts + readOnly: true + {{- if and .Values.auth.sasl.enabled (not (empty .Values.auth.sasl.secretRef )) }} + - name: {{ .Values.auth.sasl.secretRef }} + mountPath: /etc/secrets/users + readOnly: true + {{- end }} + {{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + readOnly: true + {{- end }} + {{- end }} + {{- end }} volumes: - name: lifecycle-scripts secret: @@ -378,6 +402,11 @@ spec: secretName: {{ .Values.auth.sasl.secretRef }} optional: false {{- end }} + - name: {{ template "redpanda.fullname" . }}-config-watcher + secret: + secretName: {{ template "redpanda.fullname" . }}-config-watcher + optional: false + defaultMode: 0774 {{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} affinity: {{- with .Values.statefulset.nodeAffinity }} diff --git a/charts/redpanda/redpanda/templates/tests/test-console.yaml b/charts/redpanda/redpanda/templates/tests/test-console.yaml new file mode 100644 index 000000000..9ebc961ee --- /dev/null +++ b/charts/redpanda/redpanda/templates/tests/test-console.yaml @@ -0,0 +1,54 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.console.enabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-console" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + curl -svm3 --fail --retry 120 --retry-max-time 120 --retry-all-errors http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster | grep 'Redpanda {{ include "redpanda.tag" . }}' + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- end }} diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml index d1bcc3fe5..f1f930a49 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml @@ -16,6 +16,7 @@ limitations under the License. */}} {{- $sasl := .Values.auth.sasl }} {{- $root := deepCopy . }} +{{- $rpk := deepCopy . }} apiVersion: v1 kind: Pod metadata: @@ -54,8 +55,7 @@ spec: {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} {{- $cloudStorageFlags = "-c retention.bytes=80 -c segment.bytes=40 -c redpanda.remote.read=true -c redpanda.remote.write=true"}} {{- end }} -{{- $useSaslSecret := and $sasl.enabled (not (empty $sasl.secretRef )) }} -{{- if or (not $sasl.enabled) $useSaslSecret }} +{{- if $sasl.enabled }} until rpk topic create produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} {{ $cloudStorageFlags }} do sleep 2 done @@ -75,7 +75,7 @@ spec: mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} {{- end }} -{{- if $useSaslSecret }} +{{- if $sasl.enabled }} - name: {{ $sasl.secretRef }} mountPath: "/etc/secrets/users" readOnly: true @@ -87,7 +87,7 @@ spec: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} -{{- if $useSaslSecret }} +{{- if $sasl.enabled }} - name: {{ $sasl.secretRef }} secret: secretName: {{ $sasl.secretRef }} diff --git a/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml b/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml index 83cf8efe9..e0fcbe6a8 100644 --- a/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml @@ -14,10 +14,18 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} + +{{/* + +This test currently fails because of a bug where when multiple containers exist +The api returns an error. We should be requesting logs from each container. + + {{- if and .Values.rbac.enabled (include "redpanda-atleast-23-1-1" .|fromJson).bool -}} {{- $sasl := .Values.auth.sasl }} {{- $useSaslSecret := and $sasl.enabled (not (empty $sasl.secretRef )) }} + apiVersion: v1 kind: Pod metadata: @@ -116,3 +124,4 @@ spec: {{- end -}} {{- end -}} +*/}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml b/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml new file mode 100644 index 000000000..6f92d57fb --- /dev/null +++ b/charts/redpanda/redpanda/templates/tests/test-sasl-updated.yaml @@ -0,0 +1,95 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and (include "sasl-enabled" . | fromJson).bool (eq .Values.auth.sasl.secretRef "some-users") -}} + {{- $rpk := deepCopy . }} + {{- $sasl := .Values.auth.sasl }} + {{- $_ := set $rpk "rpk" "rpk" }} + {{- $_ := set $rpk "dummySasl" false }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-update-sasl-users" + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -xe + # check that the users list did update + ready_result_exit_code=1 + while [[ ${ready_result_exit_code} -ne 0 ]]; do + ready_result=$(rpk acl user list {{ (include "rpk-flags" . | fromJson).admin }} | grep anotheranotherme 2>&1) && ready_result_exit_code=$? + sleep 2 + done + + # check that sasl is not broken + {{ include "rpk-cluster-info" $rpk }} + volumeMounts: + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + {{- if (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + mountPath: "/etc/secrets/users" + readOnly: true + {{- end}} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} + {{- if (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + secret: + secretName: {{ $sasl.secretRef }} + optional: false + {{- end }} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 0644 + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index bfb43a6a3..9de5a91c6 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -526,7 +526,8 @@ "priorityClassName", "tolerations", "topologySpreadConstraints", - "securityContext" + "securityContext", + "sideCars" ], "properties": { "replicas": { @@ -687,6 +688,22 @@ } } }, + "sideCars": { + "type": "object", + "properties": { + "configWatcher": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resources": { + "type": "object" + } + } + } + } + }, "initContainers": { "type": "object", "properties": { diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 1bf1d3e09..c66611ad4 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -543,6 +543,10 @@ statefulset: fsGroup: 101 runAsUser: 101 fsGroupChangePolicy: OnRootMismatch + sideCars: + configWatcher: + enabled: true + resources: {} initContainers: tuning: resources: {} diff --git a/charts/triggermesh/triggermesh/Chart.yaml b/charts/triggermesh/triggermesh/Chart.yaml index ca1863f05..e669c8c23 100644 --- a/charts/triggermesh/triggermesh/Chart.yaml +++ b/charts/triggermesh/triggermesh/Chart.yaml @@ -18,4 +18,4 @@ description: A Helm chart deploying TriggerMesh Open Source Components icon: https://partner-charts.rancher.io/assets/logos/triggermesh.svg name: triggermesh type: application -version: 0.8.1 +version: 0.8.2 diff --git a/charts/triggermesh/triggermesh/templates/deployment.yaml b/charts/triggermesh/triggermesh/templates/deployment.yaml index 038c2a860..b5f26cd65 100644 --- a/charts/triggermesh/triggermesh/templates/deployment.yaml +++ b/charts/triggermesh/triggermesh/templates/deployment.yaml @@ -192,11 +192,11 @@ spec: value: "{{ .Values.image.registry }}/splitter-adapter:{{ .Values.image.tag | default .Chart.AppVersion }}" # Function Runtimes - name: RUNTIME_KLR_PYTHON - value: "{{ .Values.image.registry }}/knative-lambda-python37:{{ .Values.klr.image.tag | default .Chart.AppVersion }}" + value: "{{ .Values.image.registry }}/knative-lambda-python310:{{ .Values.klr.image.tag | default .Chart.AppVersion }}" - name: RUNTIME_KLR_NODE - value: "{{ .Values.image.registry }}/knative-lambda-node10:{{ .Values.klr.image.tag | default .Chart.AppVersion }}" + value: "{{ .Values.image.registry }}/knative-lambda-node18:{{ .Values.klr.image.tag | default .Chart.AppVersion }}" - name: RUNTIME_KLR_RUBY - value: "{{ .Values.image.registry }}/knative-lambda-ruby25:{{ .Values.klr.image.tag | default .Chart.AppVersion }}" + value: "{{ .Values.image.registry }}/knative-lambda-ruby32:{{ .Values.klr.image.tag | default .Chart.AppVersion }}" # Custom build adapters - name: IBMMQSOURCE_IMAGE value: "{{ .Values.image.registry }}/ibmmqsource-adapter:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/index.yaml b/index.yaml index 0582013a5..983d3f82b 100644 --- a/index.yaml +++ b/index.yaml @@ -80,6 +80,50 @@ entries: - assets/datawiza/access-broker-0.1.1.tgz version: 0.1.1 airflow: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.6.1 + created: "2023-05-22T13:22:02.038433407Z" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 17.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: 9a9cae777763b8a6e823b986a3e859fb9a85c99e8a1a9870e98455be2a66f767 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/airflow + urls: + - assets/bitnami/airflow-14.2.4.tgz + version: 14.2.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Airflow @@ -6067,6 +6111,41 @@ entries: - assets/aws-event-sources/aws-event-sources-0.1.901.tgz version: 0.1.901 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.1 + created: "2023-05-22T13:22:02.073438625Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: 062abe890ceb99d40708a96114f06be023f45d929e46f6407adf7b95c78d9160 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/cassandra + urls: + - assets/bitnami/cassandra-10.4.0.tgz + version: 10.4.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -6626,6 +6705,39 @@ entries: - assets/softiron/ceph-csi-rbd-1.3.1.tgz version: 1.3.1 cert-manager: + - annotations: + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E + url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: cert-manager + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/namespace: cert-manager + catalog.cattle.io/release-name: cert-manager + apiVersion: v1 + appVersion: v1.12.0 + created: "2023-05-22T13:22:03.601121928Z" + description: A Helm chart for cert-manager + digest: 5416b1feef1dceed480041afec5e9f8b3bc47f11610ff923e6de4391ba8ec2dc + home: https://github.com/cert-manager/cert-manager + icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png + keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: cert-manager-maintainers@googlegroups.com + name: cert-manager-maintainers + url: https://cert-manager.io + name: cert-manager + sources: + - https://github.com/cert-manager/cert-manager + urls: + - assets/cert-manager/cert-manager-v1.12.0.tgz + version: v1.12.0 - annotations: artifacthub.io/prerelease: "false" artifacthub.io/signKey: | @@ -9978,6 +10090,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-05-22T13:22:04.001983439Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: 63192ea25566135c606029c8e0d0df55957d0a268ad62b6c6d19026a68800fc7 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.29.3.tgz + version: 3.29.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -11789,6 +11938,33 @@ entries: - assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz version: 0.8.000 dynatrace-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dynatrace Operator + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: dynatrace-operator + apiVersion: v2 + appVersion: 0.11.2 + created: "2023-05-22T13:22:04.188167837Z" + description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift + digest: df6a1d758eec5b94255bdbf6f9bf583553b6c72a229da93139a782002a72c56e + home: https://www.dynatrace.com/ + icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png + kubeVersion: '>=1.19.0-0' + maintainers: + - email: marcell.sevcsik@dynatrace.com + name: 0sewa0 + - email: christoph.muellner@dynatrace.com + name: chrismuellner + - email: lukas.hinterreiter@dynatrace.com + name: luhi-DT + name: dynatrace-operator + sources: + - https://github.com/Dynatrace/dynatrace-operator + type: application + urls: + - assets/dynatrace/dynatrace-operator-0.11.2.tgz + version: 0.11.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dynatrace Operator @@ -12184,6 +12360,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.8.2 + created: "2023-05-22T13:22:04.248287169Z" + description: External secret management for Kubernetes + digest: ef471007559eaa73eeaba382fe6800a5f0f92140d6740f0aa43a2cdafe2964db + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.8.2.tgz + version: 0.8.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -13239,6 +13439,74 @@ entries: - assets/inaccel/fpga-operator-2.5.201.tgz version: 2.5.201 gitlab: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: GitLab + catalog.cattle.io/release-name: gitlab + apiVersion: v1 + appVersion: v15.11.5 + created: "2023-05-22T13:22:04.757900236Z" + dependencies: + - name: gitlab + repository: "" + version: '*.*.*' + - name: certmanager-issuer + repository: "" + version: '*.*.*' + - name: minio + repository: "" + version: '*.*.*' + - name: registry + repository: "" + version: '*.*.*' + - alias: certmanager + condition: certmanager.install + name: cert-manager + repository: https://charts.jetstack.io/ + version: 1.5.4 + - condition: prometheus.install + name: prometheus + repository: https://prometheus-community.github.io/helm-charts + version: 15.18.0 + - condition: postgresql.install + name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 8.9.4 + - condition: gitlab-runner.install + name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.51.1 + - condition: global.grafana.enabled + name: grafana + repository: https://grafana.github.io/helm-charts + version: 6.11.0 + - condition: redis.install + name: redis + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 11.3.4 + - condition: nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: '*.*.*' + - condition: gitlab-zoekt.install + name: gitlab-zoekt + repository: https://charts.gitlab.io/ + version: 0.3.0 + description: The One DevOps Platform + digest: ee4b9f97dd74d111c4a36c88f1d93016c94a923fddb8cfc28b652122bf731481 + home: https://about.gitlab.com/ + icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png + keywords: + - gitlab + maintainers: + - email: support@gitlab.com + name: GitLab Inc. + name: gitlab + sources: + - https://gitlab.com/gitlab-org/charts/gitlab + urls: + - assets/gitlab/gitlab-6.11.5.tgz + version: 6.11.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: GitLab @@ -19395,8 +19663,8 @@ entries: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 - appVersion: 5.5.10 - created: "2023-05-08T19:56:09.120861974Z" + appVersion: 5.5.11 + created: "2023-05-22T13:22:17.923058482Z" dependencies: - name: grafana repository: file://./charts/grafana @@ -19405,7 +19673,33 @@ entries: repository: file://./charts/prometheus version: 15.8.5 description: Kasten’s K10 Data Management Platform - digest: a62f003fa5c12b256c08d38837dceafa33b22284ca4e3b84e555d0df11fdbce4 + digest: e5403f1935b345f4141803ce8d5952f62fa76099adf65c370980a79c492ed785 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-5.5.1101.tgz + version: 5.5.1101 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 5.5.10 + created: "2023-05-22T13:22:06.741383946Z" + dependencies: + - name: grafana + repository: file://./charts/grafana + version: 6.32.9 + - name: prometheus + repository: file://./charts/prometheus + version: 15.8.5 + description: Kasten’s K10 Data Management Platform + digest: bda086082fec87ec93e710a6fe648b4e8af096ea2c7a9d365d762869441459d5 home: https://kasten.io/ icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png maintainers: @@ -20016,6 +20310,47 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.4.0 + created: "2023-05-22T13:22:02.359572476Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: 59e0607ddb0ac614f86e04be43890860825dce3435d3eab0ce8fe3762d3ba442 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/kafka + urls: + - assets/bitnami/kafka-22.1.3.tgz + version: 22.1.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -21436,6 +21771,33 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.2" + created: "2023-05-22T13:22:18.205024811Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 8ad17f62558fd230b5a9a70890be7a6b994022c1c14eaea53b27746091cb7158 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.22.0.tgz + version: 2.22.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -22970,6 +23332,43 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.11.3 + created: "2023-05-22T13:22:02.455119226Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: ab537838efed7ae981188ab87b3c9e574e88258adfc42acc5971ddd45ebc3c3d + home: https://bitnami.com + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mariadb + urls: + - assets/bitnami/mariadb-12.2.4.tgz + version: 12.2.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -24135,6 +24534,43 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 8.0.33 + created: "2023-05-22T13:22:02.458830228Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: 747c340a10598c609b3c8162c76608318adc14b4b3c0bbc2cba5b1a2a51ab796 + home: https://bitnami.com + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mysql + urls: + - assets/bitnami/mysql-9.10.1.tgz + version: 9.10.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -24701,6 +25137,31 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.9.17 + created: "2023-05-22T13:22:18.515866754Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 30e0030d83994625c8133d218202a7181fe43a595e9b32450db435c7a52a6cb4 + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io + name: nats + urls: + - assets/nats/nats-0.19.14.tgz + version: 0.19.14 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -28505,6 +28966,44 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.3.0 + created: "2023-05-22T13:22:02.658665133Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: 8d128a3c06ec8115bf5846e0c513092800ffe795e76293e8d06f859513690249 + home: https://bitnami.com + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/postgresql + urls: + - assets/bitnami/postgresql-12.5.3.tgz + version: 12.5.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -30039,6 +30538,41 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.0.11 + created: "2023-05-22T13:22:02.69042305Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 22d6e95f1d6360520cdf06789f6bb1e0bd3796f3954d21974a3860d87eb5c5ce + home: https://bitnami.com + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-17.11.3.tgz + version: 17.11.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -31112,6 +31646,44 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v23.1.8 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.8 + created: "2023-05-22T13:22:19.252991592Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: b96f2dc5923f06523b2fc033b3337f3cbc9edaaf1bd4731b5bd765999326dd94 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.20.tgz + version: 4.0.20 - annotations: artifacthub.io/images: | - name: redpanda @@ -33481,6 +34053,40 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.3.2 + created: "2023-05-22T13:22:02.926700774Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: d0bd8cc6c541a58cbdb17824b8fb216380f90d3ce479a10a39de958d7a239162 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-6.6.3.tgz + version: 6.6.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -36307,6 +36913,44 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 tomcat: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.9 + created: "2023-05-22T13:22:02.998595112Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 30f4be8c3ddab1d5fdf637aa254a7b21aaa9037a08716f7d5d660115f43d061f + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/tomcat + urls: + - assets/bitnami/tomcat-10.9.1.tgz + version: 10.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Tomcat @@ -37802,6 +38446,31 @@ entries: - assets/traefik/traefik-10.6.0.tgz version: 10.6.0 triggermesh: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TriggerMesh + catalog.cattle.io/kube-version: '>=1.20-0' + catalog.cattle.io/release-name: triggermesh + apiVersion: v2 + appVersion: v1.25.0 + created: "2023-05-22T13:22:19.704533799Z" + dependencies: + - condition: triggermesh-core.enabled + name: triggermesh-core + repository: file://./charts/triggermesh-core + tags: + - triggermesh + - triggermesh-core + - brokers + version: 1.2.x + description: A Helm chart deploying TriggerMesh Open Source Components + digest: 5d35cace5475afdd342d9fdf4db3276843e9e6335a8f8bea936cd8f0120ac484 + icon: https://partner-charts.rancher.io/assets/logos/triggermesh.svg + name: triggermesh + type: application + urls: + - assets/triggermesh/triggermesh-0.8.2.tgz + version: 0.8.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: TriggerMesh @@ -38815,6 +39484,53 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.2 + created: "2023-05-22T13:22:03.494777072Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: ab6903f4aa20852f88a84d8c1ee0c66a73631559a65d4a489fdc35d942c7809c + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-16.1.6.tgz + version: 16.1.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -41540,6 +42256,38 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.8.1 + created: "2023-05-22T13:22:03.553316503Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: 54758de16cf8bdbd0e6193074e93b3ec2c0d89fd8d269ea0146841ce9d3b19f9 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + urls: + - assets/bitnami/zookeeper-11.4.2.tgz + version: 11.4.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper