diff --git a/assets/aquarist-labs/s3gw-0.13.0.tgz b/assets/aquarist-labs/s3gw-0.13.0.tgz
new file mode 100644
index 000000000..49d385cbe
Binary files /dev/null and b/assets/aquarist-labs/s3gw-0.13.0.tgz differ
diff --git a/assets/argo/argo-cd-5.25.0.tgz b/assets/argo/argo-cd-5.25.0.tgz
new file mode 100644
index 000000000..5c685c861
Binary files /dev/null and b/assets/argo/argo-cd-5.25.0.tgz differ
diff --git a/assets/asserts/asserts-1.34.0.tgz b/assets/asserts/asserts-1.34.0.tgz
new file mode 100644
index 000000000..fd13760e9
Binary files /dev/null and b/assets/asserts/asserts-1.34.0.tgz differ
diff --git a/assets/bitnami/airflow-14.0.14.tgz b/assets/bitnami/airflow-14.0.14.tgz
new file mode 100644
index 000000000..26eb48510
Binary files /dev/null and b/assets/bitnami/airflow-14.0.14.tgz differ
diff --git a/assets/bitnami/cassandra-10.1.0.tgz b/assets/bitnami/cassandra-10.1.0.tgz
new file mode 100644
index 000000000..2e20922d3
Binary files /dev/null and b/assets/bitnami/cassandra-10.1.0.tgz differ
diff --git a/assets/bitnami/kafka-21.3.1.tgz b/assets/bitnami/kafka-21.3.1.tgz
new file mode 100644
index 000000000..8ae682c12
Binary files /dev/null and b/assets/bitnami/kafka-21.3.1.tgz differ
diff --git a/assets/bitnami/mariadb-11.5.3.tgz b/assets/bitnami/mariadb-11.5.3.tgz
new file mode 100644
index 000000000..ca50e507b
Binary files /dev/null and b/assets/bitnami/mariadb-11.5.3.tgz differ
diff --git a/assets/bitnami/mysql-9.6.0.tgz b/assets/bitnami/mysql-9.6.0.tgz
new file mode 100644
index 000000000..7874b9107
Binary files /dev/null and b/assets/bitnami/mysql-9.6.0.tgz differ
diff --git a/assets/bitnami/redis-17.8.4.tgz b/assets/bitnami/redis-17.8.4.tgz
new file mode 100644
index 000000000..a28f53d69
Binary files /dev/null and b/assets/bitnami/redis-17.8.4.tgz differ
diff --git a/assets/bitnami/spark-6.4.0.tgz b/assets/bitnami/spark-6.4.0.tgz
new file mode 100644
index 000000000..f9ff8980f
Binary files /dev/null and b/assets/bitnami/spark-6.4.0.tgz differ
diff --git a/assets/bitnami/wordpress-15.2.51.tgz b/assets/bitnami/wordpress-15.2.51.tgz
new file mode 100644
index 000000000..d1ed19387
Binary files /dev/null and b/assets/bitnami/wordpress-15.2.51.tgz differ
diff --git a/assets/cockroach-labs/cockroachdb-10.0.6.tgz b/assets/cockroach-labs/cockroachdb-10.0.6.tgz
new file mode 100644
index 000000000..2d2a45e0c
Binary files /dev/null and b/assets/cockroach-labs/cockroachdb-10.0.6.tgz differ
diff --git a/assets/codefresh/cf-runtime-1.9.11.tgz b/assets/codefresh/cf-runtime-1.9.11.tgz
new file mode 100644
index 000000000..6506642eb
Binary files /dev/null and b/assets/codefresh/cf-runtime-1.9.11.tgz differ
diff --git a/assets/datadog/datadog-3.19.1.tgz b/assets/datadog/datadog-3.19.1.tgz
new file mode 100644
index 000000000..4cdd65376
Binary files /dev/null and b/assets/datadog/datadog-3.19.1.tgz differ
diff --git a/assets/gitlab/gitlab-6.9.3.tgz b/assets/gitlab/gitlab-6.9.3.tgz
new file mode 100644
index 000000000..ca09aa6af
Binary files /dev/null and b/assets/gitlab/gitlab-6.9.3.tgz differ
diff --git a/assets/gluu/gluu-5.0.13.tgz b/assets/gluu/gluu-5.0.13.tgz
new file mode 100644
index 000000000..f4e632b8f
Binary files /dev/null and b/assets/gluu/gluu-5.0.13.tgz differ
diff --git a/assets/haproxy/haproxy-1.29.1.tgz b/assets/haproxy/haproxy-1.29.1.tgz
new file mode 100644
index 000000000..3d780b3b6
Binary files /dev/null and b/assets/haproxy/haproxy-1.29.1.tgz differ
diff --git a/assets/hpe/hpe-csi-driver-2.3.0.tgz b/assets/hpe/hpe-csi-driver-2.3.0.tgz
new file mode 100644
index 000000000..57636dc64
Binary files /dev/null and b/assets/hpe/hpe-csi-driver-2.3.0.tgz differ
diff --git a/assets/instana/instana-agent-1.2.56.tgz b/assets/instana/instana-agent-1.2.56.tgz
new file mode 100644
index 000000000..a7f6c8ad5
Binary files /dev/null and b/assets/instana/instana-agent-1.2.56.tgz differ
diff --git a/assets/jenkins/jenkins-4.3.5.tgz b/assets/jenkins/jenkins-4.3.5.tgz
new file mode 100644
index 000000000..a635e7789
Binary files /dev/null and b/assets/jenkins/jenkins-4.3.5.tgz differ
diff --git a/assets/jfrog/artifactory-ha-107.55.6.tgz b/assets/jfrog/artifactory-ha-107.55.6.tgz
new file mode 100644
index 000000000..f5c9a17c7
Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.55.6.tgz differ
diff --git a/assets/jfrog/artifactory-jcr-107.55.6.tgz b/assets/jfrog/artifactory-jcr-107.55.6.tgz
new file mode 100644
index 000000000..8751996eb
Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.55.6.tgz differ
diff --git a/assets/kubecost/cost-analyzer-1.100.2.tgz b/assets/kubecost/cost-analyzer-1.100.2.tgz
index 375c21cd0..ee3715412 100644
Binary files a/assets/kubecost/cost-analyzer-1.100.2.tgz and b/assets/kubecost/cost-analyzer-1.100.2.tgz differ
diff --git a/assets/kubecost/cost-analyzer-1.101.0.tgz b/assets/kubecost/cost-analyzer-1.101.0.tgz
new file mode 100644
index 000000000..69af9c825
Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.101.0.tgz differ
diff --git a/assets/loft/loft-3.0.0.tgz b/assets/loft/loft-3.0.0.tgz
new file mode 100644
index 000000000..c93fae7e7
Binary files /dev/null and b/assets/loft/loft-3.0.0.tgz differ
diff --git a/assets/ondat/ondat-operator-0.7.4.tgz b/assets/ondat/ondat-operator-0.7.4.tgz
new file mode 100644
index 000000000..1516273ee
Binary files /dev/null and b/assets/ondat/ondat-operator-0.7.4.tgz differ
diff --git a/assets/redpanda/redpanda-3.0.2.tgz b/assets/redpanda/redpanda-3.0.2.tgz
new file mode 100644
index 000000000..277140921
Binary files /dev/null and b/assets/redpanda/redpanda-3.0.2.tgz differ
diff --git a/assets/speedscale/speedscale-operator-1.2.26.tgz b/assets/speedscale/speedscale-operator-1.2.26.tgz
new file mode 100644
index 000000000..6aabf7fac
Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.2.26.tgz differ
diff --git a/assets/sysdig/sysdig-1.15.78.tgz b/assets/sysdig/sysdig-1.15.78.tgz
new file mode 100644
index 000000000..d5e759571
Binary files /dev/null and b/assets/sysdig/sysdig-1.15.78.tgz differ
diff --git a/assets/traefik/traefik-21.2.0.tgz b/assets/traefik/traefik-21.2.0.tgz
new file mode 100644
index 000000000..357cb9174
Binary files /dev/null and b/assets/traefik/traefik-21.2.0.tgz differ
diff --git a/assets/yugabyte/yugabyte-2.14.7.tgz b/assets/yugabyte/yugabyte-2.14.7.tgz
new file mode 100644
index 000000000..7dbf6631e
Binary files /dev/null and b/assets/yugabyte/yugabyte-2.14.7.tgz differ
diff --git a/assets/yugabyte/yugabyte-2.16.2.tgz b/assets/yugabyte/yugabyte-2.16.2.tgz
new file mode 100644
index 000000000..701c12dd4
Binary files /dev/null and b/assets/yugabyte/yugabyte-2.16.2.tgz differ
diff --git a/assets/yugabyte/yugaware-2.14.7.tgz b/assets/yugabyte/yugaware-2.14.7.tgz
new file mode 100644
index 000000000..ae306c2b7
Binary files /dev/null and b/assets/yugabyte/yugaware-2.14.7.tgz differ
diff --git a/assets/yugabyte/yugaware-2.16.2.tgz b/assets/yugabyte/yugaware-2.16.2.tgz
new file mode 100644
index 000000000..de9b4e777
Binary files /dev/null and b/assets/yugabyte/yugaware-2.16.2.tgz differ
diff --git a/charts/aquarist-labs/s3gw/Chart.yaml b/charts/aquarist-labs/s3gw/Chart.yaml
index a2e602a93..0341db2ea 100644
--- a/charts/aquarist-labs/s3gw/Chart.yaml
+++ b/charts/aquarist-labs/s3gw/Chart.yaml
@@ -26,4 +26,4 @@ sources:
- https://github.com/aquarist-labs/s3gw
- https://github.com/aquarist-labs/ceph
type: application
-version: 0.12.0
+version: 0.13.0
diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml
index 6e7627ca5..8930e5c0a 100644
--- a/charts/argo/argo-cd/Chart.yaml
+++ b/charts/argo/argo-cd/Chart.yaml
@@ -1,23 +1,13 @@
annotations:
artifacthub.io/changes: |
- kind: added
- description: Global nodeSelector configuration
- - kind: added
- description: Global tolerations configuration
- - kind: added
- description: Global topologySpreadConstraints configuration
- - kind: added
- description: Missing component level topologySpreadConstraints configuration
- - kind: added
- description: Missing component level priorityClassName configuration
- - kind: changed
- description: Global affinity preset can be disabled
+ description: Add parameter env to redis exporter
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
-appVersion: v2.6.3
+appVersion: v2.6.4
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@@ -39,4 +29,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
-version: 5.24.0
+version: 5.25.0
diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md
index 21a945fa8..b5e4adba0 100644
--- a/charts/argo/argo-cd/README.md
+++ b/charts/argo/argo-cd/README.md
@@ -497,7 +497,11 @@ NAME: my-release
| controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric |
| controller.metrics.applicationLabels.labels | list | `[]` | Additional labels |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
+| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels |
+| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations |
| controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller |
+| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
+| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector |
| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller |
| controller.metrics.service.annotations | object | `{}` | Metrics service annotations |
| controller.metrics.service.labels | object | `{}` | Metrics service labels |
@@ -897,6 +901,7 @@ server:
| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server |
| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context |
| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
+| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl
index 377a07e12..2338d1c03 100644
--- a/charts/argo/argo-cd/templates/_helpers.tpl
+++ b/charts/argo/argo-cd/templates/_helpers.tpl
@@ -174,7 +174,10 @@ Merge Argo Configuration with Preset Configuration
{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}}
{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
-{{ $key }}: {{ toString $value | toYaml }}
+{{- $fmted := $value | toString }}
+{{- if not (eq $fmted "") }}
+{{ $key }}: {{ $fmted | toYaml }}
+{{- end }}
{{- end }}
{{- end -}}
diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
index bbf8d160d..c737fb5ea 100644
--- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
@@ -209,7 +209,7 @@ spec:
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.applicationSet.tolerations }}
+ {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
diff --git a/charts/argo/argo-cd/templates/redis/deployment.yaml b/charts/argo/argo-cd/templates/redis/deployment.yaml
index 389cf678a..3376d7323 100644
--- a/charts/argo/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo/argo-cd/templates/redis/deployment.yaml
@@ -89,6 +89,9 @@ spec:
value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }}
+ {{- with .Values.redis.exporter.env }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
ports:
- name: metrics
containerPort: {{ .Values.redis.containerPorts.metrics }}
diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml
index 3cc933a62..a5b5a9899 100644
--- a/charts/argo/argo-cd/values.yaml
+++ b/charts/argo/argo-cd/values.yaml
@@ -736,6 +736,17 @@ controller:
rules:
# -- Deploy a PrometheusRule for the application controller
enabled: false
+ # -- PrometheusRule namespace
+ namespace: "" # "monitoring"
+ # -- PrometheusRule selector
+ selector: {}
+ # prometheus: kube-prometheus
+
+ # -- PrometheusRule labels
+ additionalLabels: {}
+ # -- PrometheusRule annotations
+ annotations: {}
+
# -- PrometheusRule.Spec for the application controller
spec: []
# - alert: ArgoAppMissing
@@ -762,11 +773,6 @@ controller:
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
# 12 hours which means that the state of this cloud has drifted away from the
# state inside Git.
- # selector:
- # prometheus: kube-prometheus
- # namespace: monitoring
- # additionalLabels: {}
- # annotations: {}
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
@@ -1062,6 +1068,8 @@ redis:
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: false
+ # -- Environment variables to pass to the Redis exporter
+ env: []
## Prometheus redis-exporter image
image:
# -- Repository to use for the redis-exporter
diff --git a/charts/asserts/asserts/Chart.lock b/charts/asserts/asserts/Chart.lock
index d2afdc076..de30604b2 100644
--- a/charts/asserts/asserts/Chart.lock
+++ b/charts/asserts/asserts/Chart.lock
@@ -16,7 +16,7 @@ dependencies:
version: 0.7.0
- name: ebpf-probe
repository: https://asserts.github.io/helm-charts
- version: 0.1.0
+ version: 0.3.0
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.17.1
@@ -29,5 +29,5 @@ dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.9.13
-digest: sha256:f67342dfcfe7805322b598aefaf6d37c54f4b5c59264af096bca6048c00250c0
-generated: "2023-02-23T15:20:14.686324-08:00"
+digest: sha256:be4289156cf9c9d666185e3a18909e7cf96f3b0b3261f85c4eede8b17d451c40
+generated: "2023-03-09T08:59:35.827547-08:00"
diff --git a/charts/asserts/asserts/Chart.yaml b/charts/asserts/asserts/Chart.yaml
index c18cba50d..3314d9770 100644
--- a/charts/asserts/asserts/Chart.yaml
+++ b/charts/asserts/asserts/Chart.yaml
@@ -28,10 +28,11 @@ dependencies:
name: promxy
repository: file://./charts/promxy
version: 0.7.0
-- condition: ebpf-probe.enabled
+- alias: ebpfProbe
+ condition: ebpfProbe.enabled
name: ebpf-probe
repository: file://./charts/ebpf-probe
- version: 0.1.0
+ version: 0.3.0
- name: common
repository: file://./charts/common
version: 1.x.x
@@ -57,4 +58,4 @@ maintainers:
url: https://github.com/asserts
name: asserts
type: application
-version: 1.32.0
+version: 1.34.0
diff --git a/charts/asserts/asserts/README.md b/charts/asserts/asserts/README.md
index a707eb7a1..1a14cc0de 100644
--- a/charts/asserts/asserts/README.md
+++ b/charts/asserts/asserts/README.md
@@ -18,7 +18,20 @@ This chart bootstraps an [Asserts](https://www.asserts.ai) deployment on a [Kube
```bash
helm repo add asserts https://asserts.github.io/helm-charts
helm repo update
-helm upgrade --install asserts asserts/asserts -n asserts --create-namespace
+helm upgrade asserts asserts/asserts \
+ --install \
+ --namespace asserts \
+ --create-namespace
+```
+
+Asserts uses metric label informaton to build the Entity Graph, it will use labels from service meshes (Istio, Linkerd) or from the Asserts eBPF Probe. By default the probe is not enabled, it can be enabled via a values file or from the Helm command line.
+
+```bash
+helm upgrade asserts asserts/asserts \
+ --upgrade \
+ --namespace asserts \
+ --create-namespace \
+ --set ebpfProbe.enabled=true
```
There any many configuration options such as PagerDuty and Slack integrations. These can be configured with a values file.
diff --git a/charts/asserts/asserts/charts/ebpf-probe/Chart.yaml b/charts/asserts/asserts/charts/ebpf-probe/Chart.yaml
index 3cf11c1c2..6107be5b4 100644
--- a/charts/asserts/asserts/charts/ebpf-probe/Chart.yaml
+++ b/charts/asserts/asserts/charts/ebpf-probe/Chart.yaml
@@ -6,4 +6,4 @@ maintainers:
url: https://github.com/asserts
name: ebpf-probe
type: application
-version: 0.1.0
+version: 0.3.0
diff --git a/charts/asserts/asserts/charts/ebpf-probe/templates/daemonset.yaml b/charts/asserts/asserts/charts/ebpf-probe/templates/daemonset.yaml
index c4367c210..3f2d3ca70 100644
--- a/charts/asserts/asserts/charts/ebpf-probe/templates/daemonset.yaml
+++ b/charts/asserts/asserts/charts/ebpf-probe/templates/daemonset.yaml
@@ -29,7 +29,7 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- - name: {{ .Chart.Name }}
+ - name: ebpf-probe
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -52,9 +52,6 @@ spec:
value: "{{ .Values.prometheusEndpoint }}"
- name: "POLL_INTERVAL"
value: "{{ .Values.pollIntervalSeconds }}"
- securityContext:
- privileged: true
- readOnlyRootFilesystem: true
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -75,4 +72,4 @@ spec:
path: /proc
- name: debug
hostPath:
- path: /sys/kernel/debug
\ No newline at end of file
+ path: /sys/kernel/debug
diff --git a/charts/asserts/asserts/templates/config/tsdb-scrape-configmap.yaml b/charts/asserts/asserts/templates/config/tsdb-scrape-configmap.yaml
index 21a5e6f4a..dfd1b13cb 100644
--- a/charts/asserts/asserts/templates/config/tsdb-scrape-configmap.yaml
+++ b/charts/asserts/asserts/templates/config/tsdb-scrape-configmap.yaml
@@ -1114,5 +1114,85 @@ data:
target_label: asserts_env
replacement: asserts
action: replace
- {{- end }}
+ {{- if .Values.ebpfProbe.enabled }}
+ - job_name: {{.Values.ebpfProbe.fullnameOverride}}
+ kubernetes_sd_configs:
+ - namespaces:
+ names:
+ - {{ .Release.Namespace }}
+ role: pod
+ honor_timestamps: true
+ metrics_path: /metrics
+ relabel_configs:
+ - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_name]
+ separator: ;
+ regex: {{.Values.ebpfProbe.fullnameOverride}}
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_label_app_kubernetes_io_instance]
+ separator: ;
+ regex: {{ .Release.Name }}
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_container_port_name]
+ separator: ;
+ regex: http-metrics
+ replacement: $1
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_node_name]
+ regex: (.*)
+ target_label: node
+ replacement: ${1}
+ action: replace
+ - source_labels: [__meta_kubernetes_pod_controller_kind]
+ regex: (.*)
+ target_label: created_by_kind
+ action: replace
+ - source_labels: [__meta_kubernetes_pod_ip]
+ regex: (.*)
+ target_label: pod_ip
+ action: replace
+ - source_labels: [__meta_kubernetes_namespace]
+ separator: ;
+ regex: (.*)
+ target_label: namespace
+ replacement: $1
+ action: replace
+ - source_labels: [__meta_kubernetes_pod_name]
+ separator: ;
+ regex: (.*)
+ target_label: pod
+ replacement: $1
+ action: replace
+ - source_labels: [__meta_kubernetes_pod_container_name]
+ separator: ;
+ regex: (.*)
+ target_label: container
+ replacement: $1
+ action: replace
+ - separator: ;
+ regex: (.*)
+ target_label: endpoint
+ replacement: http-metrics
+ action: replace
+ # add tenant, asserts_env, & asserts_site
+ # to all remaining values metrics if applicable
+ - separator: ;
+ regex: (.*)
+ target_label: tenant
+ replacement: {{ include "asserts.tenant" . }}
+ action: replace
+ # add tenant & asserts_env labels
+ - separator: ;
+ regex: (.*)
+ target_label: tenant
+ replacement: {{ include "asserts.tenant" . }}
+ action: replace
+ - separator: ;
+ regex: (.*)
+ target_label: asserts_env
+ replacement: asserts
+ action: replace
+ {{- end }}
+ {{- end }}
{{- end }}
diff --git a/charts/asserts/asserts/values.yaml b/charts/asserts/asserts/values.yaml
index 1b93e27a1..4a0b7508b 100644
--- a/charts/asserts/asserts/values.yaml
+++ b/charts/asserts/asserts/values.yaml
@@ -1046,7 +1046,7 @@ postgres:
## eBPF probe configuration
## ref: https://github.com/asserts/helm-charts/blob/master/charts/ebpf-probe/values.yaml
-ebpf-probe:
+ebpfProbe:
enabled: false
fullnameOverride: asserts-ebpf-probe
diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock
index 24d6682fe..6b974ed08 100644
--- a/charts/bitnami/airflow/Chart.lock
+++ b/charts/bitnami/airflow/Chart.lock
@@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
- version: 17.8.0
+ version: 17.8.3
- name: postgresql
repository: https://charts.bitnami.com/bitnami
- version: 12.2.1
+ version: 12.2.2
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:f502a35537beec923cea79f6eb39ae3845eb392987e6ed838779a589ebad8689
-generated: "2023-02-27T04:13:57.73922205Z"
+ version: 2.2.4
+digest: sha256:312aa5a59050e0d5a5cf0cc81ba0896aa83945a29b0495349be4067d7cab43c9
+generated: "2023-03-08T11:26:32.336933894Z"
diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml
index a93d395a7..e8063c7f6 100644
--- a/charts/bitnami/airflow/Chart.yaml
+++ b/charts/bitnami/airflow/Chart.yaml
@@ -38,4 +38,4 @@ name: airflow
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/airflow
- https://airflow.apache.org/
-version: 14.0.13
+version: 14.0.14
diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md
index 628bc15e7..6c1c2a190 100644
--- a/charts/bitnami/airflow/README.md
+++ b/charts/bitnami/airflow/README.md
@@ -90,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and
| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` |
| `dags.image.registry` | Init container load-dags image registry | `docker.io` |
| `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` |
-| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r94` |
| `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` |
| `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` |
@@ -109,7 +109,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- |
| `web.image.registry` | Airflow image registry | `docker.io` |
| `web.image.repository` | Airflow image repository | `bitnami/airflow` |
-| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r13` |
+| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r16` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
@@ -184,7 +184,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` |
-| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r14` |
+| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r17` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
@@ -238,7 +238,7 @@ The command removes all the Kubernetes components associated with the chart and
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
| `worker.image.registry` | Airflow Worker image registry | `docker.io` |
| `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` |
-| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r14` |
+| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r17` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
@@ -318,7 +318,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
| `git.image.registry` | Git image registry | `docker.io` |
| `git.image.repository` | Git image repository | `bitnami/git` |
-| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.2-debian-11-r5` |
+| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.2-debian-11-r8` |
| `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
| `git.image.pullSecrets` | Git image pull secrets | `[]` |
@@ -410,7 +410,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `docker.io` |
| `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` |
-| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r96` |
+| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r99` |
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
@@ -483,6 +483,8 @@ The command removes all the Kubernetes components associated with the chart and
| `externalRedis.existingSecret` | Name of an existing secret resource containing the Redis&trade credentials | `""` |
| `externalRedis.existingSecretPasswordKey` | Name of an existing secret key containing the Redis&trade credentials | `""` |
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
```console
helm install my-release \
--set auth.username=my-user \
diff --git a/charts/bitnami/airflow/charts/common/Chart.yaml b/charts/bitnami/airflow/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/airflow/charts/common/Chart.yaml
+++ b/charts/bitnami/airflow/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/airflow/charts/common/README.md b/charts/bitnami/airflow/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/airflow/charts/common/README.md
+++ b/charts/bitnami/airflow/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/airflow/charts/common/templates/_images.tpl b/charts/bitnami/airflow/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/airflow/charts/common/templates/_images.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/Chart.yaml
index a6978bf71..9e7eb9389 100644
--- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml
@@ -28,4 +28,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
-version: 12.2.1
+version: 12.2.2
diff --git a/charts/bitnami/airflow/charts/postgresql/README.md b/charts/bitnami/airflow/charts/postgresql/README.md
index 9c78c66f5..55048e985 100644
--- a/charts/bitnami/airflow/charts/postgresql/README.md
+++ b/charts/bitnami/airflow/charts/postgresql/README.md
@@ -100,18 +100,18 @@ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
-| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r2` |
+| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r5` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
-| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""` |
+| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` |
| `auth.username` | Name for a custom user to create | `""` |
-| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided | `""` |
+| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` |
| `auth.database` | Name for a custom database to create | `""` |
| `auth.replicationUsername` | Name of the replication user | `repl_user` |
-| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided | `""` |
+| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` |
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
@@ -377,7 +377,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -405,7 +405,7 @@ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
-| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r60` |
+| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r64` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
@@ -458,7 +458,6 @@ kubectl delete pvc -l release=my-release
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
-
```console
helm install my-release \
--set auth.postgresPassword=secretpassword
diff --git a/charts/bitnami/airflow/charts/postgresql/templates/NOTES.txt b/charts/bitnami/airflow/charts/postgresql/templates/NOTES.txt
index 10642277f..21b3d29d0 100644
--- a/charts/bitnami/airflow/charts/postgresql/templates/NOTES.txt
+++ b/charts/bitnami/airflow/charts/postgresql/templates/NOTES.txt
@@ -39,17 +39,17 @@ PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on
To get the password for "postgres" run:
- export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.postgres-password}" | base64 -d)
+ export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.adminPasswordKey" .}}}" | base64 -d)
To get the password for "{{ $customUser }}" run:
- export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.password}" | base64 -d)
+ export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.userPasswordKey" .}}}" | base64 -d)
{{- else }}
To get the password for "{{ default "postgres" $customUser }}" run:
- export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d)
+ export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" (include "postgresql.adminPasswordKey" .) (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d)
{{- end }}
diff --git a/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml b/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml
index b650edf48..bbd03d6a0 100644
--- a/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml
@@ -2,11 +2,11 @@
{{- $port := include "postgresql.service.port" . }}
{{- $postgresPassword := "" }}
{{- if .Values.auth.enablePostgresUser }}
-{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }}
+{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }}
{{- end }}
{{- $replicationPassword := "" }}
{{- if eq .Values.architecture "replication" }}
-{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
+{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.replicationPasswordKey "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
{{- end }}
{{- $ldapPassword := "" }}
{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
@@ -15,7 +15,7 @@
{{- $customUser := include "postgresql.username" . }}
{{- $password := "" }}
{{- if not (empty (include "postgresql.username" .)) }}
-{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
+{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
{{- end }}
{{- $database := include "postgresql.database" . }}
{{- if (include "postgresql.createSecret" .) }}
diff --git a/charts/bitnami/airflow/charts/postgresql/values.yaml b/charts/bitnami/airflow/charts/postgresql/values.yaml
index a489ecfb6..f770b9878 100644
--- a/charts/bitnami/airflow/charts/postgresql/values.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/values.yaml
@@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
- tag: 15.2.0-debian-11-r2
+ tag: 15.2.0-debian-11-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -122,13 +122,13 @@ auth:
## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
##
enablePostgresUser: true
- ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
+ ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided
##
postgresPassword: ""
## @param auth.username Name for a custom user to create
##
username: ""
- ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided
+ ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided
##
password: ""
## @param auth.database Name for a custom database to create
@@ -137,7 +137,7 @@ auth:
## @param auth.replicationUsername Name of the replication user
##
replicationUsername: repl_user
- ## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided
+ ## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` is provided
##
replicationPassword: ""
## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
@@ -1136,7 +1136,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r86
+ tag: 11-debian-11-r90
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1231,7 +1231,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
- tag: 0.11.1-debian-11-r60
+ tag: 0.11.1-debian-11-r64
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/airflow/charts/redis/Chart.yaml b/charts/bitnami/airflow/charts/redis/Chart.yaml
index a851ee621..3929f9aac 100644
--- a/charts/bitnami/airflow/charts/redis/Chart.yaml
+++ b/charts/bitnami/airflow/charts/redis/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Database
licenses: Apache-2.0
apiVersion: v2
-appVersion: 7.0.8
+appVersion: 7.0.9
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
@@ -24,4 +24,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis
-version: 17.8.0
+version: 17.8.3
diff --git a/charts/bitnami/airflow/charts/redis/README.md b/charts/bitnami/airflow/charts/redis/README.md
index 95cf0832f..17bca708a 100644
--- a/charts/bitnami/airflow/charts/redis/README.md
+++ b/charts/bitnami/airflow/charts/redis/README.md
@@ -95,15 +95,15 @@ The command removes all the Kubernetes components associated with the chart and
### Redis® Image parameters
-| Name | Description | Value |
-| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
-| `image.registry` | Redis® image registry | `docker.io` |
-| `image.repository` | Redis® image repository | `bitnami/redis` |
-| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.8-debian-11-r13` |
-| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` |
-| `image.pullSecrets` | Redis® image pull secrets | `[]` |
-| `image.debug` | Enable image debug mode | `false` |
+| Name | Description | Value |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- |
+| `image.registry` | Redis® image registry | `docker.io` |
+| `image.repository` | Redis® image repository | `bitnami/redis` |
+| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.9-debian-11-r1` |
+| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Redis® image pull secrets | `[]` |
+| `image.debug` | Enable image debug mode | `false` |
### Redis® common configuration parameters
@@ -196,6 +196,7 @@ The command removes all the Kubernetes components associated with the chart and
| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `master.persistence.size` | Persistent Volume size | `8Gi` |
| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
+| `master.persistence.labels` | Additional custom labels for the PVC | `{}` |
| `master.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `master.persistence.dataSource` | Custom PVC data source | `{}` |
| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
@@ -298,6 +299,7 @@ The command removes all the Kubernetes components associated with the chart and
| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `replica.persistence.size` | Persistent Volume size | `8Gi` |
| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
+| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` |
| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `replica.persistence.dataSource` | Custom PVC data source | `{}` |
| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
@@ -331,7 +333,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` |
| `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` |
-| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.8-debian-11-r12` |
+| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.9-debian-11-r0` |
| `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` |
@@ -381,6 +383,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `sentinel.persistence.size` | Persistent Volume size | `100Mi` |
| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
+| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` |
| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` |
| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
@@ -446,7 +449,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` |
| `metrics.image.registry` | Redis® Exporter image registry | `docker.io` |
| `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` |
-| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.46.0-debian-11-r6` |
+| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.47.0-debian-11-r1` |
| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` |
@@ -511,7 +514,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r87` |
+| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r92` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@@ -521,7 +524,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` |
| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r87` |
+| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r92` |
| `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
diff --git a/charts/bitnami/airflow/charts/redis/templates/health-configmap.yaml b/charts/bitnami/airflow/charts/redis/templates/health-configmap.yaml
index 41f3145d3..e606ace53 100644
--- a/charts/bitnami/airflow/charts/redis/templates/health-configmap.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/health-configmap.yaml
@@ -17,7 +17,7 @@ data:
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
@@ -47,7 +47,7 @@ data:
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
@@ -81,7 +81,7 @@ data:
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
{{- end }}
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h localhost \
{{- if .Values.tls.enabled }}
@@ -127,7 +127,7 @@ data:
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
@@ -155,7 +155,7 @@ data:
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
- timeout -s 3 $1 \
+ timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
diff --git a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
index e6388e2fa..9c05393e7 100644
--- a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
@@ -499,6 +499,9 @@ spec:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: master
+ {{- if .Values.master.persistence.labels }}
+ {{- toYaml .Values.master.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.master.persistence.annotations }}
annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }}
{{- end }}
diff --git a/charts/bitnami/airflow/charts/redis/templates/master/pvc.yaml b/charts/bitnami/airflow/charts/redis/templates/master/pvc.yaml
index e5fddb034..ee2691ac4 100644
--- a/charts/bitnami/airflow/charts/redis/templates/master/pvc.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/master/pvc.yaml
@@ -6,6 +6,9 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: master
+ {{- if .Values.master.persistence.labels }}
+ {{- toYaml .Values.master.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.master.persistence.annotations }}
annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }}
{{- end }}
diff --git a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
index 406bce136..f94594316 100644
--- a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
@@ -496,6 +496,9 @@ spec:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: replica
+ {{- if .Values.replica.persistence.labels }}
+ {{- toYaml .Values.replica.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.replica.persistence.annotations }}
annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }}
{{- end }}
diff --git a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
index af563850a..39a0ae3b7 100644
--- a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
@@ -753,6 +753,9 @@ spec:
name: sentinel-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: node
+ {{- if .Values.sentinel.persistence.labels }}
+ {{- toYaml .Values.sentinel.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.sentinel.persistence.annotations }}
annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }}
{{- end }}
diff --git a/charts/bitnami/airflow/charts/redis/values.yaml b/charts/bitnami/airflow/charts/redis/values.yaml
index d5e44b619..8fa7f0bdc 100644
--- a/charts/bitnami/airflow/charts/redis/values.yaml
+++ b/charts/bitnami/airflow/charts/redis/values.yaml
@@ -82,7 +82,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
- tag: 7.0.8-debian-11-r13
+ tag: 7.0.9-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -446,6 +446,9 @@ master:
## @param master.persistence.annotations Additional custom annotations for the PVC
##
annotations: {}
+ ## @param master.persistence.labels Additional custom labels for the PVC
+ ##
+ labels: {}
## @param master.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
@@ -860,6 +863,9 @@ replica:
## @param replica.persistence.annotations Additional custom annotations for the PVC
##
annotations: {}
+ ## @param replica.persistence.labels Additional custom labels for the PVC
+ ##
+ labels: {}
## @param replica.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
@@ -989,7 +995,7 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
- tag: 7.0.8-debian-11-r12
+ tag: 7.0.9-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1148,6 +1154,9 @@ sentinel:
## @param sentinel.persistence.annotations Additional custom annotations for the PVC
##
annotations: {}
+ ## @param sentinel.persistence.labels Additional custom labels for the PVC
+ ##
+ labels: {}
## @param sentinel.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
@@ -1419,7 +1428,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/redis-exporter
- tag: 1.46.0-debian-11-r6
+ tag: 1.47.0-debian-11-r1
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1670,7 +1679,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r87
+ tag: 11-debian-11-r92
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1718,7 +1727,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r87
+ tag: 11-debian-11-r92
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml
index 35f3a1bf6..422d4c6e5 100644
--- a/charts/bitnami/airflow/values.yaml
+++ b/charts/bitnami/airflow/values.yaml
@@ -118,7 +118,7 @@ dags:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -185,7 +185,7 @@ web:
image:
registry: docker.io
repository: bitnami/airflow
- tag: 2.5.1-debian-11-r13
+ tag: 2.5.1-debian-11-r16
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -443,7 +443,7 @@ scheduler:
image:
registry: docker.io
repository: bitnami/airflow-scheduler
- tag: 2.5.1-debian-11-r14
+ tag: 2.5.1-debian-11-r17
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -647,7 +647,7 @@ worker:
image:
registry: docker.io
repository: bitnami/airflow-worker
- tag: 2.5.1-debian-11-r14
+ tag: 2.5.1-debian-11-r17
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -920,7 +920,7 @@ git:
image:
registry: docker.io
repository: bitnami/git
- tag: 2.39.2-debian-11-r5
+ tag: 2.39.2-debian-11-r8
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1283,7 +1283,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/airflow-exporter
- tag: 0.20220314.0-debian-11-r96
+ tag: 0.20220314.0-debian-11-r99
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml
index faf6c2794..7aa88b736 100644
--- a/charts/bitnami/cassandra/Chart.yaml
+++ b/charts/bitnami/cassandra/Chart.yaml
@@ -29,4 +29,4 @@ name: cassandra
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/cassandra
- http://cassandra.apache.org
-version: 10.0.4
+version: 10.1.0
diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md
index c6c2622ec..350d5ba08 100644
--- a/charts/bitnami/cassandra/README.md
+++ b/charts/bitnami/cassandra/README.md
@@ -206,6 +206,7 @@ The command removes all the Kubernetes components associated with the chart and
| `service.annotations` | Provide any additional annotations which may be required. | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
@@ -290,6 +291,8 @@ The command removes all the Kubernetes components associated with the chart and
| `tls.certificatesSecret` | Secret with the TLS certificates. | `""` |
| `tls.tlsEncryptionSecretName` | Secret with the encryption of the TLS certificates | `""` |
+The above parameters map to the env variables defined in [bitnami/cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra). For more information please refer to the [bitnami/cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) image documentation.
+
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
@@ -462,4 +465,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/cassandra/templates/headless-svc.yaml b/charts/bitnami/cassandra/templates/headless-svc.yaml
index 0a3ee2741..1c335b72f 100644
--- a/charts/bitnami/cassandra/templates/headless-svc.yaml
+++ b/charts/bitnami/cassandra/templates/headless-svc.yaml
@@ -7,13 +7,13 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
- {{- if or .Values.service.annotations .Values.commonAnnotations }}
+ {{- if or .Values.service.headless.annotations .Values.commonAnnotations }}
annotations:
- {{- if .Values.service.annotations }}
- {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
+ {{- if .Values.service.headless.annotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.service.headless.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
- {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
diff --git a/charts/bitnami/cassandra/templates/statefulset.yaml b/charts/bitnami/cassandra/templates/statefulset.yaml
index ae7b893f4..48c5a2db3 100644
--- a/charts/bitnami/cassandra/templates/statefulset.yaml
+++ b/charts/bitnami/cassandra/templates/statefulset.yaml
@@ -523,7 +523,8 @@ spec:
secretName: {{ include "cassandra.tlsSecretName" . }}
defaultMode: 256
- name: certs-shared
- emptyDir: {}
+ emptyDir:
+ sizeLimit: 500Mi
{{- end }}
{{- if .Values.existingConfiguration }}
- name: configurations
diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml
index ba0b3fa17..adff85477 100644
--- a/charts/bitnami/cassandra/values.yaml
+++ b/charts/bitnami/cassandra/values.yaml
@@ -521,6 +521,12 @@ service:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param service.headless.annotations Annotations for the headless service.
+ ##
+ annotations: {}
## Network policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml
index 6ede27f8b..b5a2f8e62 100644
--- a/charts/bitnami/kafka/Chart.yaml
+++ b/charts/bitnami/kafka/Chart.yaml
@@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
-version: 21.2.0
+version: 21.3.1
diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md
index 8529911c4..b863f7d7b 100644
--- a/charts/bitnami/kafka/README.md
+++ b/charts/bitnami/kafka/README.md
@@ -121,6 +121,7 @@ The command removes all the Kubernetes components associated with the chart and
| `auth.clientProtocol` | Authentication protocol for communications with clients. Allowed protocols: `plaintext`, `tls`, `mtls`, `sasl` and `sasl_tls` | `plaintext` |
| `auth.externalClientProtocol` | Authentication protocol for communications with external clients. Defaults to value of `auth.clientProtocol`. Allowed protocols: `plaintext`, `tls`, `mtls`, `sasl` and `sasl_tls` | `""` |
| `auth.interBrokerProtocol` | Authentication protocol for inter-broker communications. Allowed protocols: `plaintext`, `tls`, `mtls`, `sasl` and `sasl_tls` | `plaintext` |
+| `auth.controllerProtocol` | Controller protocol. It is used with Kraft mode only. | `plaintext` |
| `auth.sasl.mechanisms` | SASL mechanisms when either `auth.interBrokerProtocol`, `auth.clientProtocol` or `auth.externalClientProtocol` are `sasl`. Allowed types: `plain`, `scram-sha-256`, `scram-sha-512` | `plain,scram-sha-256,scram-sha-512` |
| `auth.sasl.interBrokerMechanism` | SASL mechanism for inter broker communication. | `plain` |
| `auth.sasl.jaas.clientUsers` | Kafka client user list | `["user"]` |
@@ -170,6 +171,7 @@ The command removes all the Kubernetes components associated with the chart and
| `containerPorts.client` | Kafka client container port | `9092` |
| `containerPorts.internal` | Kafka inter-broker container port | `9093` |
| `containerPorts.external` | Kafka external container port | `9094` |
+| `containerPorts.controller` | Kafka Controller listener port. It is used if "kraft.enabled: true" | `9095` |
| `livenessProbe.enabled` | Enable livenessProbe on Kafka containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
@@ -466,11 +468,21 @@ The command removes all the Kubernetes components associated with the chart and
| `provisioning.initContainers` | Add additional Add init containers to the Kafka provisioning pod(s) | `[]` |
| `provisioning.waitForKafka` | If true use an init container to wait until kafka is ready before starting provisioning | `true` |
+### Kraft chart parameters
+
+| Name | Description | Value |
+| ------------------------------- | --------------------------------------------------------------------------------------- | ------------------------ |
+| `kraft.enabled` | Switch to enable or disable the Kraft mode for Kafka | `false` |
+| `kraft.processRoles` | Roles of your Kafka nodes. Nodes can have 'broker', 'controller' roles or both of them. | `broker,controller` |
+| `kraft.controllerListenerNames` | Controller listener names | `CONTROLLER` |
+| `kraft.clusterId` | Kafka ClusterID. You must set it if your cluster contains more than one node. | `kafka_cluster_id_test1` |
+| `kraft.controllerQuorumVoters` | Quorum voters of Kafka Kraft cluster. Use it for nodes with 'broker' role only. | `""` |
+
### ZooKeeper chart parameters
| Name | Description | Value |
| --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
-| `zookeeper.enabled` | Switch to enable or disable the ZooKeeper helm chart | `true` |
+| `zookeeper.enabled` | Switch to enable or disable the ZooKeeper helm chart. Must be false if you use Kraft mode. | `true` |
| `zookeeper.replicaCount` | Number of ZooKeeper nodes | `1` |
| `zookeeper.auth.client.enabled` | Enable ZooKeeper auth | `false` |
| `zookeeper.auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` |
@@ -481,8 +493,7 @@ The command removes all the Kubernetes components associated with the chart and
| `zookeeper.persistence.storageClass` | Persistent Volume storage class | `""` |
| `zookeeper.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `zookeeper.persistence.size` | Persistent Volume size | `8Gi` |
-| `externalZookeeper.servers` | List of external zookeeper servers to use. Typically used in combination with 'zookeeperChrootPath'. | `[]` |
-
+| `externalZookeeper.servers` | List of external zookeeper servers to use. Typically used in combination with 'zookeeperChrootPath'. Must be empty if you use Kraft mode. | `[]` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -1038,4 +1049,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/kafka/templates/_helpers.tpl b/charts/bitnami/kafka/templates/_helpers.tpl
index 51ec867d5..f36925013 100644
--- a/charts/bitnami/kafka/templates/_helpers.tpl
+++ b/charts/bitnami/kafka/templates/_helpers.tpl
@@ -383,6 +383,9 @@ Compile all warnings into a single message, and call fail.
{{- $messages := append $messages (include "kafka.validateValues.tlsSecrets" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.tlsSecrets.length" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.tlsPasswords" .) -}}
+{{- $messages := append $messages (include "kafka.validateValues.kraftMode" .) -}}
+{{- $messages := append $messages (include "kafka.validateValues.ClusterIdDefinedIfKraft" .) -}}
+{{- $messages := append $messages (include "kafka.validateValues.controllerQuorumVotersDefinedIfKraft" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
@@ -507,3 +510,29 @@ kafka: auth.tls.keyPasswordSecretKey,auth.tls.keystorePasswordSecretKey,auth.tls
{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/* Validate values of Kafka Kraft mode. It cannot be used with zookeeper */}}
+{{- define "kafka.validateValues.kraftMode" -}}
+{{- $externalZKlen := len .Values.externalZookeeper.servers}}
+{{- if and .Values.kraft.enabled (or .Values.zookeeper.enabled (gt $externalZKlen 0)) }}
+kafka: Kraft mode
+ You cannot use Kraft mode and Zookeeper at the same time. They are mutually exclusive. Disable zookeeper in '.Values.zookeeper.enabled' and delete values from '.Values.externalZookeeper.servers' if you want to use Kraft mode
+{{- end -}}
+{{- end -}}
+
+{{/* Validate ClusterId value. It must be defined if Kraft mode is used. */}}
+{{- define "kafka.validateValues.ClusterIdDefinedIfKraft" -}}
+{{- if and .Values.kraft.enabled (not .Values.kraft.clusterId) (gt (int .Values.replicaCount) 1) }}
+kafka: Kraft mode
+ .Values.kraft.clusterId must not be empty if .Values.kraft.enabled set to true and .Values.replicaCount > 1.
+{{- end -}}
+{{- end -}}
+
+{{/* Validate controllerQuorumVoters value. It must be defined if it is broker-only deployment. */}}
+{{- define "kafka.validateValues.controllerQuorumVotersDefinedIfKraft" -}}
+{{- if and .Values.kraft.enabled (not .Values.kraft.controllerQuorumVoters) (not (contains "controller" .Values.kraft.processRoles)) }}
+kafka: Kraft mode
+ .Values.kraft.controllerQuorumVoters must not be empty if .Values.kraft.enabled set to true and .Values.kraft.processRoles does not contain "controller".
+ If you deploy brokers without controllers you have to define external controllers with .Values.kraft.controllerQuorumVoters
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/bitnami/kafka/templates/scripts-configmap.yaml b/charts/bitnami/kafka/templates/scripts-configmap.yaml
index 57e125053..db3d6c229 100644
--- a/charts/bitnami/kafka/templates/scripts-configmap.yaml
+++ b/charts/bitnami/kafka/templates/scripts-configmap.yaml
@@ -76,12 +76,35 @@ data:
#!/bin/bash
ID="${MY_POD_NAME#"{{ $fullname }}-"}"
+ # If process.roles is not set at all, it is assumed to be in ZooKeeper mode.
+ # https://kafka.apache.org/documentation/#kraft_role
+
if [[ -f "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" ]]; then
- export KAFKA_CFG_BROKER_ID="$(grep "broker.id" "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" | awk -F '=' '{print $2}')"
+ if [[ $KAFKA_CFG_PROCESS_ROLES == "" ]]; then
+ export KAFKA_CFG_BROKER_ID="$(grep "broker.id" "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" | awk -F '=' '{print $2}')"
+ else
+ export KAFKA_CFG_BROKER_ID="$(grep "node.id" "{{ .Values.logsDirs | splitList "," | first }}/meta.properties" | awk -F '=' '{print $2}')"
+ fi
else
export KAFKA_CFG_BROKER_ID="$((ID + {{ .Values.minBrokerId }}))"
fi
+ if [[ $KAFKA_CFG_PROCESS_ROLES == *"controller"* ]]; then
+ node_id={{ .Values.minBrokerId }}
+ pod_id=0
+ while :
+ do
+ VOTERS="${VOTERS}$node_id@{{ include "common.names.fullname" . }}-$pod_id.{{ include "common.names.fullname" . }}-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.controller }}"
+ node_id=$(( $node_id + 1 ))
+ pod_id=$(( $pod_id + 1 ))
+ if [[ $pod_id -ge {{ .Values.replicaCount }} ]]; then
+ break
+ else
+ VOTERS="$VOTERS,"
+ fi
+ done
+ export KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=$VOTERS
+ fi
{{- if eq .Values.brokerRackAssignment "aws-az" }}
export KAFKA_CFG_BROKER_RACK=$(curl "http://169.254.169.254/latest/meta-data/placement/availability-zone-id")
{{- end }}
diff --git a/charts/bitnami/kafka/templates/statefulset.yaml b/charts/bitnami/kafka/templates/statefulset.yaml
index 9532a5734..2e7adc547 100644
--- a/charts/bitnami/kafka/templates/statefulset.yaml
+++ b/charts/bitnami/kafka/templates/statefulset.yaml
@@ -4,6 +4,7 @@
{{- $clusterDomain := .Values.clusterDomain }}
{{- $interBrokerProtocol := include "kafka.listenerType" (dict "protocol" .Values.auth.interBrokerProtocol) -}}
{{- $clientProtocol := include "kafka.listenerType" (dict "protocol" .Values.auth.clientProtocol) -}}
+{{- $controllerProtocol := include "kafka.listenerType" (dict "protocol" .Values.auth.controllerProtocol) -}}
{{- $externalClientProtocol := include "kafka.listenerType" (dict "protocol" (include "kafka.externalClientProtocol" . )) -}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
@@ -187,9 +188,17 @@ spec:
{{- if .Values.listenerSecurityProtocolMap }}
value: {{ .Values.listenerSecurityProtocolMap | quote }}
{{- else if .Values.externalAccess.enabled }}
+ {{- if .Values.kraft.enabled }}
+ value: "INTERNAL:{{ $interBrokerProtocol }},CLIENT:{{ $clientProtocol }},CONTROLLER:{{ $controllerProtocol }},EXTERNAL:{{ $externalClientProtocol }}"
+ {{- else }}
value: "INTERNAL:{{ $interBrokerProtocol }},CLIENT:{{ $clientProtocol }},EXTERNAL:{{ $externalClientProtocol }}"
+ {{- end}}
{{- else }}
+ {{- if .Values.kraft.enabled }}
+ value: "INTERNAL:{{ $interBrokerProtocol }},CLIENT:{{ $clientProtocol }},CONTROLLER:{{ $controllerProtocol }}"
+ {{- else }}
value: "INTERNAL:{{ $interBrokerProtocol }},CLIENT:{{ $clientProtocol }}"
+ {{- end }}
{{- end }}
{{- if or ($clientProtocol | regexFind "SASL") ($externalClientProtocol | regexFind "SASL") ($interBrokerProtocol | regexFind "SASL") .Values.auth.sasl.jaas.zookeeperUser }}
- name: KAFKA_CFG_SASL_ENABLED_MECHANISMS
@@ -201,9 +210,17 @@ spec:
{{- if .Values.listeners }}
value: {{ join "," .Values.listeners }}
{{- else if .Values.externalAccess.enabled }}
+ {{- if .Values.kraft.enabled }}
+ value: "INTERNAL://:{{ .Values.containerPorts.internal }},CLIENT://:{{ .Values.containerPorts.client }},CONTROLLER://:{{ .Values.containerPorts.controller }},EXTERNAL://:{{ .Values.containerPorts.external }}"
+ {{- else }}
value: "INTERNAL://:{{ .Values.containerPorts.internal }},CLIENT://:{{ .Values.containerPorts.client }},EXTERNAL://:{{ .Values.containerPorts.external }}"
+ {{- end }}
{{- else }}
+ {{- if .Values.kraft.enabled }}
+ value: "INTERNAL://:{{ .Values.containerPorts.internal }},CLIENT://:{{ .Values.containerPorts.client }},CONTROLLER://:{{ .Values.containerPorts.controller }}"
+ {{- else }}
value: "INTERNAL://:{{ .Values.containerPorts.internal }},CLIENT://:{{ .Values.containerPorts.client }}"
+ {{- end }}
{{- end }}
{{- if .Values.externalAccess.enabled }}
{{- if .Values.externalAccess.autoDiscovery.enabled }}
@@ -354,6 +371,20 @@ spec:
value: {{ .Values.allowEveryoneIfNoAclFound | quote }}
- name: KAFKA_CFG_SUPER_USERS
value: {{ .Values.superUsers | quote }}
+ {{- if .Values.kraft.enabled }}
+ - name: KAFKA_KRAFT_CLUSTER_ID
+ value: {{ .Values.kraft.clusterId | quote }}
+ - name: KAFKA_CFG_PROCESS_ROLES
+ value: {{ .Values.kraft.processRoles | quote }}
+ - name: KAFKA_CFG_CONTROLLER_LISTENER_NAMES
+ value: {{ .Values.kraft.controllerListenerNames | quote }}
+ - name: KAFKA_ENABLE_KRAFT
+ value: "true"
+ {{- if .Values.kraft.controllerQuorumVoters }}
+ - name: KAFKA_CFG_CONTROLLER_QUORUM_VOTERS
+ value: {{ .Values.kraft.controllerQuorumVoters}}
+ {{- end }}
+ {{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
@@ -377,6 +408,10 @@ spec:
- name: kafka-external
containerPort: {{ .Values.containerPorts.external }}
{{- end }}
+ {{- if and .Values.kraft.enabled (contains "controller" .Values.kraft.processRoles) }}
+ - name: kafka-ctlr
+ containerPort: {{ .Values.containerPorts.controller }}
+ {{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
diff --git a/charts/bitnami/kafka/templates/svc-headless.yaml b/charts/bitnami/kafka/templates/svc-headless.yaml
index af462126a..8611308da 100644
--- a/charts/bitnami/kafka/templates/svc-headless.yaml
+++ b/charts/bitnami/kafka/templates/svc-headless.yaml
@@ -33,5 +33,11 @@ spec:
port: {{ .Values.service.ports.internal }}
protocol: TCP
targetPort: kafka-internal
+ {{- if and .Values.kraft.enabled (contains "controller" .Values.kraft.processRoles) }}
+ - name: tcp-controller
+ protocol: TCP
+ port: {{ .Values.containerPorts.controller }}
+ targetPort: kafka-ctlr
+ {{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: kafka
diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml
index 174aa1190..d0ab66664 100644
--- a/charts/bitnami/kafka/values.yaml
+++ b/charts/bitnami/kafka/values.yaml
@@ -244,6 +244,9 @@ auth:
# https://github.com/bitnami/charts/pull/8902/
externalClientProtocol: ""
interBrokerProtocol: plaintext
+ ## @param auth.controllerProtocol Controller protocol. It is used with Kraft mode only.
+ ##
+ controllerProtocol: plaintext
## SASL configuration
##
sasl:
@@ -446,11 +449,13 @@ brokerRackAssignment: ""
## @param containerPorts.client Kafka client container port
## @param containerPorts.internal Kafka inter-broker container port
## @param containerPorts.external Kafka external container port
+## @param containerPorts.controller Kafka Controller listener port. It is used if "kraft.enabled: true"
##
containerPorts:
client: 9092
internal: 9093
external: 9094
+ controller: 9095
## Configure extra options for Kafka containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe on Kafka containers
@@ -1717,6 +1722,31 @@ provisioning:
##
waitForKafka: true
+## @section Kraft chart parameters
+
+## Kraft configuration
+## Kafka mode without Zookeeper. Kafka nodes can work as controllers in this mode.
+##
+kraft:
+ ## @param kraft.enabled Switch to enable or disable the Kraft mode for Kafka
+ ##
+ enabled: false
+ ## @param kraft.processRoles Roles of your Kafka nodes. Nodes can have 'broker', 'controller' roles or both of them.
+ ##
+ processRoles: broker,controller
+ ## @param kraft.controllerListenerNames Controller listener names
+ ##
+ controllerListenerNames: CONTROLLER
+ ## @param kraft.clusterId Kafka ClusterID. You must set it if your cluster contains more than one node.
+ ## Generate with `cat /proc/sys/kernel/random/uuid | tr -d '-' | base64 | cut -b 1-22`. Run `export LC_ALL=C` before if you generate it on MacOS.
+ ## Example: k2yipv1sRue7z2_Y3o976A
+ ##
+ clusterId: "kafka_cluster_id_test1"
+ ## @param kraft.controllerQuorumVoters Quorum voters of Kafka Kraft cluster. Use it for nodes with 'broker' role only.
+ ## Example: 1@controller1.example.com:9095,2@controller2.example.com:9095
+ ##
+ controllerQuorumVoters: ""
+
## @section ZooKeeper chart parameters
##
@@ -1724,7 +1754,7 @@ provisioning:
## https://github.com/bitnami/charts/blob/main/bitnami/zookeeper/values.yaml
##
zookeeper:
- ## @param zookeeper.enabled Switch to enable or disable the ZooKeeper helm chart
+ ## @param zookeeper.enabled Switch to enable or disable the ZooKeeper helm chart. Must be false if you use Kraft mode.
##
enabled: true
## @param zookeeper.replicaCount Number of ZooKeeper nodes
@@ -1767,6 +1797,6 @@ zookeeper:
## All of these values are only used if `zookeeper.enabled=false`
##
externalZookeeper:
- ## @param externalZookeeper.servers List of external zookeeper servers to use. Typically used in combination with 'zookeeperChrootPath'.
+ ## @param externalZookeeper.servers List of external zookeeper servers to use. Typically used in combination with 'zookeeperChrootPath'. Must be empty if you use Kraft mode.
##
servers: []
diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml
index 3a8b401df..34fa406c4 100644
--- a/charts/bitnami/mariadb/Chart.yaml
+++ b/charts/bitnami/mariadb/Chart.yaml
@@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
-version: 11.5.1
+version: 11.5.3
diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md
index 44c3cfde2..c77223837 100644
--- a/charts/bitnami/mariadb/README.md
+++ b/charts/bitnami/mariadb/README.md
@@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
-| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r6` |
+| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r9` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -172,6 +172,7 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
+| `primary.persistence.labels` | Labels for the PVC | `{}` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
@@ -264,6 +265,7 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
+| `secondary.persistence.labels` | Labels for the PVC | `{}` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
@@ -306,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r94` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -320,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
-| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r94` |
+| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -378,7 +380,6 @@ The command removes all the Kubernetes components associated with the chart and
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
-
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -556,4 +557,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/mariadb/templates/primary/statefulset.yaml b/charts/bitnami/mariadb/templates/primary/statefulset.yaml
index fd2608900..b1605df17 100644
--- a/charts/bitnami/mariadb/templates/primary/statefulset.yaml
+++ b/charts/bitnami/mariadb/templates/primary/statefulset.yaml
@@ -379,6 +379,9 @@ spec:
{{- if .Values.primary.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.primary.persistence.annotations "context" $ ) | nindent 10 }}
{{- end }}
+ {{- if .Values.primary.persistence.labels }}
+ labels: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
spec:
accessModes:
{{- range .Values.primary.persistence.accessModes }}
diff --git a/charts/bitnami/mariadb/templates/secondary/statefulset.yaml b/charts/bitnami/mariadb/templates/secondary/statefulset.yaml
index c88d4ad6f..568bf7ff4 100644
--- a/charts/bitnami/mariadb/templates/secondary/statefulset.yaml
+++ b/charts/bitnami/mariadb/templates/secondary/statefulset.yaml
@@ -349,6 +349,9 @@ spec:
{{- if .Values.secondary.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.persistence.annotations "context" $ ) | nindent 10 }}
{{- end }}
+ {{- if .Values.primary.persistence.labels }}
+ labels: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
spec:
accessModes:
{{- range .Values.secondary.persistence.accessModes }}
diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml
index da1db2a2b..7918eac9f 100644
--- a/charts/bitnami/mariadb/values.yaml
+++ b/charts/bitnami/mariadb/values.yaml
@@ -87,7 +87,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
- tag: 10.6.12-debian-11-r6
+ tag: 10.6.12-debian-11-r9
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -458,6 +458,9 @@ primary:
## GKE, AWS & OpenStack)
##
storageClass: ""
+ ## @param primary.persistence.labels Labels for the PVC
+ ##
+ labels: {}
## @param primary.persistence.annotations MariaDB primary persistent volume claim annotations
##
annotations: {}
@@ -847,6 +850,9 @@ secondary:
## GKE, AWS & OpenStack)
##
storageClass: ""
+ ## @param secondary.persistence.labels Labels for the PVC
+ ##
+ labels: {}
## @param secondary.persistence.annotations MariaDB secondary persistent volume claim annotations
##
annotations: {}
@@ -995,7 +1001,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@@ -1031,7 +1037,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
- tag: 0.14.0-debian-11-r94
+ tag: 0.14.0-debian-11-r96
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml
index 14fa558df..26845b44e 100644
--- a/charts/bitnami/mysql/Chart.yaml
+++ b/charts/bitnami/mysql/Chart.yaml
@@ -30,4 +30,4 @@ name: mysql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mysql
- https://mysql.com
-version: 9.5.1
+version: 9.6.0
diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md
index cfef9df77..1a3cdd800 100644
--- a/charts/bitnami/mysql/README.md
+++ b/charts/bitnami/mysql/README.md
@@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MySQL image registry | `docker.io` |
| `image.repository` | MySQL image repository | `bitnami/mysql` |
-| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.32-debian-11-r11` |
+| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.32-debian-11-r14` |
| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -161,6 +161,7 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` |
+| `primary.extraPorts` | Extra ports to expose | `[]` |
| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` |
| `primary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` |
@@ -250,6 +251,7 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` |
+| `secondary.extraPorts` | Extra ports to expose | `[]` |
| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas | `""` |
| `secondary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` |
@@ -305,7 +307,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r94` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -318,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
-| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r93` |
+| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -357,7 +359,6 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
-
The above parameters map to the env variables defined in [bitnami/mysql](https://github.com/bitnami/containers/tree/main/bitnami/mysql). For more information please refer to the [bitnami/mysql](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -544,4 +545,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/mysql/templates/primary/statefulset.yaml b/charts/bitnami/mysql/templates/primary/statefulset.yaml
index 7be025437..6004105dd 100644
--- a/charts/bitnami/mysql/templates/primary/statefulset.yaml
+++ b/charts/bitnami/mysql/templates/primary/statefulset.yaml
@@ -186,6 +186,9 @@ spec:
ports:
- name: mysql
containerPort: 3306
+ {{- if .Values.primary.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPorts "context" $) | nindent 12 }}
+ {{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.primary.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }}
diff --git a/charts/bitnami/mysql/templates/secondary/statefulset.yaml b/charts/bitnami/mysql/templates/secondary/statefulset.yaml
index 3b731b58e..5000e8163 100644
--- a/charts/bitnami/mysql/templates/secondary/statefulset.yaml
+++ b/charts/bitnami/mysql/templates/secondary/statefulset.yaml
@@ -170,6 +170,9 @@ spec:
ports:
- name: mysql
containerPort: 3306
+ {{- if .Values.secondary.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraPorts "context" $) | nindent 12 }}
+ {{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.secondary.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }}
diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml
index 95c59d9dc..051ebd117 100644
--- a/charts/bitnami/mysql/values.yaml
+++ b/charts/bitnami/mysql/values.yaml
@@ -82,7 +82,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/mysql
- tag: 8.0.32-debian-11-r11
+ tag: 8.0.32-debian-11-r14
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -406,6 +406,9 @@ primary:
## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers
##
extraEnvVarsSecret: ""
+ ## @param primary.extraPorts Extra ports to expose
+ ##
+ extraPorts: []
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
@@ -783,6 +786,9 @@ secondary:
## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers
##
extraEnvVarsSecret: ""
+ ## @param secondary.extraPorts Extra ports to expose
+ ##
+ extraPorts: []
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
@@ -1002,7 +1008,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1036,7 +1042,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
- tag: 0.14.0-debian-11-r93
+ tag: 0.14.0-debian-11-r96
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml
index 542bbafcc..5d17a25a4 100644
--- a/charts/bitnami/redis/Chart.yaml
+++ b/charts/bitnami/redis/Chart.yaml
@@ -28,4 +28,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis
-version: 17.8.2
+version: 17.8.4
diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md
index d82f4048c..069b06b87 100644
--- a/charts/bitnami/redis/README.md
+++ b/charts/bitnami/redis/README.md
@@ -196,6 +196,7 @@ The command removes all the Kubernetes components associated with the chart and
| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `master.persistence.size` | Persistent Volume size | `8Gi` |
| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
+| `master.persistence.labels` | Additional custom labels for the PVC | `{}` |
| `master.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `master.persistence.dataSource` | Custom PVC data source | `{}` |
| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
@@ -298,6 +299,7 @@ The command removes all the Kubernetes components associated with the chart and
| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `replica.persistence.size` | Persistent Volume size | `8Gi` |
| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
+| `replica.persistence.labels` | Additional custom labels for the PVC | `{}` |
| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `replica.persistence.dataSource` | Custom PVC data source | `{}` |
| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` |
@@ -381,6 +383,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` |
| `sentinel.persistence.size` | Persistent Volume size | `100Mi` |
| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` |
+| `sentinel.persistence.labels` | Additional custom labels for the PVC | `{}` |
| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` |
| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` |
| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
@@ -539,6 +542,7 @@ The command removes all the Kubernetes components associated with the chart and
| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. | `external-dns.alpha.kubernetes.io/` |
| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` |
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
@@ -930,4 +934,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/redis/templates/master/application.yaml b/charts/bitnami/redis/templates/master/application.yaml
index e6388e2fa..184916c71 100644
--- a/charts/bitnami/redis/templates/master/application.yaml
+++ b/charts/bitnami/redis/templates/master/application.yaml
@@ -26,7 +26,7 @@ spec:
{{- else }}
updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }}
{{- end }}
- {{- if and .Values.master.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
+ {{- if and .Values.master.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }}
minReadySeconds: {{ .Values.master.minReadySeconds }}
{{- end }}
{{- end }}
@@ -499,6 +499,9 @@ spec:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: master
+ {{- if .Values.master.persistence.labels }}
+ {{- toYaml .Values.master.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.master.persistence.annotations }}
annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }}
{{- end }}
diff --git a/charts/bitnami/redis/templates/master/pvc.yaml b/charts/bitnami/redis/templates/master/pvc.yaml
index e5fddb034..ee2691ac4 100644
--- a/charts/bitnami/redis/templates/master/pvc.yaml
+++ b/charts/bitnami/redis/templates/master/pvc.yaml
@@ -6,6 +6,9 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: master
+ {{- if .Values.master.persistence.labels }}
+ {{- toYaml .Values.master.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.master.persistence.annotations }}
annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }}
{{- end }}
diff --git a/charts/bitnami/redis/templates/replicas/statefulset.yaml b/charts/bitnami/redis/templates/replicas/statefulset.yaml
index 406bce136..8a856abf1 100644
--- a/charts/bitnami/redis/templates/replicas/statefulset.yaml
+++ b/charts/bitnami/redis/templates/replicas/statefulset.yaml
@@ -23,7 +23,7 @@ spec:
{{- if .Values.replica.updateStrategy }}
updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
{{- end }}
- {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
+ {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }}
minReadySeconds: {{ .Values.replica.minReadySeconds }}
{{- end }}
{{- if .Values.replica.podManagementPolicy }}
@@ -496,6 +496,9 @@ spec:
name: redis-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: replica
+ {{- if .Values.replica.persistence.labels }}
+ {{- toYaml .Values.replica.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.replica.persistence.annotations }}
annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }}
{{- end }}
diff --git a/charts/bitnami/redis/templates/sentinel/statefulset.yaml b/charts/bitnami/redis/templates/sentinel/statefulset.yaml
index af563850a..245f2a97c 100644
--- a/charts/bitnami/redis/templates/sentinel/statefulset.yaml
+++ b/charts/bitnami/redis/templates/sentinel/statefulset.yaml
@@ -22,7 +22,7 @@ spec:
{{- if .Values.replica.updateStrategy }}
updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
{{- end }}
- {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
+ {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }}
minReadySeconds: {{ .Values.replica.minReadySeconds }}
{{- end }}
{{- if .Values.replica.podManagementPolicy }}
@@ -753,6 +753,9 @@ spec:
name: sentinel-data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
app.kubernetes.io/component: node
+ {{- if .Values.sentinel.persistence.labels }}
+ {{- toYaml .Values.sentinel.persistence.labels | nindent 4 }}
+ {{- end }}
{{- if .Values.sentinel.persistence.annotations }}
annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }}
{{- end }}
diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml
index 09516681a..8fa7f0bdc 100644
--- a/charts/bitnami/redis/values.yaml
+++ b/charts/bitnami/redis/values.yaml
@@ -446,6 +446,9 @@ master:
## @param master.persistence.annotations Additional custom annotations for the PVC
##
annotations: {}
+ ## @param master.persistence.labels Additional custom labels for the PVC
+ ##
+ labels: {}
## @param master.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
@@ -860,6 +863,9 @@ replica:
## @param replica.persistence.annotations Additional custom annotations for the PVC
##
annotations: {}
+ ## @param replica.persistence.labels Additional custom labels for the PVC
+ ##
+ labels: {}
## @param replica.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
@@ -1148,6 +1154,9 @@ sentinel:
## @param sentinel.persistence.annotations Additional custom annotations for the PVC
##
annotations: {}
+ ## @param sentinel.persistence.labels Additional custom labels for the PVC
+ ##
+ labels: {}
## @param sentinel.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml
index 4729fe106..4aa4d88dc 100644
--- a/charts/bitnami/spark/Chart.yaml
+++ b/charts/bitnami/spark/Chart.yaml
@@ -28,4 +28,4 @@ name: spark
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/spark
- https://spark.apache.org/
-version: 6.3.18
+version: 6.4.0
diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md
index 171642c78..c15ea3804 100644
--- a/charts/bitnami/spark/README.md
+++ b/charts/bitnami/spark/README.md
@@ -282,6 +282,7 @@ The command removes all the Kubernetes components associated with the chart and
| `service.extraPorts` | Extra ports to expose in Spark service (normally used with the `sidecars` value) | `[]` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
@@ -477,4 +478,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/spark/templates/headless-svc.yaml b/charts/bitnami/spark/templates/headless-svc.yaml
index 3f43d445d..a3164bc40 100644
--- a/charts/bitnami/spark/templates/headless-svc.yaml
+++ b/charts/bitnami/spark/templates/headless-svc.yaml
@@ -7,8 +7,14 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
- {{- if .Values.commonAnnotations }}
- annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- if or .Values.service.headless.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.service.headless.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.service.headless.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
{{- end }}
spec:
type: ClusterIP
diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml
index 371a07561..f987b61fb 100644
--- a/charts/bitnami/spark/values.yaml
+++ b/charts/bitnami/spark/values.yaml
@@ -811,6 +811,12 @@ service:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param service.headless.annotations Annotations for the headless service.
+ ##
+ annotations: {}
## Configure the ingress resource that allows you to access the
## Spark installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock
index 6beedd2db..aa7ce6ee2 100644
--- a/charts/bitnami/wordpress/Chart.lock
+++ b/charts/bitnami/wordpress/Chart.lock
@@ -1,12 +1,12 @@
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
- version: 6.3.8
+ version: 6.3.10
- name: mariadb
repository: https://charts.bitnami.com/bitnami
- version: 11.5.1
+ version: 11.5.3
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:9dd252efa5da7fdcd62f1e1f50a66a0f40a09d90ae8e71113cee9c10eb625029
-generated: "2023-03-02T20:55:17.352621952Z"
+ version: 2.2.4
+digest: sha256:22567f57b68bd7bbc930cdd7e43cb439239d49b7a92e2440b9baf092b969c7bd
+generated: "2023-03-07T21:00:37.537997479Z"
diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml
index 8624245d4..5997de609 100644
--- a/charts/bitnami/wordpress/Chart.yaml
+++ b/charts/bitnami/wordpress/Chart.yaml
@@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
-version: 15.2.48
+version: 15.2.51
diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md
index 7522b3b97..e4cb19ce7 100644
--- a/charts/bitnami/wordpress/README.md
+++ b/charts/bitnami/wordpress/README.md
@@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
-| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r57` |
+| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r61` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r92` |
+| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r94` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
-| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r3` |
+| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r5` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
@@ -370,7 +370,7 @@ The command removes all the Kubernetes components associated with the chart and
| `externalCache.host` | External cache server host | `localhost` |
| `externalCache.port` | External cache server port | `11211` |
-
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
diff --git a/charts/bitnami/wordpress/charts/common/Chart.yaml b/charts/bitnami/wordpress/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/wordpress/charts/common/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/wordpress/charts/common/README.md b/charts/bitnami/wordpress/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/wordpress/charts/common/README.md
+++ b/charts/bitnami/wordpress/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/wordpress/charts/common/templates/_images.tpl b/charts/bitnami/wordpress/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/wordpress/charts/common/templates/_images.tpl
+++ b/charts/bitnami/wordpress/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml
index 3f6f694b5..96eee1b81 100644
--- a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml
@@ -28,4 +28,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
-version: 11.5.1
+version: 11.5.3
diff --git a/charts/bitnami/wordpress/charts/mariadb/README.md b/charts/bitnami/wordpress/charts/mariadb/README.md
index 44c3cfde2..c77223837 100644
--- a/charts/bitnami/wordpress/charts/mariadb/README.md
+++ b/charts/bitnami/wordpress/charts/mariadb/README.md
@@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
-| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r6` |
+| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r9` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -172,6 +172,7 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` |
| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` |
+| `primary.persistence.labels` | Labels for the PVC | `{}` |
| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` |
| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` |
@@ -264,6 +265,7 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` |
+| `secondary.persistence.labels` | Labels for the PVC | `{}` |
| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` |
| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` |
@@ -306,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r94` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -320,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
-| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r94` |
+| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -378,7 +380,6 @@ The command removes all the Kubernetes components associated with the chart and
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
-
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -556,4 +557,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/wordpress/charts/mariadb/templates/primary/statefulset.yaml b/charts/bitnami/wordpress/charts/mariadb/templates/primary/statefulset.yaml
index fd2608900..b1605df17 100644
--- a/charts/bitnami/wordpress/charts/mariadb/templates/primary/statefulset.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/templates/primary/statefulset.yaml
@@ -379,6 +379,9 @@ spec:
{{- if .Values.primary.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.primary.persistence.annotations "context" $ ) | nindent 10 }}
{{- end }}
+ {{- if .Values.primary.persistence.labels }}
+ labels: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
spec:
accessModes:
{{- range .Values.primary.persistence.accessModes }}
diff --git a/charts/bitnami/wordpress/charts/mariadb/templates/secondary/statefulset.yaml b/charts/bitnami/wordpress/charts/mariadb/templates/secondary/statefulset.yaml
index c88d4ad6f..568bf7ff4 100644
--- a/charts/bitnami/wordpress/charts/mariadb/templates/secondary/statefulset.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/templates/secondary/statefulset.yaml
@@ -349,6 +349,9 @@ spec:
{{- if .Values.secondary.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.persistence.annotations "context" $ ) | nindent 10 }}
{{- end }}
+ {{- if .Values.primary.persistence.labels }}
+ labels: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
spec:
accessModes:
{{- range .Values.secondary.persistence.accessModes }}
diff --git a/charts/bitnami/wordpress/charts/mariadb/values.yaml b/charts/bitnami/wordpress/charts/mariadb/values.yaml
index da1db2a2b..7918eac9f 100644
--- a/charts/bitnami/wordpress/charts/mariadb/values.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/values.yaml
@@ -87,7 +87,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
- tag: 10.6.12-debian-11-r6
+ tag: 10.6.12-debian-11-r9
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -458,6 +458,9 @@ primary:
## GKE, AWS & OpenStack)
##
storageClass: ""
+ ## @param primary.persistence.labels Labels for the PVC
+ ##
+ labels: {}
## @param primary.persistence.annotations MariaDB primary persistent volume claim annotations
##
annotations: {}
@@ -847,6 +850,9 @@ secondary:
## GKE, AWS & OpenStack)
##
storageClass: ""
+ ## @param secondary.persistence.labels Labels for the PVC
+ ##
+ labels: {}
## @param secondary.persistence.annotations MariaDB secondary persistent volume claim annotations
##
annotations: {}
@@ -995,7 +1001,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@@ -1031,7 +1037,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
- tag: 0.14.0-debian-11-r94
+ tag: 0.14.0-debian-11-r96
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml
index 053aba5ef..fd6360443 100644
--- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml
@@ -24,4 +24,4 @@ name: memcached
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/memcached
- http://memcached.org/
-version: 6.3.8
+version: 6.3.10
diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md
index e068f8e65..96ce74aef 100644
--- a/charts/bitnami/wordpress/charts/memcached/README.md
+++ b/charts/bitnami/wordpress/charts/memcached/README.md
@@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | --------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | Memcached image registry | `docker.io` |
| `image.repository` | Memcached image repository | `bitnami/memcached` |
-| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.18-debian-11-r17` |
+| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.18-debian-11-r19` |
| `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -197,6 +197,7 @@ The command removes all the Kubernetes components associated with the chart and
| `persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
+| `persistence.labels` | Labels for the PVC | `{}` |
| `persistence.selector` | Selector to match an existing Persistent Volume for Memcached's data PVC | `{}` |
### Volume Permissions parameters
@@ -206,7 +207,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r92` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -216,7 +217,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Memcached exporter image registry | `docker.io` |
| `metrics.image.repository` | Memcached exporter image repository | `bitnami/memcached-exporter` |
-| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r3` |
+| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r5` |
| `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -380,4 +381,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml b/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml
index ece789962..a6c648f02 100644
--- a/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml
+++ b/charts/bitnami/wordpress/charts/memcached/templates/statefulset.yaml
@@ -257,9 +257,13 @@ spec:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }}
{{- end }}
- {{- if .Values.commonLabels }}
- labels: {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }}
- {{- end }}
+ labels:
+ {{- if .Values.persistence.labels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }}
+ {{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
diff --git a/charts/bitnami/wordpress/charts/memcached/values.yaml b/charts/bitnami/wordpress/charts/memcached/values.yaml
index a3b236698..126cb1e21 100644
--- a/charts/bitnami/wordpress/charts/memcached/values.yaml
+++ b/charts/bitnami/wordpress/charts/memcached/values.yaml
@@ -70,7 +70,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/memcached
- tag: 1.6.18-debian-11-r17
+ tag: 1.6.18-debian-11-r19
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -480,6 +480,9 @@ persistence:
## @param persistence.annotations Annotations for the PVC
##
annotations: {}
+ ## @param persistence.labels Labels for the PVC
+ ##
+ labels: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Memcached's data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
@@ -509,7 +512,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r92
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -554,7 +557,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/memcached-exporter
- tag: 0.11.1-debian-11-r3
+ tag: 0.11.1-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml
index 817ddfefe..c434613c3 100644
--- a/charts/bitnami/wordpress/values.yaml
+++ b/charts/bitnami/wordpress/values.yaml
@@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
- tag: 6.1.1-debian-11-r57
+ tag: 6.1.1-debian-11-r61
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -757,7 +757,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r92
+ tag: 11-debian-11-r94
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -851,7 +851,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
- tag: 0.13.0-debian-11-r3
+ tag: 0.13.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml
index 81c597a06..25d4dd393 100644
--- a/charts/cockroach-labs/cockroachdb/Chart.yaml
+++ b/charts/cockroach-labs/cockroachdb/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.8-0'
catalog.cattle.io/release-name: cockroachdb
apiVersion: v1
-appVersion: 22.2.5
+appVersion: 22.2.6
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
home: https://www.cockroachlabs.com
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
@@ -14,4 +14,4 @@ maintainers:
name: cockroachdb
sources:
- https://github.com/cockroachdb/cockroach
-version: 10.0.5
+version: 10.0.6
diff --git a/charts/cockroach-labs/cockroachdb/README.md b/charts/cockroach-labs/cockroachdb/README.md
index 1765db003..adff41254 100644
--- a/charts/cockroach-labs/cockroachdb/README.md
+++ b/charts/cockroach-labs/cockroachdb/README.md
@@ -229,10 +229,10 @@ kubectl get pods \
```
```
-my-release-cockroachdb-0 cockroachdb/cockroach:v22.2.5
-my-release-cockroachdb-1 cockroachdb/cockroach:v22.2.5
-my-release-cockroachdb-2 cockroachdb/cockroach:v22.2.5
-my-release-cockroachdb-3 cockroachdb/cockroach:v22.2.5
+my-release-cockroachdb-0 cockroachdb/cockroach:v22.2.6
+my-release-cockroachdb-1 cockroachdb/cockroach:v22.2.6
+my-release-cockroachdb-2 cockroachdb/cockroach:v22.2.6
+my-release-cockroachdb-3 cockroachdb/cockroach:v22.2.6
```
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
@@ -287,7 +287,7 @@ Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will
For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v21.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html).
-Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v22.2.5 release notes](https://www.cockroachlabs.com/docs/releases/v22.2.5.html#backward-incompatible-changes).
+Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v22.2.6 release notes](https://www.cockroachlabs.com/docs/releases/v22.2.6.html#backward-incompatible-changes).
## Configuration
@@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
| `conf.store.size` | CockroachDB storage size | `""` |
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
| `image.repository` | Container image name | `cockroachdb/cockroach` |
-| `image.tag` | Container image tag | `v22.2.5` |
+| `image.tag` | Container image tag | `v22.2.6` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
| `statefulset.replicas` | StatefulSet replicas number | `3` |
diff --git a/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml b/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml
index 7e96a0177..36c1f0604 100644
--- a/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml
+++ b/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml
@@ -1,5 +1,5 @@
kind: PodDisruptionBudget
-{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
+{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml
index ebaa34f70..62e014958 100644
--- a/charts/cockroach-labs/cockroachdb/values.yaml
+++ b/charts/cockroach-labs/cockroachdb/values.yaml
@@ -1,7 +1,7 @@
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
image:
repository: cockroachdb/cockroach
- tag: v22.2.5
+ tag: v22.2.6
pullPolicy: IfNotPresent
credentials: {}
# registry: docker.io
diff --git a/charts/codefresh/cf-runtime/Chart.yaml b/charts/codefresh/cf-runtime/Chart.yaml
index e99bc734c..64d2bc210 100644
--- a/charts/codefresh/cf-runtime/Chart.yaml
+++ b/charts/codefresh/cf-runtime/Chart.yaml
@@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: cf-runtime
apiVersion: v2
-appVersion: 1.9.10
+appVersion: 1.9.11
description: A Helm chart for Codefresh Runner
icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
name: cf-runtime
type: application
-version: 1.9.10
+version: 1.9.11
diff --git a/charts/codefresh/cf-runtime/values.yaml b/charts/codefresh/cf-runtime/values.yaml
index f7dda28be..f380bb8ae 100644
--- a/charts/codefresh/cf-runtime/values.yaml
+++ b/charts/codefresh/cf-runtime/values.yaml
@@ -24,7 +24,7 @@ dockerRegistry: "quay.io" # Registry prefix for the runtime images (default quay
newRelicLicense: "" # NEWRELIC_LICENSE_KEY (for app-proxy and runner deployments)
runner: # Runner Deployment
- image: "codefresh/venona:1.9.10"
+ image: "codefresh/venona:1.9.11"
env: {}
## e.g:
# env:
diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md
index 25ac4cb11..ba6c3cfe4 100644
--- a/charts/datadog/datadog/CHANGELOG.md
+++ b/charts/datadog/datadog/CHANGELOG.md
@@ -1,5 +1,64 @@
# Datadog changelog
+# 3.19.1
+
+* Mount emptyDir volumes in `/etc/datadog-agent` and `/tmp` to allow the cluster-agent to write files in those
+ locations with read-only root filesystem.
+
+# 3.19.0
+
+* Declare `readOnly` in volumeMounts.
+
+## 3.18.0
+
+* Default `Agent` and `Cluster-Agent` image tags to `7.43.1`.
+
+## 3.17.1
+
+* Fix Cilium egress rules to kube-apiserver entities.
+
+## 3.17.0
+
+* Add the following configurations which allow environment variables to be defined in a dictionary:
+ * `agents.containers.agent.envDict`
+ * `agents.containers.processAgent.envDict`
+ * `agents.containers.securityAgent.envDict`
+ * `agents.containers.systemProbe.envDict`
+ * `agents.containers.traceAgent.envDict`
+ * `clusterAgent.envDict`
+ * `clusterChecksRunner.envDict`
+ * `datadog.envDict`
+
+## 3.16.2
+
+* Mount an emptyDir volume in `/opt/datadog-agent/run` to allow the cluster-agent to write files in that location
+ with read-only root filesystem.
+
+## 3.16.1
+
+* Fix `cluster-agent` deployment to allow the cluster-agent to write file in `/var/log/datadog` when it runs with
+ read-only root filesystem.
+
+## 3.16.0
+
+* Add new checksum to cluster agent deployment base on all cluster-agent configmap configuration.
+
+## 3.15.0
+
+* Beta: Enable remote configuration if `clusterAgent.admissionController.remoteInstrumentation` is enabled.
+
+## 3.14.0
+
+* Make the root filesystem of the cluster agent container read only by default
+
+## 3.13.0
+
+* Beta: Support APM library injection with Remote Configuration.
+
+## 3.12.0
+
+* Add `automountServiceAccountToken` option to configure automatic mounting of ServiceAccount's API credentials
+
## 3.11.0
* Default `Agent` and `Cluster-Agent` image tags to `7.43.0`.
diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml
index a3bfeb529..68a84b233 100644
--- a/charts/datadog/datadog/Chart.yaml
+++ b/charts/datadog/datadog/Chart.yaml
@@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
-version: 3.11.0
+version: 3.19.1
diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md
index 38e16ac6c..dfd80b266 100644
--- a/charts/datadog/datadog/README.md
+++ b/charts/datadog/datadog/README.md
@@ -1,6 +1,6 @@
# Datadog
- 
+ 
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@@ -400,6 +400,7 @@ helm install \
| agents.additionalLabels | object | `{}` | Adds labels to the Agent daemonset and pods |
| agents.affinity | object | `{}` | Allow the DaemonSet to schedule using affinity rules |
| agents.containers.agent.env | list | `[]` | Additional environment variables for the agent container |
+| agents.containers.agent.envDict | object | `{}` | Set environment variables specific to agent container defined in a dict |
| agents.containers.agent.envFrom | list | `[]` | Set environment variables specific to agent container from configMaps and/or secrets |
| agents.containers.agent.healthPort | int | `5555` | Port number to use in the node agent for the healthz endpoint |
| agents.containers.agent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
@@ -410,23 +411,27 @@ helm install \
| agents.containers.agent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the agent container. |
| agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers |
| agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container |
+| agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict |
| agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets |
| agents.containers.processAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. |
| agents.containers.processAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container |
| agents.containers.processAgent.resources | object | `{}` | Resource requests and limits for the process-agent container |
| agents.containers.processAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the process-agent container. |
| agents.containers.securityAgent.env | list | `[]` | Additional environment variables for the security-agent container |
+| agents.containers.securityAgent.envDict | object | `{}` | Set environment variables specific to security-agent defined in a dict |
| agents.containers.securityAgent.envFrom | list | `[]` | Set environment variables specific to security-agent from configMaps and/or secrets |
| agents.containers.securityAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. |
| agents.containers.securityAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container |
| agents.containers.securityAgent.resources | object | `{}` | Resource requests and limits for the security-agent container |
| agents.containers.systemProbe.env | list | `[]` | Additional environment variables for the system-probe container |
+| agents.containers.systemProbe.envDict | object | `{}` | Set environment variables specific to system-probe defined in a dict |
| agents.containers.systemProbe.envFrom | list | `[]` | Set environment variables specific to system-probe from configMaps and/or secrets |
| agents.containers.systemProbe.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. |
| agents.containers.systemProbe.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container |
| agents.containers.systemProbe.resources | object | `{}` | Resource requests and limits for the system-probe container |
| agents.containers.systemProbe.securityContext | object | `{"capabilities":{"add":["SYS_ADMIN","SYS_RESOURCE","SYS_PTRACE","NET_ADMIN","NET_BROADCAST","NET_RAW","IPC_LOCK","CHOWN","DAC_READ_SEARCH"]},"privileged":false}` | Allows you to overwrite the default container SecurityContext for the system-probe container. |
| agents.containers.traceAgent.env | list | `[]` | Additional environment variables for the trace-agent container |
+| agents.containers.traceAgent.envDict | object | `{}` | Set environment variables specific to trace-agent defined in a dict |
| agents.containers.traceAgent.envFrom | list | `[]` | Set environment variables specific to trace-agent from configMaps and/or secrets |
| agents.containers.traceAgent.livenessProbe | object | Every 15s | Override default agent liveness probe settings |
| agents.containers.traceAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off |
@@ -443,7 +448,7 @@ helm install \
| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
-| agents.image.tag | string | `"7.43.0"` | Define the Agent version to use |
+| agents.image.tag | string | `"7.43.1"` | Define the Agent version to use |
| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@@ -466,6 +471,7 @@ helm install \
| agents.priorityClassName | string | `nil` | Sets PriorityClassName if defined |
| agents.priorityClassValue | int | `1000000000` | Value used to specify the priority of the scheduling of Datadog Agent's Daemonset pods. |
| agents.priorityPreemptionPolicyValue | string | `"PreemptLowerPriority"` | Set to "Never" to change the PriorityClass to non-preempting |
+| agents.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true |
| agents.rbac.create | bool | `true` | If true, create & use RBAC resources |
| agents.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if agents.rbac.create is true |
| agents.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if agents.rbac.create is false |
@@ -482,17 +488,19 @@ helm install \
| clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods |
| clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' |
| clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' |
+| clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config (beta). # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. |
| clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. |
| clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules |
| clusterAgent.command | list | `[]` | Command to run in the Cluster Agent container as entrypoint |
| clusterAgent.confd | object | `{}` | Provide additional cluster check configurations. Each key will become a file in /conf.d. |
-| clusterAgent.containers.clusterAgent.securityContext | object | `{}` | Specify securityContext on the cluster-agent container. |
+| clusterAgent.containers.clusterAgent.securityContext | object | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true}` | Specify securityContext on the cluster-agent container. |
| clusterAgent.createPodDisruptionBudget | bool | `false` | Create pod disruption budget for Cluster Agent deployments |
| clusterAgent.datadog_cluster_yaml | object | `{}` | Specify custom contents for the datadog cluster agent config (datadog-cluster.yaml) |
| clusterAgent.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-agents's deployment |
| clusterAgent.dnsConfig | object | `{}` | Specify dns configuration options for datadog cluster agent containers e.g ndots |
| clusterAgent.enabled | bool | `true` | Set this to false to disable Datadog Cluster Agent |
| clusterAgent.env | list | `[]` | Set environment variables specific to Cluster Agent |
+| clusterAgent.envDict | object | `{}` | Set environment variables specific to Cluster Agent defined in a dict |
| clusterAgent.envFrom | list | `[]` | Set environment variables specific to Cluster Agent from configMaps and/or secrets |
| clusterAgent.healthPort | int | `5556` | Port number to use in the Cluster Agent for the healthz endpoint |
| clusterAgent.image.digest | string | `""` | Cluster Agent image digest to use, takes precedence over tag if specified |
@@ -501,7 +509,7 @@ helm install \
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
-| clusterAgent.image.tag | string | `"7.43.0"` | Cluster Agent image tag to use |
+| clusterAgent.image.tag | string | `"7.43.1"` | Cluster Agent image tag to use |
| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@@ -517,6 +525,7 @@ helm install \
| clusterAgent.podSecurity.podSecurityPolicy.create | bool | `false` | If true, create a PodSecurityPolicy resource for Cluster Agent pods |
| clusterAgent.podSecurity.securityContextConstraints.create | bool | `false` | If true, create a SCC resource for Cluster Agent pods |
| clusterAgent.priorityClassName | string | `nil` | Name of the priorityClass to apply to the Cluster Agent |
+| clusterAgent.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true |
| clusterAgent.rbac.create | bool | `true` | If true, create & use RBAC resources |
| clusterAgent.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true |
| clusterAgent.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterAgent.rbac.create is false |
@@ -540,6 +549,7 @@ helm install \
| clusterChecksRunner.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots |
| clusterChecksRunner.enabled | bool | `false` | If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. |
| clusterChecksRunner.env | list | `[]` | Environment variables specific to Cluster Checks Runner |
+| clusterChecksRunner.envDict | object | `{}` | Set environment variables specific to Cluster Checks Runner defined in a dict |
| clusterChecksRunner.envFrom | list | `[]` | Set environment variables specific to Cluster Checks Runner from configMaps and/or secrets |
| clusterChecksRunner.healthPort | int | `5557` | Port number to use in the Cluster Checks Runner for the healthz endpoint |
| clusterChecksRunner.image.digest | string | `""` | Define Agent image digest to use, takes precedence over tag if specified |
@@ -547,7 +557,7 @@ helm install \
| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
-| clusterChecksRunner.image.tag | string | `"7.43.0"` | Define the Agent version to use |
+| clusterChecksRunner.image.tag | string | `"7.43.1"` | Define the Agent version to use |
| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |
@@ -555,6 +565,7 @@ helm install \
| clusterChecksRunner.podAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's pod(s) |
| clusterChecksRunner.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container |
| clusterChecksRunner.priorityClassName | string | `nil` | Name of the priorityClass to apply to the Cluster checks runners |
+| clusterChecksRunner.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true |
| clusterChecksRunner.rbac.create | bool | `true` | If true, create & use RBAC resources |
| clusterChecksRunner.rbac.dedicated | bool | `false` | If true, use a dedicated RBAC resource for the cluster checks agent(s) |
| clusterChecksRunner.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true |
@@ -610,6 +621,7 @@ helm install \
| datadog.dogstatsd.useHostPort | bool | `false` | Sets the hostPort to the same value of the container port |
| datadog.dogstatsd.useSocketVolume | bool | `true` | Enable dogstatsd over Unix Domain Socket with an HostVolume |
| datadog.env | list | `[]` | Set environment variables for all Agents |
+| datadog.envDict | object | `{}` | Set environment variables for all Agents defined in a dict |
| datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets |
| datadog.excludePauseContainer | bool | `true` | Exclude pause containers from the Agent Autodiscovery. |
| datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfer with the agentmetrics port from the cluster-agent, which defaults to 5000 |
diff --git a/charts/datadog/datadog/ci/cluster-agent-values.yaml b/charts/datadog/datadog/ci/cluster-agent-values.yaml
index 943641602..e51445d2b 100644
--- a/charts/datadog/datadog/ci/cluster-agent-values.yaml
+++ b/charts/datadog/datadog/ci/cluster-agent-values.yaml
@@ -25,6 +25,12 @@ datadog:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
+ envDict:
+ DD_ENV_DICT_KEY: DD_ENV_DICT_VALUE
+ DD_ENV_DICT_KEY_FROM:
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
agents:
containers:
diff --git a/charts/datadog/datadog/templates/_container-agent.yaml b/charts/datadog/datadog/templates/_container-agent.yaml
index 22340f446..a42bf3220 100644
--- a/charts/datadog/datadog/templates/_container-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-agent.yaml
@@ -148,6 +148,7 @@
- name: DD_EXPVAR_PORT
value: {{ .Values.datadog.expvarPort | quote }}
{{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }}
+ {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }}
volumeMounts:
{{- if eq .Values.targetSystem "linux" }}
- name: installinfo
@@ -156,17 +157,19 @@
readOnly: true
- name: logdatadog
mountPath: /var/log/datadog
+ readOnly: false # Need RW to write logs
- name: tmpdir
mountPath: /tmp
- readOnly: false
+ readOnly: false # Need RW to write to /tmp directory
{{- include "linux-container-host-release-volumemounts" . | nindent 4 }}
{{- end }}
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: false # Need RW to mount to config path
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth
- readOnly: false
+ readOnly: false # Need RW to write auth token
{{- end }}
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
{{- include "container-cloudinit-volumemounts" . | nindent 4 }}
@@ -174,10 +177,12 @@
- name: datadog-yaml
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml
subPath: datadog.yaml
+ readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "linux" }}
- name: dsdsocket
mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
+ readOnly: false
{{- if eq (include "should-enable-system-probe" .) "true" }}
- name: sysprobe-socket-dir
mountPath: /var/run/sysprobe
@@ -185,6 +190,7 @@
- name: sysprobe-config
mountPath: /etc/datadog-agent/system-probe.yaml
subPath: system-probe.yaml
+ readOnly: true
{{- end }}
- name: procdir
mountPath: /host/proc
@@ -198,6 +204,7 @@
- name: pointerdir
mountPath: /opt/datadog-agent/run
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
+ readOnly: false # Need RW for logs pointer
- name: logpodpath
mountPath: /var/log/pods
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
@@ -218,6 +225,7 @@
{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }}
- name: pointerdir
mountPath: C:/var/log
+ readOnly: false # Need RW for logs pointer
- name: logpodpath
mountPath: C:/var/log/pods
readOnly: true
diff --git a/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml
index ac32e7360..a5a3d80a0 100644
--- a/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml
+++ b/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml
@@ -9,9 +9,11 @@
{{- if eq .Values.targetSystem "windows" }}
- name: runtimesocket
mountPath: {{ template "datadog.dockerOrCriSocketPath" . }}
+ readOnly: true
{{- if not .Values.datadog.criSocketPath }}
- name: containerdsocket
mountPath: \\.\pipe\containerd-containerd
+ readOnly: true
{{- end }}
{{- end }}
{{- end }}
diff --git a/charts/datadog/datadog/templates/_container-process-agent.yaml b/charts/datadog/datadog/templates/_container-process-agent.yaml
index 0c30367fd..cd78a068d 100644
--- a/charts/datadog/datadog/templates/_container-process-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-process-agent.yaml
@@ -52,9 +52,11 @@
- name: DD_ORCHESTRATOR_EXPLORER_ENABLED
value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }}
{{- include "additional-env-entries" .Values.agents.containers.processAgent.env | indent 4 }}
+ {{- include "additional-env-dict-entries" .Values.agents.containers.processAgent.envDict | indent 4 }}
volumeMounts:
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: true
{{- if eq .Values.targetSystem "linux" }}
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token
@@ -63,9 +65,10 @@
{{- end }}
- name: logdatadog
mountPath: /var/log/datadog
+ readOnly: false # Need RW to write logs
- name: tmpdir
mountPath: /tmp
- readOnly: false
+ readOnly: false # Need RW to write to tmp directory
{{- include "linux-container-host-release-volumemounts" . | nindent 4 }}
{{- end }}
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
@@ -74,6 +77,7 @@
- name: datadog-yaml
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml
subPath: datadog.yaml
+ readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "linux" }}
- name: cgroups
@@ -89,7 +93,7 @@
readOnly: true
- name: dsdsocket
mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
- readOnly: true
+ readOnly: false # Need RW for UDS DSD socket
{{- if eq (include "should-enable-system-probe" .) "true" }}
- name: sysprobe-socket-dir
mountPath: /var/run/sysprobe
@@ -97,6 +101,7 @@
- name: sysprobe-config
mountPath: /etc/datadog-agent/system-probe.yaml
subPath: system-probe.yaml
+ readOnly: true
{{- end }}
{{- end }}
{{- if .Values.datadog.kubelet.hostCAPath }}
diff --git a/charts/datadog/datadog/templates/_container-security-agent.yaml b/charts/datadog/datadog/templates/_container-security-agent.yaml
index c538cec3f..afd6fc22f 100644
--- a/charts/datadog/datadog/templates/_container-security-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-security-agent.yaml
@@ -49,9 +49,11 @@
value: {{ .Values.datadog.dogstatsd.socketPath | quote }}
{{- end }}
{{- include "additional-env-entries" .Values.agents.containers.securityAgent.env | indent 4 }}
+ {{- include "additional-env-dict-entries" .Values.agents.containers.securityAgent.envDict | indent 4 }}
volumeMounts:
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: true
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth
@@ -60,12 +62,13 @@
{{- if eq .Values.targetSystem "linux" }}
- name: logdatadog
mountPath: /var/log/datadog
+ readOnly: false # Need RW to write logs
- name: tmpdir
mountPath: /tmp
- readOnly: false
+ readOnly: false # Need RW to write to tmp directory
- name: dsdsocket
mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
- readOnly: true
+ readOnly: false # Need RW for UDS DSD socket
{{- include "linux-container-host-release-volumemounts" . | nindent 4 }}
{{- end }}
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
@@ -74,6 +77,7 @@
- name: datadog-yaml
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml
subPath: datadog.yaml
+ readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "linux" }}
{{- if .Values.datadog.securityAgent.compliance.enabled }}
@@ -113,6 +117,7 @@
- name: sysprobe-config
mountPath: /etc/datadog-agent/system-probe.yaml
subPath: system-probe.yaml
+ readOnly: true
{{- end }}
{{- end }}
{{- if .Values.agents.volumeMounts }}
diff --git a/charts/datadog/datadog/templates/_container-system-probe.yaml b/charts/datadog/datadog/templates/_container-system-probe.yaml
index 2151414b3..0c4ad3a3a 100644
--- a/charts/datadog/datadog/templates/_container-system-probe.yaml
+++ b/charts/datadog/datadog/templates/_container-system-probe.yaml
@@ -26,6 +26,7 @@
value: "/host/root"
{{- end }}
{{- include "additional-env-entries" .Values.agents.containers.systemProbe.env | indent 4 }}
+ {{- include "additional-env-dict-entries" .Values.agents.containers.systemProbe.envDict | indent 4 }}
resources:
{{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }}
volumeMounts:
@@ -34,25 +35,31 @@
readOnly: true
- name: logdatadog
mountPath: /var/log/datadog
+ readOnly: false # Need RW to write logs
- name: tmpdir
mountPath: /tmp
- readOnly: false
+ readOnly: false # Need RW for tmp directory to instantiate self tests
- name: debugfs
mountPath: /sys/kernel/debug
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
+ readOnly: false # Need RW for kprobe_events
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: true
{{- include "container-cloudinit-volumemounts" . | nindent 4 }}
{{- if .Values.agents.useConfigMap }}
- name: datadog-yaml
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml
subPath: datadog.yaml
+ readOnly: true
{{- end }}
- name: sysprobe-config
mountPath: /etc/datadog-agent/system-probe.yaml
subPath: system-probe.yaml
+ readOnly: true
- name: sysprobe-socket-dir
mountPath: /var/run/sysprobe
+ readOnly: false # Need RW for sys-probe socket
- name: procdir
mountPath: /host/proc
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
@@ -102,9 +109,10 @@
- name: runtime-compiler-output-dir
mountPath: {{ .Values.datadog.systemProbe.runtimeCompilationAssetDir }}/build
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
+ readOnly: false
- name: kernel-headers-download-dir
mountPath: {{ .Values.datadog.systemProbe.runtimeCompilationAssetDir }}/kernel-headers
- readOnly: false
+ readOnly: false # Need RW for sys-probe kernel headers
{{- if not .Values.datadog.systemProbe.mountPackageManagementDirs }}
- name: apt-config-dir
mountPath: /host/etc/apt
diff --git a/charts/datadog/datadog/templates/_container-trace-agent.yaml b/charts/datadog/datadog/templates/_container-trace-agent.yaml
index 1a88d4f31..a1eb61f21 100644
--- a/charts/datadog/datadog/templates/_container-trace-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-trace-agent.yaml
@@ -50,9 +50,11 @@
value: {{ .Values.datadog.dogstatsd.socketPath | quote }}
{{- end }}
{{- include "additional-env-entries" .Values.agents.containers.traceAgent.env | indent 4 }}
+ {{- include "additional-env-dict-entries" .Values.agents.containers.traceAgent.envDict | indent 4 }}
volumeMounts:
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: true
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth
@@ -62,6 +64,7 @@
- name: datadog-yaml
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml
subPath: datadog.yaml
+ readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "linux" }}
{{- if not .Values.providers.gke.autopilot }}
@@ -76,14 +79,17 @@
{{- end }}
- name: logdatadog
mountPath: /var/log/datadog
+ readOnly: false # Need RW to write logs
- name: tmpdir
mountPath: /tmp
- readOnly: false
+ readOnly: false # Need RW for tmp directory
- name: dsdsocket
mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
+ readOnly: false # Need RW for UDS DSD socket
{{- if and (eq (include "trace-agent-use-uds" .) "true") (ne (dir .Values.datadog.dogstatsd.socketPath) (dir .Values.datadog.apm.socketPath)) }}
- name: apmsocket
mountPath: {{ (dir .Values.datadog.apm.socketPath) }}
+ readOnly: false # Need RW for UDS APM socket
{{- end }}
{{- end }}
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
diff --git a/charts/datadog/datadog/templates/_containers-common-env.yaml b/charts/datadog/datadog/templates/_containers-common-env.yaml
index b0dc966de..2076ace04 100644
--- a/charts/datadog/datadog/templates/_containers-common-env.yaml
+++ b/charts/datadog/datadog/templates/_containers-common-env.yaml
@@ -37,6 +37,7 @@
{{- end }}
{{- end }}
{{- include "additional-env-entries" .Values.datadog.env }}
+{{- include "additional-env-dict-entries" .Values.datadog.envDict }}
{{- if .Values.datadog.acInclude }}
- name: DD_AC_INCLUDE
value: {{ .Values.datadog.acInclude | quote }}
diff --git a/charts/datadog/datadog/templates/_containers-init-linux.yaml b/charts/datadog/datadog/templates/_containers-init-linux.yaml
index 7a800488f..9c70561b8 100644
--- a/charts/datadog/datadog/templates/_containers-init-linux.yaml
+++ b/charts/datadog/datadog/templates/_containers-init-linux.yaml
@@ -2,25 +2,36 @@
- name: init-volume
image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
imagePullPolicy: {{ .Values.agents.image.pullPolicy }}
- command: ["bash", "-c"]
+ command:
+ - cp
args:
- - cp -r /etc/datadog-agent /opt
+ - -r
+ - /etc/datadog-agent
+ - /opt
volumeMounts:
- name: config
mountPath: /opt/datadog-agent
+ readOnly: false # Need RW for config path
resources:
{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }}
- name: init-config
image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
imagePullPolicy: {{ .Values.agents.image.pullPolicy }}
- command: ["bash", "-c"]
+ command:
+ - bash
+ - -c
args:
- - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done
+ - |
+ for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort); do
+ bash $script
+ done
volumeMounts:
- name: logdatadog
mountPath: /var/log/datadog
+ readOnly: false # Need RW to write logs
- name: config
mountPath: /etc/datadog-agent
+ readOnly: false # Need RW for config path
{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }}
- name: confd
mountPath: /conf.d
@@ -40,6 +51,7 @@
- name: sysprobe-config
mountPath: /etc/datadog-agent/system-probe.yaml
subPath: system-probe.yaml
+ readOnly: true
{{- end }}
env:
{{- include "containers-common-env" . | nindent 4 }}
diff --git a/charts/datadog/datadog/templates/_containers-init-windows.yaml b/charts/datadog/datadog/templates/_containers-init-windows.yaml
index 81679c116..fcac4fa50 100644
--- a/charts/datadog/datadog/templates/_containers-init-windows.yaml
+++ b/charts/datadog/datadog/templates/_containers-init-windows.yaml
@@ -10,8 +10,10 @@
volumeMounts:
- name: config
mountPath: C:/Temp/Datadog
+ readOnly: true
- name: installinfo
mountPath: C:/Temp/install_info
+ readOnly: true
resources:
{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }}
- name: init-config
@@ -23,6 +25,7 @@
volumeMounts:
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: false # Need RW for config path
{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }}
- name: confd
mountPath: C:/conf.d
diff --git a/charts/datadog/datadog/templates/_helpers.tpl b/charts/datadog/datadog/templates/_helpers.tpl
index b9be8459d..178cf7103 100644
--- a/charts/datadog/datadog/templates/_helpers.tpl
+++ b/charts/datadog/datadog/templates/_helpers.tpl
@@ -657,6 +657,20 @@ Returns env vars correctly quoted and valueFrom respected
{{- end -}}
{{- end -}}
+{{/*
+Returns env vars correctly quoted and valueFrom respected, defined in a dict
+*/}}
+{{- define "additional-env-dict-entries" -}}
+{{- range $key, $value := . }}
+- name: {{ $key }}
+{{- if kindIs "map" $value }}
+{{ toYaml $value | indent 2 }}
+{{- else }}
+ value: {{ $value | quote }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
{{/*
Return the appropriate apiVersion for PodDisruptionBudget policy APIs.
*/}}
diff --git a/charts/datadog/datadog/templates/_system-probe-init.yaml b/charts/datadog/datadog/templates/_system-probe-init.yaml
index 0ff999710..99b1f4fbf 100644
--- a/charts/datadog/datadog/templates/_system-probe-init.yaml
+++ b/charts/datadog/datadog/templates/_system-probe-init.yaml
@@ -9,9 +9,11 @@
volumeMounts:
- name: datadog-agent-security
mountPath: /etc/config
+ readOnly: true
- name: seccomp-root
mountPath: /host/var/lib/kubelet/seccomp
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
+ readOnly: false # Need RW for seccomp-root
resources:
{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }}
{{- end -}}
diff --git a/charts/datadog/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/datadog/templates/agent-clusterchecks-deployment.yaml
index 2f6c36572..c15bab59f 100644
--- a/charts/datadog/datadog/templates/agent-clusterchecks-deployment.yaml
+++ b/charts/datadog/datadog/templates/agent-clusterchecks-deployment.yaml
@@ -54,6 +54,9 @@ spec:
{{- else }}
serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }}
{{- end }}
+ {{- if .Values.clusterChecksRunner.rbac.create }}
+ automountServiceAccountToken: {{ .Values.clusterChecksRunner.rbac.automountServiceAccountToken }}
+ {{- end }}
imagePullSecrets:
{{ toYaml .Values.clusterChecksRunner.image.pullSecrets | indent 8 }}
{{- if .Values.clusterChecksRunner.priorityClassName }}
@@ -77,6 +80,7 @@ spec:
volumeMounts:
- name: config
mountPath: /opt/datadog-agent
+ readOnly: false # Need RW for writing agent config files
resources:
{{ toYaml .Values.agents.containers.initContainers.resources | indent 10 }}
- name: init-config
@@ -88,6 +92,7 @@ spec:
volumeMounts:
- name: config
mountPath: /etc/datadog-agent
+ readOnly: false # Need RW for writing datadog.yaml config file
{{- if .Values.datadog.checksd }}
- name: checksd
mountPath: /checks.d
@@ -187,6 +192,7 @@ spec:
value: {{ .Values.datadog.clusterName | quote }}
{{- end }}
{{- include "additional-env-entries" .Values.clusterChecksRunner.env | indent 10 }}
+ {{- include "additional-env-dict-entries" .Values.clusterChecksRunner.envDict | indent 10 }}
resources:
{{ toYaml .Values.clusterChecksRunner.resources | indent 10 }}
volumeMounts:
@@ -200,6 +206,7 @@ spec:
readOnly: true
- name: config
mountPath: {{ template "datadog.confPath" . }}
+ readOnly: false # Need RW for config path
{{- if .Values.clusterChecksRunner.volumeMounts }}
{{ toYaml .Values.clusterChecksRunner.volumeMounts | indent 10 }}
{{- end }}
diff --git a/charts/datadog/datadog/templates/agent-clusterchecks-rbac.yaml b/charts/datadog/datadog/templates/agent-clusterchecks-rbac.yaml
index 176cab93d..fd81988d6 100644
--- a/charts/datadog/datadog/templates/agent-clusterchecks-rbac.yaml
+++ b/charts/datadog/datadog/templates/agent-clusterchecks-rbac.yaml
@@ -16,6 +16,7 @@ subjects:
---
apiVersion: v1
kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.clusterChecksRunner.rbac.automountServiceAccountToken }}
metadata:
labels:
{{ include "datadog.labels" . | indent 4 }}
diff --git a/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml b/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml
index d31784db7..772db4322 100644
--- a/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml
+++ b/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml
@@ -80,6 +80,7 @@ specs:
# When the control plane is on the same cluster, we must allow connections
# to the node entity.
- toEntities:
+ - kube-apiserver
- host
- remote-node
toPorts:
diff --git a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml
index df83a0be3..1fbdf20ab 100644
--- a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml
+++ b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml
@@ -49,6 +49,7 @@ spec:
name: {{ template "datadog.fullname" . }}-cluster-agent
annotations:
checksum/clusteragent_token: {{ include (print $.Template.BasePath "/secret-cluster-agent-token.yaml") . | sha256sum }}
+ checksum/clusteragent-configmap: {{ include (print $.Template.BasePath "/cluster-agent-confd-configmap.yaml") . | sha256sum }}
{{- if not .Values.datadog.apiKeyExistingSecret }}
checksum/api_key: {{ include (print $.Template.BasePath "/secret-api-key.yaml") . | sha256sum }}
{{- end }}
@@ -78,6 +79,9 @@ spec:
{{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }}
{{- end }}
serviceAccountName: {{ if .Values.clusterAgent.rbac.create }}{{ template "datadog.fullname" . }}-cluster-agent{{ else }}"{{ .Values.clusterAgent.rbac.serviceAccountName }}"{{ end }}
+ {{- if .Values.clusterAgent.rbac.create }}
+ automountServiceAccountToken: {{ .Values.clusterAgent.rbac.automountServiceAccountToken }}
+ {{- end }}
{{- if .Values.clusterAgent.useHostNetwork }}
hostNetwork: {{ .Values.clusterAgent.useHostNetwork }}
dnsPolicy: ClusterFirstWithHostNet
@@ -90,6 +94,19 @@ spec:
securityContext:
{{ toYaml .Values.clusterAgent.securityContext | nindent 8 }}
{{- end }}
+ initContainers:
+ - name: init-volume
+ image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterAgent.image) }}"
+ imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }}
+ command:
+ - cp
+ args:
+ - -r
+ - /etc/datadog-agent
+ - /opt
+ volumeMounts:
+ - name: config
+ mountPath: /opt/datadog-agent
containers:
- name: cluster-agent
image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterAgent.image) }}"
@@ -176,6 +193,12 @@ spec:
- name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY
value: {{ .Values.clusterAgent.admissionController.failurePolicy | quote }}
{{- end }}
+ {{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }}
+ - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED
+ value: "true"
+ - name: DD_REMOTE_CONFIGURATION_ENABLED
+ value: "true"
+ {{- end }}
{{- if .Values.datadog.clusterChecks.enabled }}
- name: DD_CLUSTER_CHECKS_ENABLED
value: {{ .Values.datadog.clusterChecks.enabled | quote }}
@@ -245,6 +268,7 @@ spec:
{{- end }}
{{- end }}
{{- include "additional-env-entries" .Values.clusterAgent.env | indent 10 }}
+ {{- include "additional-env-dict-entries" .Values.clusterAgent.envDict | indent 10 }}
livenessProbe:
{{- $live := .Values.clusterAgent.livenessProbe }}
{{ include "probe.http" (dict "path" "/live" "port" $healthPort "settings" $live) | indent 10 }}
@@ -256,6 +280,15 @@ spec:
{{ toYaml .Values.clusterAgent.containers.clusterAgent.securityContext | indent 10 }}
{{- end }}
volumeMounts:
+ - name: datadogrun
+ mountPath: /opt/datadog-agent/run
+ readOnly: false
+ - name: varlog
+ mountPath: /var/log/datadog
+ readOnly: false
+ - name: tmpdir
+ mountPath: /tmp
+ readOnly: false
- name: installinfo
subPath: install_info
{{- if eq .Values.targetSystem "windows" }}
@@ -285,7 +318,15 @@ spec:
readOnly: true
{{- end}}
{{- end}}
+ - name: config
+ mountPath: /etc/datadog-agent
volumes:
+ - name: datadogrun
+ emptyDir: {}
+ - name: varlog
+ emptyDir: {}
+ - name: tmpdir
+ emptyDir: {}
- name: installinfo
configMap:
name: {{ include "agents-install-info-configmap-name" . }}
@@ -329,7 +370,8 @@ spec:
name: {{ .Values.datadog.securityAgent.compliance.configMap }}
{{- end}}
{{- end}}
-
+ - name: config
+ emptyDir: {}
{{- if .Values.clusterAgent.volumes }}
{{ toYaml .Values.clusterAgent.volumes | indent 8 }}
{{- end }}
diff --git a/charts/datadog/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/datadog/templates/cluster-agent-rbac.yaml
index 16ce42705..5faf47a42 100644
--- a/charts/datadog/datadog/templates/cluster-agent-rbac.yaml
+++ b/charts/datadog/datadog/templates/cluster-agent-rbac.yaml
@@ -140,6 +140,9 @@ rules:
- list
- get
- watch
+{{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }}
+ - patch
+{{- end }}
- apiGroups:
- "batch"
resources:
@@ -287,6 +290,7 @@ subjects:
---
apiVersion: v1
kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.clusterAgent.rbac.automountServiceAccountToken }}
metadata:
labels:
app: "{{ template "datadog.fullname" . }}"
diff --git a/charts/datadog/datadog/templates/daemonset.yaml b/charts/datadog/datadog/templates/daemonset.yaml
index 219adf002..e836238e4 100644
--- a/charts/datadog/datadog/templates/daemonset.yaml
+++ b/charts/datadog/datadog/templates/daemonset.yaml
@@ -173,6 +173,9 @@ spec:
affinity:
{{ toYaml .Values.agents.affinity | indent 8 }}
serviceAccountName: {{ include "agents.serviceAccountName" . | quote }}
+ {{- if .Values.agents.rbac.create }}
+ automountServiceAccountToken: {{.Values.agents.rbac.automountServiceAccountToken }}
+ {{- end }}
nodeSelector:
{{ template "label.os" . }}: {{ .Values.targetSystem }}
{{- if .Values.agents.nodeSelector }}
diff --git a/charts/datadog/datadog/templates/kube-state-metrics-cilium-network-policy.yaml b/charts/datadog/datadog/templates/kube-state-metrics-cilium-network-policy.yaml
index 4de977469..0a2b13651 100644
--- a/charts/datadog/datadog/templates/kube-state-metrics-cilium-network-policy.yaml
+++ b/charts/datadog/datadog/templates/kube-state-metrics-cilium-network-policy.yaml
@@ -22,6 +22,7 @@ specs:
# When the control plane is on the same cluster, we must allow connections
# to the node entity.
- toEntities:
+ - kube-apiserver
- host
- remote-node
toPorts:
diff --git a/charts/datadog/datadog/templates/rbac.yaml b/charts/datadog/datadog/templates/rbac.yaml
index ed3ec028c..d703ac363 100644
--- a/charts/datadog/datadog/templates/rbac.yaml
+++ b/charts/datadog/datadog/templates/rbac.yaml
@@ -129,6 +129,7 @@ subjects:
---
apiVersion: v1
kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.agents.rbac.automountServiceAccountToken }}
metadata:
name: {{ include "agents.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml
index e04adec12..6384e8786 100644
--- a/charts/datadog/datadog/values.yaml
+++ b/charts/datadog/datadog/values.yaml
@@ -475,6 +475,10 @@ datadog:
# - name:
# value:
+ # datadog.envDict -- Set environment variables for all Agents defined in a dict
+ envDict: {}
+ # :
+
# datadog.confd -- Provide additional check configurations (static and Autodiscovery)
## Each key becomes a file in /conf.d
@@ -794,7 +798,7 @@ clusterAgent:
name: cluster-agent
# clusterAgent.image.tag -- Cluster Agent image tag to use
- tag: 7.43.0
+ tag: 7.43.1
# clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified
digest: ""
@@ -826,7 +830,9 @@ clusterAgent:
containers:
clusterAgent:
# clusterAgent.containers.clusterAgent.securityContext -- Specify securityContext on the cluster-agent container.
- securityContext: {}
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
# clusterAgent.command -- Command to run in the Cluster Agent container as entrypoint
command: []
@@ -854,6 +860,9 @@ clusterAgent:
# clusterAgent.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true
serviceAccountAnnotations: {}
+ # clusterAgent.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true
+ automountServiceAccountToken: true
+
## Provide Cluster Agent pod security configuration
podSecurity:
podSecurityPolicy:
@@ -911,6 +920,10 @@ clusterAgent:
# - secretRef:
# name:
+ # clusterAgent.envDict -- Set environment variables specific to Cluster Agent defined in a dict
+ envDict: {}
+ # :
+
admissionController:
# clusterAgent.admissionController.enabled -- Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods
enabled: true
@@ -931,6 +944,12 @@ clusterAgent:
## Setting to Fail will require the admission controller to be present and pods to be injected before they are allowed to run.
failurePolicy: Ignore
+ remoteInstrumentation:
+ # clusterAgent.admissionController.remoteInstrumentation.enabled -- Enable polling and applying library injection using Remote Config (beta).
+ ## This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+.
+ ## Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster.
+ enabled: false
+
# clusterAgent.confd -- Provide additional cluster check configurations. Each key will become a file in /conf.d.
## ref: https://docs.datadoghq.com/agent/autodiscovery/
@@ -1116,7 +1135,7 @@ agents:
name: agent
# agents.image.tag -- Define the Agent version to use
- tag: 7.43.0
+ tag: 7.43.1
# agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
digest: ""
@@ -1160,6 +1179,9 @@ agents:
# agents.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if agents.rbac.create is true
serviceAccountAnnotations: {}
+ # agents.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true
+ automountServiceAccountToken: true
+
## Provide Daemonset PodSecurityPolicy configuration
podSecurity:
podSecurityPolicy:
@@ -1241,6 +1263,10 @@ agents:
# - secretRef:
# name:
+ # agents.containers.agent.envDict -- Set environment variables specific to agent container defined in a dict
+ envDict: {}
+ # :
+
# agents.containers.agent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off.
# If not set, fall back to the value of datadog.logLevel.
logLevel: # INFO
@@ -1292,6 +1318,10 @@ agents:
# - secretRef:
# name:
+ # agents.containers.processAgent.envDict -- Set environment variables specific to process-agent defined in a dict
+ envDict: {}
+ # :
+
# agents.containers.processAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off.
# If not set, fall back to the value of datadog.logLevel.
logLevel: # INFO
@@ -1322,6 +1352,10 @@ agents:
# - secretRef:
# name:
+ # agents.containers.traceAgent.envDict -- Set environment variables specific to trace-agent defined in a dict
+ envDict: {}
+ # :
+
# agents.containers.traceAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off
logLevel: # INFO
@@ -1358,6 +1392,10 @@ agents:
# - secretRef:
# name:
+ # agents.containers.systemProbe.envDict -- Set environment variables specific to system-probe defined in a dict
+ envDict: {}
+ # :
+
# agents.containers.systemProbe.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off.
# If not set, fall back to the value of datadog.logLevel.
logLevel: # INFO
@@ -1393,6 +1431,10 @@ agents:
# - secretRef:
# name:
+ # agents.containers.securityAgent.envDict -- Set environment variables specific to security-agent defined in a dict
+ envDict: {}
+ # :
+
# agents.containers.securityAgent.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off.
# If not set, fall back to the value of datadog.logLevel.
logLevel: # INFO
@@ -1557,7 +1599,7 @@ clusterChecksRunner:
name: agent
# clusterChecksRunner.image.tag -- Define the Agent version to use
- tag: 7.43.0
+ tag: 7.43.1
# clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
digest: ""
@@ -1595,6 +1637,9 @@ clusterChecksRunner:
# clusterChecksRunner.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true
serviceAccountAnnotations: {}
+ # clusterChecksRunner.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true
+ automountServiceAccountToken: true
+
# clusterChecksRunner.rbac.serviceAccountName -- Specify a preexisting ServiceAccount to use if clusterChecksRunner.rbac.create is false
serviceAccountName: default
@@ -1714,6 +1759,10 @@ clusterChecksRunner:
# - secretRef:
# name:
+ # clusterChecksRunner.envDict -- Set environment variables specific to Cluster Checks Runner defined in a dict
+ envDict: {}
+ # :
+
# clusterChecksRunner.volumes -- Specify additional volumes to mount in the cluster checks container
volumes: []
# - hostPath:
diff --git a/charts/gitlab/gitlab/CHANGELOG.md b/charts/gitlab/gitlab/CHANGELOG.md
index 2bb58f3cb..cfb2f6eb0 100644
--- a/charts/gitlab/gitlab/CHANGELOG.md
+++ b/charts/gitlab/gitlab/CHANGELOG.md
@@ -2,6 +2,10 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 6.9.3 (2023-03-09)
+
+No changes.
+
## 6.9.2 (2023-03-02)
No changes.
diff --git a/charts/gitlab/gitlab/Chart.yaml b/charts/gitlab/gitlab/Chart.yaml
index f5a03d5f9..a1e5631ae 100644
--- a/charts/gitlab/gitlab/Chart.yaml
+++ b/charts/gitlab/gitlab/Chart.yaml
@@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: GitLab
catalog.cattle.io/release-name: gitlab
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: The One DevOps Platform
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
@@ -15,4 +15,4 @@ maintainers:
name: gitlab
sources:
- https://gitlab.com/gitlab-org/charts/gitlab
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
index dcd3b20e6..dad13bd6b 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: GitLab Geo logcursor
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -12,4 +12,4 @@ name: geo-logcursor
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
index ea2c7ded9..d78857872 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: Git RPC service for handling all the git calls made by GitLab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: gitaly
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
index 04a4fa621..aadf793e2 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
@@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter
- https://gitlab.com/gitlab-org/gitlab-exporter
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
index 0cb7c4127..a7a59bae9 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: Adapt the Grafana chart to interface to the GitLab App
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: gitlab-grafana
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
index 4cf6125a7..c8302356a 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: Daemon for serving static websites from GitLab projects
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages
- https://gitlab.com/gitlab-org/gitlab-pages
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
index 6e1de681a..82e91cd4e 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
@@ -14,4 +14,4 @@ name: gitlab-shell
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
index 450fe2ed7..76c839323 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
@@ -17,4 +17,4 @@ name: kas
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas
- https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
index 8ace8b6fe..4055ab797 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml
@@ -13,4 +13,4 @@ name: mailroom
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
index 9d1737acd..43c1b0024 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: Database migrations and other versioning tasks for upgrading Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -12,4 +12,4 @@ name: migrations
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
index 82c1c4d2a..9131b07c4 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
home: https://about.gitlab.com/
@@ -16,4 +16,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
- https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
index 2cd8b49aa..749402ed5 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: Gitlab Sidekiq for asynchronous task processing in rails
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: sidekiq
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
index 9a7b38f31..958a5f67b 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml
@@ -14,4 +14,4 @@ name: spamcheck
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck
- https://gitlab.com/gitlab-org/spamcheck
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
index 030535981..60799bd68 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: For manually running rake tasks through kubectl
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: toolbox
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
index 1f535b80e..ef4bc931f 100644
--- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
+++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 15.9.2
+appVersion: 15.9.3
description: HTTP server for Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ name: webservice
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice
-version: 6.9.2
+version: 6.9.3
diff --git a/charts/gitlab/gitlab/requirements.lock b/charts/gitlab/gitlab/requirements.lock
index 3d922b4e3..c8bfff418 100644
--- a/charts/gitlab/gitlab/requirements.lock
+++ b/charts/gitlab/gitlab/requirements.lock
@@ -33,4 +33,4 @@ dependencies:
repository: ""
version: '*.*.*'
digest: sha256:49d31a900c604ab654cbf4fc4be5200921f56731c6659c7cf1cd3abd180419c0
-generated: "2023-03-02T15:10:30.57837703Z"
+generated: "2023-03-09T21:42:17.086295055Z"
diff --git a/charts/gitlab/gitlab/values.yaml b/charts/gitlab/gitlab/values.yaml
index d2c26b876..3cfdc1205 100644
--- a/charts/gitlab/gitlab/values.yaml
+++ b/charts/gitlab/gitlab/values.yaml
@@ -40,7 +40,7 @@ global:
edition: ee
## https://docs.gitlab.com/charts/charts/globals#gitlab-version
- gitlabVersion: "15.9.2"
+ gitlabVersion: "15.9.3"
## https://docs.gitlab.com/charts/charts/globals#application-resource
application:
diff --git a/charts/gluu/gluu/Chart.yaml b/charts/gluu/gluu/Chart.yaml
index e28f6e856..e71af6200 100644
--- a/charts/gluu/gluu/Chart.yaml
+++ b/charts/gluu/gluu/Chart.yaml
@@ -1,28 +1,28 @@
annotations:
artifacthub.io/changes: |
- - Chart 5.0.11 official release
+ - Chart 5.0.12 official release
artifacthub.io/containsSecurityUpdates: "true"
artifacthub.io/images: |
- name: auth-server
- image: janssenproject/auth-server:1.0.8_dev
+ image: janssenproject/auth-server:1.0.8-1
- name: auth-server-key-rotation
- image: janssenproject/certmanager:1.0.8_dev
+ image: janssenproject/certmanager:1.0.8-1
- name: configuration-manager
- image: janssenproject/configurator:1.0.8_dev
+ image: janssenproject/configurator:1.0.8-1
- name: config-api
- image: janssenproject/config-api:1.0.8_dev
+ image: janssenproject/config-api:1.0.8-1
- name: fido2
- image: janssenproject/fido2:1.0.8_dev
+ image: janssenproject/fido2:1.0.8-1
- name: opendj
image: gluufederation/opendj:5.0.0_dev
- name: persistence
- image: janssenproject/persistence-loader:1.0.8_dev
+ image: janssenproject/persistence-loader:1.0.8-1
- name: scim
- image: janssenproject/scim:1.0.8_dev
+ image: janssenproject/scim:1.0.8-1
- name: casa
image: gluufederation/casa:5.0.0_dev
- name: admin-ui
- image: gluufederation/admin-ui:1.0.8_dev
+ image: gluufederation/admin-ui:1.0.8-1
artifacthub.io/license: Apache-2.0
artifacthub.io/prerelease: "true"
catalog.cattle.io/certified: partner
@@ -35,59 +35,59 @@ dependencies:
- condition: global.config.enabled
name: config
repository: file://./charts/config
- version: 5.0.11
+ version: 5.0.13
- condition: global.config-api.enabled
name: config-api
repository: file://./charts/config-api
- version: 5.0.11
+ version: 5.0.13
- condition: global.opendj.enabled
name: opendj
repository: file://./charts/opendj
- version: 5.0.11
+ version: 5.0.13
- condition: global.auth-server.enabled
name: auth-server
repository: file://./charts/auth-server
- version: 5.0.11
+ version: 5.0.13
- condition: global.admin-ui.enabled
name: admin-ui
repository: file://./charts/admin-ui
- version: 5.0.11
+ version: 5.0.13
- condition: global.fido2.enabled
name: fido2
repository: file://./charts/fido2
- version: 5.0.11
+ version: 5.0.13
- condition: global.scim.enabled
name: scim
repository: file://./charts/scim
- version: 5.0.11
+ version: 5.0.13
- condition: global.nginx-ingress.enabled
name: nginx-ingress
repository: file://./charts/nginx-ingress
- version: 5.0.11
+ version: 5.0.13
- condition: global.oxshibboleth.enabled
name: oxshibboleth
repository: file://./charts/oxshibboleth
- version: 5.0.11
+ version: 5.0.13
- condition: global.oxpassport.enabled
name: oxpassport
repository: file://./charts/oxpassport
- version: 5.0.11
+ version: 5.0.13
- condition: global.casa.enabled
name: casa
repository: file://./charts/casa
- version: 5.0.11
+ version: 5.0.13
- condition: global.auth-server-key-rotation.enabled
name: auth-server-key-rotation
repository: file://./charts/auth-server-key-rotation
- version: 5.0.11
+ version: 5.0.13
- condition: global.persistence.enabled
name: persistence
repository: file://./charts/persistence
- version: 5.0.11
+ version: 5.0.13
- condition: global.istio.ingress
name: cn-istio-ingress
repository: file://./charts/cn-istio-ingress
- version: 5.0.11
+ version: 5.0.13
description: Gluu Access and Identity Management
home: https://www.gluu.org
icon: https://gluu.org/docs/gluu-server/favicon.ico
@@ -99,4 +99,4 @@ name: gluu
sources:
- https://gluu.org/docs/gluu-server
- https://github.com/GluuFederation/flex/flex-cn-setup
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/README.md b/charts/gluu/gluu/README.md
index 21ce4dcea..91846e182 100644
--- a/charts/gluu/gluu/README.md
+++ b/charts/gluu/gluu/README.md
@@ -1,6 +1,6 @@
# gluu
- 
+ 
Gluu Access and Identity Management
@@ -23,26 +23,26 @@ Kubernetes: `>=v1.21.0-0`
| Repository | Name | Version |
|------------|------|---------|
-| | admin-ui | 5.0.11 |
-| | auth-server | 5.0.11 |
-| | auth-server-key-rotation | 5.0.11 |
-| | casa | 5.0.11 |
-| | cn-istio-ingress | 5.0.11 |
-| | config | 5.0.11 |
-| | config-api | 5.0.11 |
-| | fido2 | 5.0.11 |
-| | nginx-ingress | 5.0.11 |
-| | opendj | 5.0.11 |
-| | oxpassport | 5.0.11 |
-| | oxshibboleth | 5.0.11 |
-| | persistence | 5.0.11 |
-| | scim | 5.0.11 |
+| | admin-ui | 5.0.13 |
+| | auth-server | 5.0.13 |
+| | auth-server-key-rotation | 5.0.13 |
+| | casa | 5.0.13 |
+| | cn-istio-ingress | 5.0.13 |
+| | config | 5.0.13 |
+| | config-api | 5.0.13 |
+| | fido2 | 5.0.13 |
+| | nginx-ingress | 5.0.13 |
+| | opendj | 5.0.13 |
+| | oxpassport | 5.0.13 |
+| | oxshibboleth | 5.0.13 |
+| | persistence | 5.0.13 |
+| | scim | 5.0.13 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.7-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server |
+| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.9-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server |
| admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| admin-ui.dnsConfig | object | `{}` | Add custom dns config |
@@ -53,7 +53,7 @@ Kubernetes: `>=v1.21.0-0`
| admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets |
| admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. |
-| admin-ui.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| admin-ui.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. |
| admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
| admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. |
@@ -69,8 +69,8 @@ Kubernetes: `>=v1.21.0-0`
| admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.7-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
-| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.7-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.9-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
+| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.9-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
| auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config |
@@ -78,7 +78,7 @@ Kubernetes: `>=v1.21.0-0`
| auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets |
| auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. |
-| auth-server-key-rotation.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| auth-server-key-rotation.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours |
| auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
| auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. |
@@ -100,7 +100,7 @@ Kubernetes: `>=v1.21.0-0`
| auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets |
| auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. |
-| auth-server.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| auth-server.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py |
| auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -117,7 +117,7 @@ Kubernetes: `>=v1.21.0-0`
| auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-7"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. |
+| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-9"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. |
| casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| casa.dnsConfig | object | `{}` | Add custom dns config |
@@ -128,7 +128,7 @@ Kubernetes: `>=v1.21.0-0`
| casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| casa.image.pullSecrets | list | `[]` | Image Pull Secrets |
| casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. |
-| casa.image.tag | string | `"5.0.0-7"` | Image tag to use for deploying. |
+| casa.image.tag | string | `"5.0.0-9"` | Image tag to use for deploying. |
| casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
| casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint |
| casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -146,8 +146,8 @@ Kubernetes: `>=v1.21.0-0`
| casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.7-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. |
-| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.7-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
+| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.9-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. |
+| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
| config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| config-api.dnsConfig | object | `{}` | Add custom dns config |
@@ -158,7 +158,7 @@ Kubernetes: `>=v1.21.0-0`
| config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| config-api.image.pullSecrets | list | `[]` | Image Pull Secrets |
| config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. |
-| config-api.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| config-api.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint |
| config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -222,7 +222,7 @@ Kubernetes: `>=v1.21.0-0`
| config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. |
| config.image.pullSecrets | list | `[]` | Image Pull Secrets |
| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. |
-| config.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| config.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. |
| config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section |
| config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE |
@@ -241,7 +241,7 @@ Kubernetes: `>=v1.21.0-0`
| config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 |
| config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.7-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. |
+| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. |
| fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| fido2.dnsConfig | object | `{}` | Add custom dns config |
@@ -252,7 +252,7 @@ Kubernetes: `>=v1.21.0-0`
| fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| fido2.image.pullSecrets | list | `[]` | Image Pull Secrets |
| fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. |
-| fido2.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| fido2.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. |
| fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint |
| fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -551,7 +551,7 @@ Kubernetes: `>=v1.21.0-0`
| oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.7-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. |
+| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.9-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. |
| persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| persistence.dnsConfig | object | `{}` | Add custom dns config |
@@ -559,7 +559,7 @@ Kubernetes: `>=v1.21.0-0`
| persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| persistence.image.pullSecrets | list | `[]` | Image Pull Secrets |
| persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. |
-| persistence.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| persistence.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
| persistence.resources.limits.cpu | string | `"300m"` | CPU limit |
| persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. |
@@ -570,7 +570,7 @@ Kubernetes: `>=v1.21.0-0`
| persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.7-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 |
+| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 |
| scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| scim.dnsConfig | object | `{}` | Add custom dns config |
@@ -581,7 +581,7 @@ Kubernetes: `>=v1.21.0-0`
| scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| scim.image.pullSecrets | list | `[]` | Image Pull Secrets |
| scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. |
-| scim.image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| scim.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. |
| scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint |
| scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
diff --git a/charts/gluu/gluu/charts/admin-ui/Chart.yaml b/charts/gluu/gluu/charts/admin-ui/Chart.yaml
index a016835be..e50f6983b 100644
--- a/charts/gluu/gluu/charts/admin-ui/Chart.yaml
+++ b/charts/gluu/gluu/charts/admin-ui/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://github.com/GluuFederation/docker-gluu-admin-ui
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/admin-ui/README.md b/charts/gluu/gluu/charts/admin-ui/README.md
index 4fe2589b3..01eb7d74d 100644
--- a/charts/gluu/gluu/charts/admin-ui/README.md
+++ b/charts/gluu/gluu/charts/admin-ui/README.md
@@ -1,6 +1,6 @@
# admin-ui
-  
+  
Admin GUI. Requires license.
@@ -35,7 +35,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. |
| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. |
| replicas | int | `1` | Service replica number. |
diff --git a/charts/gluu/gluu/charts/admin-ui/values.yaml b/charts/gluu/gluu/charts/admin-ui/values.yaml
index 51d5255f5..70e67e4aa 100644
--- a/charts/gluu/gluu/charts/admin-ui/values.yaml
+++ b/charts/gluu/gluu/charts/admin-ui/values.yaml
@@ -27,7 +27,7 @@ image:
# -- Image to use for deploying.
repository: gluufederation/admin-ui
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml
index cd8631c6f..f49507043 100644
--- a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml
+++ b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml
@@ -15,4 +15,4 @@ sources:
- https://github.com/JanssenProject/docker-jans-certmanager
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md
index efeb9ca9c..54fb1f383 100644
--- a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md
+++ b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md
@@ -1,6 +1,6 @@
# auth-server-key-rotation
-  
+  
Responsible for regenerating auth-keys per x hours
@@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| keysLife | int | `48` | Auth server key rotation keys life in hours |
| nodeSelector | object | `{}` | |
| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml
index 7e4e64f6b..488e0e2ab 100644
--- a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml
+++ b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml
@@ -18,7 +18,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/certmanager
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Auth server key rotation keys life in hours
diff --git a/charts/gluu/gluu/charts/auth-server/Chart.yaml b/charts/gluu/gluu/charts/auth-server/Chart.yaml
index 286f87137..3040d3f42 100644
--- a/charts/gluu/gluu/charts/auth-server/Chart.yaml
+++ b/charts/gluu/gluu/charts/auth-server/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/JanssenProject/docker-jans-auth-server
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/auth-server/README.md b/charts/gluu/gluu/charts/auth-server/README.md
index c79dff53c..45f9159d2 100644
--- a/charts/gluu/gluu/charts/auth-server/README.md
+++ b/charts/gluu/gluu/charts/auth-server/README.md
@@ -1,6 +1,6 @@
# auth-server
-  
+  
OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
@@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
| readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
diff --git a/charts/gluu/gluu/charts/auth-server/values.yaml b/charts/gluu/gluu/charts/auth-server/values.yaml
index 27c4b5d3c..ecd9065be 100644
--- a/charts/gluu/gluu/charts/auth-server/values.yaml
+++ b/charts/gluu/gluu/charts/auth-server/values.yaml
@@ -28,7 +28,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/auth-server
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/casa/Chart.yaml b/charts/gluu/gluu/charts/casa/Chart.yaml
index de139f5b7..ecc921b5b 100644
--- a/charts/gluu/gluu/charts/casa/Chart.yaml
+++ b/charts/gluu/gluu/charts/casa/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/GluuFederation/docker-casa
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/casa/README.md b/charts/gluu/gluu/charts/casa/README.md
index b9aba46d8..6290bcff9 100644
--- a/charts/gluu/gluu/charts/casa/README.md
+++ b/charts/gluu/gluu/charts/casa/README.md
@@ -1,6 +1,6 @@
# casa
-  
+  
Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
@@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"gluufederation/casa"` | Image to use for deploying. |
-| image.tag | string | `"5.0.0-3"` | Image tag to use for deploying. |
+| image.tag | string | `"5.0.0-8"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
| livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint |
| nameOverride | string | `""` | |
diff --git a/charts/gluu/gluu/charts/casa/values.yaml b/charts/gluu/gluu/charts/casa/values.yaml
index 40a3c07ef..9fc8c32b1 100644
--- a/charts/gluu/gluu/charts/casa/values.yaml
+++ b/charts/gluu/gluu/charts/casa/values.yaml
@@ -27,7 +27,7 @@ image:
# -- Image to use for deploying.
repository: gluufederation/casa
# -- Image tag to use for deploying.
- tag: 5.0.0-3
+ tag: 5.0.0-8
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml
index 159226496..1bdad5b3b 100644
--- a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml
+++ b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml
@@ -16,4 +16,4 @@ sources:
- https://gluu.org/docs/gluu-server/
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/README.md b/charts/gluu/gluu/charts/cn-istio-ingress/README.md
index ca9d63b22..8545c0e35 100644
--- a/charts/gluu/gluu/charts/cn-istio-ingress/README.md
+++ b/charts/gluu/gluu/charts/cn-istio-ingress/README.md
@@ -1,6 +1,6 @@
# cn-istio-ingress
-  
+  
Istio Gateway
diff --git a/charts/gluu/gluu/charts/config-api/Chart.yaml b/charts/gluu/gluu/charts/config-api/Chart.yaml
index d7b39a39e..b300fad62 100644
--- a/charts/gluu/gluu/charts/config-api/Chart.yaml
+++ b/charts/gluu/gluu/charts/config-api/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-config-api
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/config-api/README.md b/charts/gluu/gluu/charts/config-api/README.md
index e5797c48b..503f1943c 100644
--- a/charts/gluu/gluu/charts/config-api/README.md
+++ b/charts/gluu/gluu/charts/config-api/README.md
@@ -1,6 +1,6 @@
# config-api
-  
+  
Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)
@@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
| nameOverride | string | `""` | |
diff --git a/charts/gluu/gluu/charts/config-api/values.yaml b/charts/gluu/gluu/charts/config-api/values.yaml
index 74baf5f10..bc8c22a68 100644
--- a/charts/gluu/gluu/charts/config-api/values.yaml
+++ b/charts/gluu/gluu/charts/config-api/values.yaml
@@ -33,7 +33,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/config-api
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/config/Chart.yaml b/charts/gluu/gluu/charts/config/Chart.yaml
index a54b47ce3..e50b02a1f 100644
--- a/charts/gluu/gluu/charts/config/Chart.yaml
+++ b/charts/gluu/gluu/charts/config/Chart.yaml
@@ -18,4 +18,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-configurator
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/config/README.md b/charts/gluu/gluu/charts/config/README.md
index a43040d3b..ae870bb9b 100644
--- a/charts/gluu/gluu/charts/config/README.md
+++ b/charts/gluu/gluu/charts/config/README.md
@@ -1,6 +1,6 @@
# config
-  
+  
Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
@@ -73,7 +73,7 @@ Kubernetes: `>=v1.21.0-0`
| fullNameOverride | string | `""` | |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. |
| migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section |
| migration.enabled | bool | `false` | Boolean flag to enable migration from CE |
diff --git a/charts/gluu/gluu/charts/config/values.yaml b/charts/gluu/gluu/charts/config/values.yaml
index 855a03cad..31c329d9b 100644
--- a/charts/gluu/gluu/charts/config/values.yaml
+++ b/charts/gluu/gluu/charts/config/values.yaml
@@ -106,7 +106,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/configurator
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- LDAP admin password if OpennDJ is used for persistence.
diff --git a/charts/gluu/gluu/charts/fido2/Chart.yaml b/charts/gluu/gluu/charts/fido2/Chart.yaml
index af6eb07c1..3d06ae090 100644
--- a/charts/gluu/gluu/charts/fido2/Chart.yaml
+++ b/charts/gluu/gluu/charts/fido2/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-fido2
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/fido2/README.md b/charts/gluu/gluu/charts/fido2/README.md
index 9286fd0e4..1bee8d96a 100644
--- a/charts/gluu/gluu/charts/fido2/README.md
+++ b/charts/gluu/gluu/charts/fido2/README.md
@@ -1,6 +1,6 @@
# fido2
-  
+  
FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
@@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. |
| livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint |
| readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. |
diff --git a/charts/gluu/gluu/charts/fido2/values.yaml b/charts/gluu/gluu/charts/fido2/values.yaml
index 6152bad32..1415b7d0d 100644
--- a/charts/gluu/gluu/charts/fido2/values.yaml
+++ b/charts/gluu/gluu/charts/fido2/values.yaml
@@ -29,7 +29,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/fido2
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml
index 225a65f7d..85abcb2ea 100644
--- a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml
+++ b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://kubernetes.io/docs/concepts/services-networking/ingress/
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/nginx-ingress/README.md b/charts/gluu/gluu/charts/nginx-ingress/README.md
index 7ebb8dcea..e6e23517d 100644
--- a/charts/gluu/gluu/charts/nginx-ingress/README.md
+++ b/charts/gluu/gluu/charts/nginx-ingress/README.md
@@ -1,6 +1,6 @@
# nginx-ingress
-  
+  
Nginx ingress definitions chart
diff --git a/charts/gluu/gluu/charts/opendj/Chart.yaml b/charts/gluu/gluu/charts/opendj/Chart.yaml
index 00542f590..db5c2f7ab 100644
--- a/charts/gluu/gluu/charts/opendj/Chart.yaml
+++ b/charts/gluu/gluu/charts/opendj/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/GluuFederation/docker-opendj
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/opendj/README.md b/charts/gluu/gluu/charts/opendj/README.md
index 0eb2d95b0..7e7cc1d93 100644
--- a/charts/gluu/gluu/charts/opendj/README.md
+++ b/charts/gluu/gluu/charts/opendj/README.md
@@ -1,6 +1,6 @@
# opendj
-  
+  
OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.
diff --git a/charts/gluu/gluu/charts/oxpassport/Chart.yaml b/charts/gluu/gluu/charts/oxpassport/Chart.yaml
index 751a631e7..af197fb29 100644
--- a/charts/gluu/gluu/charts/oxpassport/Chart.yaml
+++ b/charts/gluu/gluu/charts/oxpassport/Chart.yaml
@@ -18,4 +18,4 @@ sources:
- https://github.com/GluuFederation/docker-oxpassport
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/oxpassport/README.md b/charts/gluu/gluu/charts/oxpassport/README.md
index 1dcf136d4..509945113 100644
--- a/charts/gluu/gluu/charts/oxpassport/README.md
+++ b/charts/gluu/gluu/charts/oxpassport/README.md
@@ -1,6 +1,6 @@
# oxpassport
-  
+  
Gluu interface to Passport.js to support social login and inbound identity.
diff --git a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml
index 33df95e49..f3ada6726 100644
--- a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml
+++ b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://github.com/GluuFederation/docker-oxshibboleth
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/oxshibboleth/README.md b/charts/gluu/gluu/charts/oxshibboleth/README.md
index c9c196b34..b33196163 100644
--- a/charts/gluu/gluu/charts/oxshibboleth/README.md
+++ b/charts/gluu/gluu/charts/oxshibboleth/README.md
@@ -1,6 +1,6 @@
# oxshibboleth
-  
+  
Shibboleth project for the Gluu Server's SAML IDP functionality.
diff --git a/charts/gluu/gluu/charts/persistence/Chart.yaml b/charts/gluu/gluu/charts/persistence/Chart.yaml
index e3cb986c6..46b831ac4 100644
--- a/charts/gluu/gluu/charts/persistence/Chart.yaml
+++ b/charts/gluu/gluu/charts/persistence/Chart.yaml
@@ -15,4 +15,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-persistence-loader
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/persistence/README.md b/charts/gluu/gluu/charts/persistence/README.md
index f10afb123..a7a918956 100644
--- a/charts/gluu/gluu/charts/persistence/README.md
+++ b/charts/gluu/gluu/charts/persistence/README.md
@@ -1,6 +1,6 @@
# persistence
-  
+  
Job to generate data and initial config for Gluu Server persistence layer.
@@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"gluufederation/persistence"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| imagePullSecrets | list | `[]` | |
| nameOverride | string | `""` | |
| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
diff --git a/charts/gluu/gluu/charts/persistence/values.yaml b/charts/gluu/gluu/charts/persistence/values.yaml
index 548a1afaf..425dcaa37 100644
--- a/charts/gluu/gluu/charts/persistence/values.yaml
+++ b/charts/gluu/gluu/charts/persistence/values.yaml
@@ -18,7 +18,7 @@ image:
# -- Image to use for deploying.
repository: gluufederation/persistence
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
diff --git a/charts/gluu/gluu/charts/scim/Chart.yaml b/charts/gluu/gluu/charts/scim/Chart.yaml
index 8e67fe391..67fccea07 100644
--- a/charts/gluu/gluu/charts/scim/Chart.yaml
+++ b/charts/gluu/gluu/charts/scim/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-scim
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim
type: application
-version: 5.0.11
+version: 5.0.13
diff --git a/charts/gluu/gluu/charts/scim/README.md b/charts/gluu/gluu/charts/scim/README.md
index 8c0cabdb1..daa7fee22 100644
--- a/charts/gluu/gluu/charts/scim/README.md
+++ b/charts/gluu/gluu/charts/scim/README.md
@@ -1,6 +1,6 @@
# scim
-  
+  
System for Cross-domain Identity Management (SCIM) version 2.0
@@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/scim"` | Image to use for deploying. |
-| image.tag | string | `"1.0.7-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. |
| livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint |
| readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. |
diff --git a/charts/gluu/gluu/charts/scim/values.yaml b/charts/gluu/gluu/charts/scim/values.yaml
index e2ca69351..96dacae15 100644
--- a/charts/gluu/gluu/charts/scim/values.yaml
+++ b/charts/gluu/gluu/charts/scim/values.yaml
@@ -28,7 +28,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/scim
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/openbanking-values.yaml b/charts/gluu/gluu/openbanking-values.yaml
index 935cbe95d..476055199 100644
--- a/charts/gluu/gluu/openbanking-values.yaml
+++ b/charts/gluu/gluu/openbanking-values.yaml
@@ -28,7 +28,7 @@ auth-server:
# -- Image to use for deploying.
repository: janssenproject/auth-server
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -167,7 +167,7 @@ config:
# -- Image to use for deploying.
repository: janssenproject/configurator
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Organization name. Used for certificate creation.
@@ -231,7 +231,7 @@ config-api:
# -- Image to use for deploying.
repository: janssenproject/config-api
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -674,7 +674,7 @@ persistence:
# -- Image to use for deploying.
repository: janssenproject/persistence-loader
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
diff --git a/charts/gluu/gluu/values.yaml b/charts/gluu/gluu/values.yaml
index 107b07dc3..bb20f8e53 100644
--- a/charts/gluu/gluu/values.yaml
+++ b/charts/gluu/gluu/values.yaml
@@ -106,7 +106,7 @@ admin-ui:
# -- Image to use for deploying.
repository: gluufederation/admin-ui
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -197,7 +197,7 @@ auth-server:
# -- Image to use for deploying.
repository: janssenproject/auth-server
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -264,7 +264,7 @@ auth-server-key-rotation:
# -- Image to use for deploying.
repository: janssenproject/certmanager
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Auth server key rotation keys life in hours
@@ -339,7 +339,7 @@ casa:
# -- Image to use for deploying.
repository: gluufederation/casa
# -- Image tag to use for deploying.
- tag: 5.0.0-7
+ tag: 5.0.0-9
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -512,7 +512,7 @@ config:
# -- Image to use for deploying.
repository: janssenproject/configurator
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- LDAP admin password if OpenDJ is used for persistence.
@@ -606,7 +606,7 @@ config-api:
# -- Image to use for deploying.
repository: janssenproject/config-api
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -698,7 +698,7 @@ fido2:
# -- Image to use for deploying.
repository: janssenproject/fido2
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -1556,7 +1556,7 @@ persistence:
# -- Image to use for deploying.
repository: janssenproject/persistence-loader
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
@@ -1629,7 +1629,7 @@ scim:
# -- Image to use for deploying.
repository: janssenproject/scim
# -- Image tag to use for deploying.
- tag: 1.0.7-1
+ tag: 1.0.9-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/haproxy/haproxy/Chart.yaml b/charts/haproxy/haproxy/Chart.yaml
index 5841f2a36..5c592c47b 100644
--- a/charts/haproxy/haproxy/Chart.yaml
+++ b/charts/haproxy/haproxy/Chart.yaml
@@ -1,12 +1,12 @@
annotations:
artifacthub.io/changes: |
- - replace k8s.gcr.io registry for the default backend with registry.k8s.io
+ - Use Ingress Controller 1.9.5 version for base image
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: haproxy
apiVersion: v2
-appVersion: 1.9.3
+appVersion: 1.9.5
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
@@ -21,4 +21,4 @@ name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
-version: 1.28.3
+version: 1.29.1
diff --git a/charts/haproxy/haproxy/templates/controller-daemonset.yaml b/charts/haproxy/haproxy/templates/controller-daemonset.yaml
index 5190f6d98..390b1ab2b 100644
--- a/charts/haproxy/haproxy/templates/controller-daemonset.yaml
+++ b/charts/haproxy/haproxy/templates/controller-daemonset.yaml
@@ -100,9 +100,6 @@ spec:
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
- --http-bind-port={{ .Values.controller.containerPort.http }}
- --https-bind-port={{ .Values.controller.containerPort.https }}
-{{- if .Values.defaultBackend.enabled }}
- - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
-{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
diff --git a/charts/haproxy/haproxy/templates/controller-deployment.yaml b/charts/haproxy/haproxy/templates/controller-deployment.yaml
index 506a6e012..ed2b163de 100644
--- a/charts/haproxy/haproxy/templates/controller-deployment.yaml
+++ b/charts/haproxy/haproxy/templates/controller-deployment.yaml
@@ -101,9 +101,6 @@ spec:
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
- --http-bind-port={{ .Values.controller.containerPort.http }}
- --https-bind-port={{ .Values.controller.containerPort.https }}
-{{- if .Values.defaultBackend.enabled }}
- - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
-{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
diff --git a/charts/haproxy/haproxy/templates/default-backend-deployment.yaml b/charts/haproxy/haproxy/templates/default-backend-deployment.yaml
deleted file mode 100644
index 532554019..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-deployment.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.defaultBackend.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-spec:
- {{- if not .Values.defaultBackend.autoscaling.enabled }}
- replicas: {{ .Values.defaultBackend.replicaCount }}
- {{- end }}
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- template:
- metadata:
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- {{- if .Values.defaultBackend.podLabels }}
-{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
- {{- end }}
- {{- if .Values.defaultBackend.podAnnotations }}
- annotations:
-{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
- {{- end }}
- spec:
-{{- with .Values.defaultBackend.topologySpreadConstraints }}
- topologySpreadConstraints:
- {{- toYaml . | nindent 8 }}
-{{- end }}
-{{- if .Values.defaultBackend.imageCredentials.registry }}
- imagePullSecrets:
- - name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
-{{- else if .Values.defaultBackend.existingImagePullSecret }}
- imagePullSecrets:
- - name: {{ .Values.defaultBackend.existingImagePullSecret }}
-{{- end }}
-{{- if .Values.controller.priorityClassName }}
- priorityClassName: {{ .Values.controller.priorityClassName }}
-{{- end }}
- containers:
- - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
- image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
- imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
- {{- if .Values.defaultBackend.enableRuntimeDefaultSeccompProfile }}
- seccompProfile:
- type: RuntimeDefault
- {{- end }}
- ports:
- - name: http
- containerPort: {{ .Values.defaultBackend.containerPort }}
- protocol: TCP
- {{- if .Values.defaultBackend.extraEnvs }}
- env:
- {{- toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
- {{- end }}
- resources:
- {{- toYaml .Values.defaultBackend.resources | nindent 12 }}
- {{- with .Values.defaultBackend.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.defaultBackend.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
- terminationGracePeriodSeconds: 60
- {{- with .Values.defaultBackend.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
-{{- end }}
diff --git a/charts/haproxy/haproxy/templates/default-backend-hpa.yaml b/charts/haproxy/haproxy/templates/default-backend-hpa.yaml
deleted file mode 100644
index 651867301..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-hpa.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-{{/*
-Copyright 2020 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
-{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
-apiVersion: autoscaling/v2
-{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }}
-apiVersion: autoscaling/v2beta2
-{{- else }}
- {{- fail "ERROR: You must have autoscaling/v2 or autoscaling/v2beta2 to use HorizontalPodAutoscaler" }}
-{{- end }}
-kind: HorizontalPodAutoscaler
-metadata:
-{{- if .Values.defaultBackend.autoscaling.annotations }}
- annotations:
-{{ toYaml .Values.defaultBackend.autoscaling.annotations | indent 4 }}
-{{- end }}
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-spec:
- scaleTargetRef:
- apiVersion: apps/v1
- kind: Deployment
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
- maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
- metrics:
- {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- - type: Resource
- resource:
- name: cpu
- target:
- type: Utilization
- averageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- {{- end }}
- {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- - type: Resource
- resource:
- name: memory
- target:
- type: Utilization
- averageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- {{- end }}
- {{- if .Values.defaultBackend.autoscaling.custom }}
- {{- toYaml .Values.defaultBackend.autoscaling.custom | nindent 4 }}
- {{- end }}
-{{- end }}
diff --git a/charts/haproxy/haproxy/templates/default-backend-podsecuritypolicy.yaml b/charts/haproxy/haproxy/templates/default-backend-podsecuritypolicy.yaml
deleted file mode 100644
index 753ed14b7..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-podsecuritypolicy.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
-{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
-{{- if .Capabilities.APIVersions.Has "policy/v1/PodSecurityPolicy" }}
-apiVersion: policy/v1
-{{- else }}
-apiVersion: policy/v1beta1
-{{- end }}
-kind: PodSecurityPolicy
-metadata:
-{{- if .Values.podSecurityPolicy.annotations }}
- annotations:
-{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
-{{- end }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- annotations:
- seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
- apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
- seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
- apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities:
- - NET_BIND_SERVICE
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- rule: MustRunAs
- ranges:
- - max: 65535
- min: 1
- hostNetwork: false
- hostIPC: false
- hostPID: false
- privileged: false
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: MustRunAs
- ranges:
- - max: 65535
- min: 1
- volumes:
- - configMap
- - downwardAPI
- - secret
-{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/haproxy/haproxy/templates/default-backend-pullsecret.yaml b/charts/haproxy/haproxy/templates/default-backend-pullsecret.yaml
deleted file mode 100644
index cfa386770..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-pullsecret.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.defaultBackend.imageCredentials.registry }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-type: kubernetes.io/dockerconfigjson
-data:
- .dockerconfigjson: {{ template "kubernetes-ingress.defaultBackend.imagePullSecret" . }}
-{{- end }}
diff --git a/charts/haproxy/haproxy/templates/default-backend-role.yaml b/charts/haproxy/haproxy/templates/default-backend-role.yaml
deleted file mode 100644
index 8475d04fc..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-role.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-rules:
-- apiGroups:
- - "policy"
- resources:
- - podsecuritypolicies
- verbs:
- - use
- resourceNames:
- - {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
-{{- end -}}
diff --git a/charts/haproxy/haproxy/templates/default-backend-rolebinding.yaml b/charts/haproxy/haproxy/templates/default-backend-rolebinding.yaml
deleted file mode 100644
index 3a94e9418..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-rolebinding.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
-subjects:
-- kind: ServiceAccount
- name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
-{{- end -}}
diff --git a/charts/haproxy/haproxy/templates/default-backend-service.yaml b/charts/haproxy/haproxy/templates/default-backend-service.yaml
deleted file mode 100644
index fe617ef8e..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-service.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.defaultBackend.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-{{- if .Values.defaultBackend.service.annotations }}
- annotations:
-{{ toYaml .Values.defaultBackend.service.annotations | indent 8 }}
-{{- end }}
-spec:
- type: ClusterIP
- clusterIP: None
- ports:
- - name: http
- port: {{ .Values.defaultBackend.service.port }}
- protocol: TCP
- {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
- appProtocol: http
- {{- end }}
- targetPort: http
- selector:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
diff --git a/charts/haproxy/haproxy/templates/default-backend-serviceaccount.yaml b/charts/haproxy/haproxy/templates/default-backend-serviceaccount.yaml
deleted file mode 100644
index 3c0853b14..000000000
--- a/charts/haproxy/haproxy/templates/default-backend-serviceaccount.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{/*
-Copyright 2019 HAProxy Technologies LLC
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
- helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/version: {{ .Chart.AppVersion }}
-{{- end -}}
diff --git a/charts/haproxy/haproxy/values.yaml b/charts/haproxy/haproxy/values.yaml
index 0c9a340ba..c84be9ce4 100644
--- a/charts/haproxy/haproxy/values.yaml
+++ b/charts/haproxy/haproxy/values.yaml
@@ -509,126 +509,3 @@ controller:
path: /metrics
scheme: http
interval: 30s
-
-## Default 404 backend
-defaultBackend:
- enabled: true
- name: default-backend
- replicaCount: 2
-
- image:
- repository: registry.k8s.io/defaultbackend-amd64
- tag: 1.5
- pullPolicy: IfNotPresent
- runAsUser: 65534
-
- ## Restricts container syscalls
- ## ref: https://kubernetes.io/docs/tutorials/security/seccomp/
- enableRuntimeDefaultSeccompProfile: true
-
- ## Compute Resources
- ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
- resources:
- # limits:
- # cpu: 10m
- # memory: 16Mi
- requests:
- cpu: 10m
- memory: 16Mi
-
- ## Horizontal Pod Scaler
- ## Only to be used with Deployment kind
- ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
- autoscaling:
- enabled: false
- minReplicas: 1
- maxReplicas: 2
- targetCPUUtilizationPercentage: 80
- # targetMemoryUtilizationPercentage: 80
-
- ## HPA annotations
- ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
- annotations: {}
- # annotationKey: value
-
- ## Custom metrics (example)
- ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
- # custom:
- # - type: Pods
- # pods:
- # metricName: haproxy_backend_current_sessions
- # targetAverageValue: 2000
-
- ## Private Registry configuration
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- imageCredentials:
- registry: null
- username: null
- password: null
- existingImagePullSecret: null
-
- ## Listener port configuration
- ## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
- containerPort: 8080
-
- ## Pod Node assignment
- ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- nodeSelector: {}
-
- ## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
- ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
- tolerations: []
- # - key: "key"
- # operator: "Equal|Exists"
- # value: "value"
- # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
-
- ## Node Affinity for pod-node scheduling constraints
- ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
- affinity: {}
-
- ## Topology spread constraints
- ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
- topologySpreadConstraints: []
- # - maxSkew: 1
- # topologyKey: kubernetes.io/zone
- # whenUnsatisfiable: DoNotSchedule
- # labelSelector:
- # matchLabels:
- # app.kubernetes.io/name: kubernetes-ingress-kubernetes-ingress-default-backend
- # app.kubernetes.io/instance: haproxy-ingress
-
- ## Additional labels to add to the pod container metadata
- ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
- podLabels: {}
- # key: value
-
- ## Additional annotations to add to the pod container metadata
- ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
- podAnnotations: {}
- # key: value
-
- service:
- ## Annotations for the default backend service object
- annotations: {}
- # Use the controller as default backend
- # haproxy.org/backend-config-snippet: http-request return status 404
-
- ## Service ports
- ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
- port: 8080
-
- ## Configure Service Account
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- serviceAccount:
- create: true
-
- ## Pod PriorityClass
- ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
- priorityClassName: ""
-
- ## Set additional environment variables
- extraEnvs: []
- ## Set TZ env to configure timezone on controller containers
- # - name: TZ
- # value: "Etc/UTC"
diff --git a/charts/hpe/hpe-csi-driver/Chart.yaml b/charts/hpe/hpe-csi-driver/Chart.yaml
index 094927650..8a033f906 100644
--- a/charts/hpe/hpe-csi-driver/Chart.yaml
+++ b/charts/hpe/hpe-csi-driver/Chart.yaml
@@ -1,16 +1,21 @@
annotations:
+ artifacthub.io/containsSecurityUpdates: "true"
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
url: https://scod.hpedev.io/csi_driver
artifacthub.io/prerelease: "false"
+ artifacthub.io/recommendations: |
+ - url: https://artifacthub.io/packages/olm/community-operators/hpe-csi-operator
+ - url: https://artifacthub.io/packages/helm/hpe-storage/hpe-csi-info-metrics
+ - url: https://artifacthub.io/packages/helm/hpe-storage/hpe-array-exporter
catalog.cattle.io/certified: partner
- catalog.cattle.io/display-name: HPE CSI Driver for Kubernetes
+ catalog.cattle.io/display-name: HPE CSI Driver
+ catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/namespace: hpe-storage
- catalog.cattle.io/os: linux
catalog.cattle.io/release-name: hpe-csi-driver
apiVersion: v1
-appVersion: 2.2.0
+appVersion: 2.3.0
description: A Helm chart for installing the HPE CSI Driver for Kubernetes
home: https://hpe.com/storage/containers
icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png
@@ -18,12 +23,11 @@ keywords:
- HPE
- Storage
- CSI
-kubeVersion: 1.21 - 1.24
maintainers:
-- email: datamattsson@hpe.com
- name: datamattsson
+- email: hpe-containers-dev@hpe.com
+ name: raunakkumar
name: hpe-csi-driver
sources:
- https://github.com/hpe-storage/co-deployments
- https://github.com/hpe-storage/csi-driver
-version: 2.2.0
+version: 2.3.0
diff --git a/charts/hpe/hpe-csi-driver/README.md b/charts/hpe/hpe-csi-driver/README.md
index 7cac21200..37436ab68 100644
--- a/charts/hpe/hpe-csi-driver/README.md
+++ b/charts/hpe/hpe-csi-driver/README.md
@@ -11,7 +11,7 @@ The [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/index.html
Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features.
-- [HPE Alletra 6000 and Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html)
+- [HPE Alletra 5000/6000 and Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html)
- [HPE Alletra 9000, Primera and 3PAR](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html)
## Configuration and installation
@@ -22,7 +22,7 @@ The following table lists the configurable parameters of the chart and their def
|---------------------------|------------------------------------------------------------------------|------------------|
| disable.nimble | Disable HPE Nimble Storage CSP `Service`. | false |
| disable.primera | Disable HPE Primera (and 3PAR) CSP `Service`. | false |
-| disable.alletra6000 | Disable HPE Alletra 6000 CSP `Service`. | false |
+| disable.alletra6000 | Disable HPE Alletra 5000/6000 CSP `Service`. | false |
| disable.alletra9000 | Disable HPE Alletra 9000 CSP `Service`. | false |
| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false |
| disableNodeGetVolumeStats | Disable NodeGetVolumeStats call to CSI driver. | false |
diff --git a/charts/hpe/hpe-csi-driver/templates/hpe-csi-controller.yaml b/charts/hpe/hpe-csi-driver/templates/hpe-csi-controller.yaml
index 1d7ed2bf7..3d90ec22e 100644
--- a/charts/hpe/hpe-csi-driver/templates/hpe-csi-controller.yaml
+++ b/charts/hpe/hpe-csi-driver/templates/hpe-csi-controller.yaml
@@ -36,11 +36,11 @@ spec:
containers:
- name: csi-provisioner
{{- if and (.Values.registry) (eq .Values.registry "quay.io") }}
- image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0
+ image: registry.k8s.io/sig-storage/csi-provisioner:v3.3.0
{{- else if .Values.registry }}
- image: {{ .Values.registry }}/sig-storage/csi-provisioner:v3.1.0
+ image: {{ .Values.registry }}/sig-storage/csi-provisioner:v3.3.0
{{- else }}
- image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0
+ image: registry.k8s.io/sig-storage/csi-provisioner:v3.3.0
{{- end }}
args:
- "--csi-address=$(ADDRESS)"
@@ -58,11 +58,11 @@ spec:
mountPath: /var/lib/csi/sockets/pluginproxy
- name: csi-attacher
{{- if and (.Values.registry) (eq .Values.registry "quay.io") }}
- image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
+ image: registry.k8s.io/sig-storage/csi-attacher:v3.5.1
{{- else if .Values.registry }}
- image: {{ .Values.registry }}/sig-storage/csi-attacher:v3.4.0
+ image: {{ .Values.registry }}/sig-storage/csi-attacher:v3.5.1
{{- else }}
- image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
+ image: registry.k8s.io/sig-storage/csi-attacher:v3.5.1
{{- end }}
args:
- "--v=5"
@@ -80,17 +80,11 @@ spec:
- name: csi-snapshotter
{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "20") }}
{{- if and (.Values.registry) (eq .Values.registry "quay.io") }}
- image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
+ image: registry.k8s.io/sig-storage/csi-snapshotter:v5.0.1
{{- else if .Values.registry }}
image: {{ .Values.registry }}/sig-storage/csi-snapshotter:v5.0.1
{{- else }}
- image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1
- {{- end }}
- {{- else if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "17") }}
- {{- if .Values.registry }}
- image: {{ .Values.registry }}/k8scsi/csi-snapshotter:v3.0.3
- {{- else }}
- image: quay.io/k8scsi/csi-snapshotter:v3.0.3
+ image: registry.k8s.io/sig-storage/csi-snapshotter:v5.0.1
{{- end }}
{{- end }}
args:
@@ -106,11 +100,11 @@ spec:
{{- if and (eq .Capabilities.KubeVersion.Major "1") ( ge ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "15") }}
- name: csi-resizer
{{- if and (.Values.registry) (eq .Values.registry "quay.io") }}
- image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
+ image: registry.k8s.io/sig-storage/csi-resizer:v1.6.0
{{- else if .Values.registry }}
- image: {{ .Values.registry }}/sig-storage/csi-resizer:v1.4.0
+ image: {{ .Values.registry }}/sig-storage/csi-resizer:v1.6.0
{{- else }}
- image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
+ image: registry.k8s.io/sig-storage/csi-resizer:v1.6.0
{{- end }}
args:
- "--csi-address=$(ADDRESS)"
@@ -125,9 +119,9 @@ spec:
{{- end }}
- name: hpe-csi-driver
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/csi-driver:v2.2.0
+ image: {{ .Values.registry }}/hpestorage/csi-driver:v2.3.0
{{- else }}
- image: quay.io/hpestorage/csi-driver:v2.2.0
+ image: quay.io/hpestorage/csi-driver:v2.3.0
{{- end }}
args :
- "--endpoint=$(CSI_ENDPOINT)"
@@ -153,9 +147,9 @@ spec:
mountPath: /host
- name: csi-volume-mutator
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/volume-mutator:v1.3.2
+ image: {{ .Values.registry }}/hpestorage/volume-mutator:v1.3.3
{{- else }}
- image: quay.io/hpestorage/volume-mutator:v1.3.2
+ image: quay.io/hpestorage/volume-mutator:v1.3.3
{{- end }}
args:
- "--v=5"
@@ -169,9 +163,9 @@ spec:
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-volume-group-snapshotter
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/volume-group-snapshotter:v1.0.2
+ image: {{ .Values.registry }}/hpestorage/volume-group-snapshotter:v1.0.3
{{- else }}
- image: quay.io/hpestorage/volume-group-snapshotter:v1.0.2
+ image: quay.io/hpestorage/volume-group-snapshotter:v1.0.3
{{- end }}
args:
- "--v=5"
@@ -185,9 +179,9 @@ spec:
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-volume-group-provisioner
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/volume-group-provisioner:v1.0.2
+ image: {{ .Values.registry }}/hpestorage/volume-group-provisioner:v1.0.3
{{- else }}
- image: quay.io/hpestorage/volume-group-provisioner:v1.0.2
+ image: quay.io/hpestorage/volume-group-provisioner:v1.0.3
{{- end }}
args:
- "--v=5"
@@ -201,10 +195,10 @@ spec:
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-extensions
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/csi-extensions:v1.2.2
+ image: {{ .Values.registry }}/hpestorage/csi-extensions:v1.2.4
{{- else }}
- image: quay.io/hpestorage/csi-extensions:v1.2.2
- {{- end }}
+ image: quay.io/hpestorage/csi-extensions:v1.2.4
+ {{- end }}
args:
- "--v=5"
- "--endpoint=$(CSI_ENDPOINT)"
diff --git a/charts/hpe/hpe-csi-driver/templates/hpe-csi-node.yaml b/charts/hpe/hpe-csi-driver/templates/hpe-csi-node.yaml
index 2ee6ab6f5..8254c8fdc 100644
--- a/charts/hpe/hpe-csi-driver/templates/hpe-csi-node.yaml
+++ b/charts/hpe/hpe-csi-driver/templates/hpe-csi-node.yaml
@@ -35,12 +35,12 @@ spec:
containers:
- name: csi-node-driver-registrar
{{- if and (.Values.registry) (eq .Values.registry "quay.io") }}
- image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0
+ image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.1
{{- else if .Values.registry }}
- image: {{ .Values.registry }}/sig-storage/csi-node-driver-registrar:v2.5.0
+ image: {{ .Values.registry }}/sig-storage/csi-node-driver-registrar:v2.6.1
{{- else }}
- image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0
- {{- end}}
+ image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.1
+ {{- end}}
args:
- "--csi-address=$(ADDRESS)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
@@ -69,10 +69,10 @@ spec:
mountPath: /registration
- name: hpe-csi-driver
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/csi-driver:v2.2.0
+ image: {{ .Values.registry }}/hpestorage/csi-driver:v2.3.0
{{- else }}
- image: quay.io/hpestorage/csi-driver:v2.2.0
- {{- end}}
+ image: quay.io/hpestorage/csi-driver:v2.3.0
+ {{- end}}
args :
- "--endpoint=$(CSI_ENDPOINT)"
- "--node-service"
@@ -118,7 +118,7 @@ spec:
mountPath: {{ .Values.kubeletRootDir }}
{{- else }}
mountPath: /var/lib/kubelet
- {{- end }}
+ {{- end }}
# needed so that any mounts setup inside this container are
# propagated back to the host machine.
mountPropagation: "Bidirectional"
@@ -149,7 +149,7 @@ spec:
path: {{ .Values.kubeletRootDir }}/plugins_registry
{{- else }}
path: /var/lib/kubelet/plugins_registry
- {{- end }}
+ {{- end }}
type: Directory
- name: plugin-dir
hostPath:
@@ -157,7 +157,7 @@ spec:
path: {{ .Values.kubeletRootDir }}/plugins/csi.hpe.com
{{- else }}
path: /var/lib/kubelet/plugins/csi.hpe.com
- {{- end }}
+ {{- end }}
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
@@ -165,7 +165,7 @@ spec:
path: {{ .Values.kubeletRootDir }}
{{- else }}
path: /var/lib/kubelet
- {{- end }}
+ {{- end }}
- name: root-dir
hostPath:
path: /
diff --git a/charts/hpe/hpe-csi-driver/templates/nimble-csp.yaml b/charts/hpe/hpe-csi-driver/templates/nimble-csp.yaml
index 248847ef2..557ea0f6f 100644
--- a/charts/hpe/hpe-csi-driver/templates/nimble-csp.yaml
+++ b/charts/hpe/hpe-csi-driver/templates/nimble-csp.yaml
@@ -1,7 +1,7 @@
{{- if not .Values.disable.alletra6000 }}
---
-### Alletra 6000 CSP Service ###
+### Alletra 5000/6000 CSP Service ###
kind: Service
apiVersion: v1
metadata:
@@ -64,9 +64,9 @@ spec:
containers:
- name: nimble-csp
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/alletra-6000-and-nimble-csp:v2.2.0
+ image: {{ .Values.registry }}/hpestorage/alletra-6000-and-nimble-csp:v2.3.0
{{- else }}
- image: quay.io/hpestorage/alletra-6000-and-nimble-csp:v2.2.0
+ image: quay.io/hpestorage/alletra-6000-and-nimble-csp:v2.3.0
{{- end }}
imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
ports:
@@ -91,4 +91,3 @@ spec:
{{ toYaml .Values.csp.affinity | indent 8 }}
{{- end }}
{{- end }}
-
diff --git a/charts/hpe/hpe-csi-driver/templates/primera-3par-csp.yaml b/charts/hpe/hpe-csi-driver/templates/primera-3par-csp.yaml
index c0f77f70b..c7b5dd8a6 100644
--- a/charts/hpe/hpe-csi-driver/templates/primera-3par-csp.yaml
+++ b/charts/hpe/hpe-csi-driver/templates/primera-3par-csp.yaml
@@ -66,10 +66,10 @@ spec:
containers:
- name: primera3par-csp
{{- if .Values.registry }}
- image: {{ .Values.registry }}/hpestorage/alletra-9000-primera-and-3par-csp:v2.2.0
+ image: {{ .Values.registry }}/hpestorage/alletra-9000-primera-and-3par-csp:v2.3.0
{{- else }}
- image: quay.io/hpestorage/alletra-9000-primera-and-3par-csp:v2.2.0
- {{- end }}
+ image: quay.io/hpestorage/alletra-9000-primera-and-3par-csp:v2.3.0
+ {{- end }}
imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
env:
- name: CRD_CLIENT_CONFIG_QPS
@@ -98,6 +98,3 @@ spec:
{{ toYaml .Values.csp.affinity | indent 8 }}
{{- end }}
{{- end }}
-
-
-
diff --git a/charts/hpe/hpe-csi-driver/test_values.yaml b/charts/hpe/hpe-csi-driver/test_values.yaml
deleted file mode 100644
index 714b55ac7..000000000
--- a/charts/hpe/hpe-csi-driver/test_values.yaml
+++ /dev/null
@@ -1,155 +0,0 @@
-# Default values for hpe-csi-driver Helm chart
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# Control CSP Service and Deployments for HPE storage products
-disable:
- nimble: false
- primera: false
- alletra6000: false
- alletra9000: false
-
-# For controlling automatic iscsi/multipath package installation
-disableNodeConformance: false
-
-# imagePullPolicy applied for all hpe-csi-driver images
-imagePullPolicy: "IfNotPresent"
-
-# Cluster wide values for CHAP authentication
-iscsi:
- chapUser: ""
- chapPassword: ""
-
-# Log level for all hpe-csi-driver components
-logLevel: "info"
-
-# Registry prefix for hpe-csi-driver images
-registry: "quay.io"
-
-# Kubelet root directory path
-kubeletRootDir: "/var/lib/kubelet/"
-
-# NodeGetVolumestats will be called by default, set true to disable the call
-disableNodeGetVolumeStats: false
-
-controller:
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- labels:
- infra: storage
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- nodeSelector: {}
- #disktype: ssd
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- tolerations: []
-
- # - effect: NoExecute
- # key: node.kubernetes.io/not-ready
- # operator: Exists
- # tolerationSeconds: 30
- # - effect: NoExecute
- # key: node.kubernetes.io/unreachable
- # operator: Exists
- # tolerationSeconds: 30
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: disktype
- operator: In
- values:
- - ssd
- # nodeAffinity:
- # requiredDuringSchedulingIgnoredDuringExecution:
- # nodeSelectorTerms:
- # - matchExpressions:
- # - key: az
- # operator: In
- # values:
- # - az-east
- # - az-west
-
-csp:
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- labels:
- infra: storage
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- nodeSelector: {}
- #disktype: ssd
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- tolerations: []
-
- # - effect: NoExecute
- # key: node.kubernetes.io/not-ready
- # operator: Exists
- # tolerationSeconds: 30
- # - effect: NoExecute
- # key: node.kubernetes.io/unreachable
- # operator: Exists
- # tolerationSeconds: 30
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: disktype
- operator: In
- values:
- - ssd
-
- # nodeAffinity:
- # requiredDuringSchedulingIgnoredDuringExecution:
- # nodeSelectorTerms:
- # - matchExpressions:
- # - key: az
- # operator: In
- # values:
- # - az-east
- # - az-west
-
-node:
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- labels: {}
- #infra: storage
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- nodeSelector: {}
- #disktype: ssd
-
- # These values map directly to yaml in the deployment spec, see the kubernetes docs for info
- tolerations: [ ]
-
- # - effect: NoExecute
- # key: node.kubernetes.io/not-ready
- # operator: Exists
- # tolerationSeconds: 30
- # - effect: NoExecute
- # key: node.kubernetes.io/unreachable
- # operator: Exists
- # tolerationSeconds: 30
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: disktype
- operator: In
- values:
- - ssd
-
- # nodeAffinity:
- # requiredDuringSchedulingIgnoredDuringExecution:
- # nodeSelectorTerms:
- # - matchExpressions:
- # - key: az
- # operator: In
- # values:
- # - az-east
- # - az-west
diff --git a/charts/hpe/hpe-csi-driver/values.schema.json b/charts/hpe/hpe-csi-driver/values.schema.json
index dbe4ea4ae..94f82b272 100644
--- a/charts/hpe/hpe-csi-driver/values.schema.json
+++ b/charts/hpe/hpe-csi-driver/values.schema.json
@@ -88,7 +88,7 @@
},
"alletra6000": {
"$id": "#/properties/disable/properties/alletra6000",
- "title": "HPE Alletra 6000",
+ "title": "HPE Alletra 5000/6000",
"type": "boolean",
"default": false
},
diff --git a/charts/instana/instana-agent/Chart.yaml b/charts/instana/instana-agent/Chart.yaml
index 2a375c62e..8a00b3aa9 100644
--- a/charts/instana/instana-agent/Chart.yaml
+++ b/charts/instana/instana-agent/Chart.yaml
@@ -9,7 +9,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: instana-agent
apiVersion: v2
-appVersion: 1.243.0
+appVersion: 1.244.0
description: Instana Agent for Kubernetes
home: https://www.instana.com/
icon: https://agents.instana.io/helm/stan-logo-2020.png
@@ -23,4 +23,4 @@ maintainers:
name: instana-agent
sources:
- https://github.com/instana/instana-agent-docker
-version: 1.2.55
+version: 1.2.56
diff --git a/charts/instana/instana-agent/README.md b/charts/instana/instana-agent/README.md
index ea8eb84ef..cae2c3497 100644
--- a/charts/instana/instana-agent/README.md
+++ b/charts/instana/instana-agent/README.md
@@ -97,7 +97,9 @@ The following table lists the configurable parameters of the Instana chart and t
| `agent.listenAddress` | List of addresses to listen on, or "*" for all interfaces | `nil` |
| `agent.mode` | Agent mode. Supported values are `APM`, `INFRASTRUCTURE`, `AWS` | `APM` |
| `agent.instanaMvnRepoUrl` | Override for the Maven repository URL when the Agent needs to connect to a locally provided Maven repository 'proxy' | `nil` Usually not required |
-| `agent.updateStrategy.type` | [Daemonet update strategy type](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/); valid values are `OnDelete` and `RollingUpdate` | `RollingUpdate` |
+| `agent.instanaMvnRepoFeaturesPath` | Override for the Maven repository features path the Agent needs to connect to a locally provided Maven repository 'proxy' | `nil` Usually not required |
+| `agent.instanaMvnRepoSharedPath` | Override for the Maven repository shared path when the Agent needs to connect to a locally provided Maven repository 'proxy' | `nil` Usually not required |
+| `agent.updateStrategy.type` | [DaemonSet update strategy type](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/); valid values are `OnDelete` and `RollingUpdate` | `RollingUpdate` |
| `agent.updateStrategy.rollingUpdate.maxUnavailable` | How many agent pods can be updated at once; this value is ignored if `agent.updateStrategy.type` is different than `RollingUpdate` | `1` |
| `agent.pod.annotations` | Additional annotations to apply to the pod | `{}` |
| `agent.pod.labels` | Additional labels to apply to the Agent pod | `{}` |
diff --git a/charts/instana/instana-agent/templates/_helpers.tpl b/charts/instana/instana-agent/templates/_helpers.tpl
index 7fbd6ec39..245b267b0 100644
--- a/charts/instana/instana-agent/templates/_helpers.tpl
+++ b/charts/instana/instana-agent/templates/_helpers.tpl
@@ -189,6 +189,14 @@ Composes a container image from a dict containing a "name" field (required), "ta
- name: INSTANA_MVN_REPOSITORY_URL
value: {{ .Values.agent.instanaMvnRepoUrl | quote }}
{{- end }}
+{{- if .Values.agent.instanaMvnRepoFeaturesPath }}
+- name: INSTANA_MVN_REPOSITORY_FEATURES_PATH
+ value: {{ .Values.agent.instanaMvnRepoFeaturesPath | quote }}
+{{- end }}
+{{- if .Values.agent.instanaMvnRepoSharedPath }}
+- name: INSTANA_MVN_REPOSITORY_SHARED_PATH
+ value: {{ .Values.agent.instanaMvnRepoSharedPath | quote }}
+{{- end }}
{{- if .Values.agent.proxyHost }}
- name: INSTANA_AGENT_PROXY_HOST
value: {{ .Values.agent.proxyHost | quote }}
diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md
index 89f7ab860..f88228d04 100644
--- a/charts/jenkins/jenkins/CHANGELOG.md
+++ b/charts/jenkins/jenkins/CHANGELOG.md
@@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
The change log until v1.5.7 was auto-generated based on git commits.
Those entries include a reference to the git commit to be able to get more details.
+## 4.3.5
+
+Added `.Values.helmtest.bats.image` and `.Values.helmtest.bats.image` to allow unit tests to be configurable. Fixes [https://github.com/jenkinsci/helm-charts/issues/683]
+
## 4.3.4
Update Jenkins image and appVersion to jenkins lts release version 2.375.3
diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml
index 977ec034c..a692a856b 100644
--- a/charts/jenkins/jenkins/Chart.yaml
+++ b/charts/jenkins/jenkins/Chart.yaml
@@ -41,4 +41,4 @@ sources:
- https://github.com/jenkinsci/docker-inbound-agent
- https://github.com/maorfr/kube-tasks
- https://github.com/jenkinsci/configuration-as-code-plugin
-version: 4.3.4
+version: 4.3.5
diff --git a/charts/jenkins/jenkins/VALUES_SUMMARY.md b/charts/jenkins/jenkins/VALUES_SUMMARY.md
index e42ada34b..322053fea 100644
--- a/charts/jenkins/jenkins/VALUES_SUMMARY.md
+++ b/charts/jenkins/jenkins/VALUES_SUMMARY.md
@@ -400,4 +400,11 @@ The following tables list the configurable parameters of the Jenkins chart and t
| `backup.podSecurityContextOverride` | Completely overwrites the contents of the backup pod's security context, ignoring the values provided for `runAsUser`, and `fsGroup`. | Not set |
| `cronJob.apiVersion` | CronJob API version | 'batch/v1' |
| `awsSecurityGroupPolicies.enabled` | Enable the creation of SecurityGroupPolicy resources | `false` |
-| `awsSecurityGroupPolicies.policies` | Security Group Policy definitions. `awsSecurityGroupPolicies.enabled` must be `true` | Not set |
\ No newline at end of file
+| `awsSecurityGroupPolicies.policies` | Security Group Policy definitions. `awsSecurityGroupPolicies.enabled` must be `true` | Not set |
+
+### Helm Tests
+
+| Parameter | Description | Default |
+| --------------------- | --------------------------------- | --------------- |
+| `helmtest.bats.image` | Image used to test the framework | `bats/bats` |
+| `helmtest.bats.tag` | Test framework image tag override | `1.2.1` |
\ No newline at end of file
diff --git a/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml b/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml
index e013e5e38..f9d7877a9 100644
--- a/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml
+++ b/charts/jenkins/jenkins/templates/tests/jenkins-test.yaml
@@ -17,7 +17,7 @@ spec:
{{- end }}
initContainers:
- name: "test-framework"
- image: "bats/bats:1.2.1"
+ image: {{ .Values.helmtest.bats.image }}:{{ .Values.helmtest.bats.tag }}
command:
- "bash"
- "-c"
diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml
index 2287da01e..f91ba348e 100644
--- a/charts/jenkins/jenkins/values.yaml
+++ b/charts/jenkins/jenkins/values.yaml
@@ -961,3 +961,11 @@ awsSecurityGroupPolicies:
- name: ""
securityGroupIds: []
podSelector: {}
+
+# Here you can configure unit tests values when executing the helm unittest in the CONTRIBUTING.md
+helmtest:
+ # A testing framework for bash
+ bats:
+ # Bash Automated Testing System (BATS)
+ image: "bats/bats"
+ tag: "1.2.1"
diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml
index 2fb11486b..b1fd2ac0b 100644
--- a/charts/jfrog/artifactory-ha/Chart.yaml
+++ b/charts/jfrog/artifactory-ha/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
-appVersion: 7.55.3
+appVersion: 7.55.6
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.55.3
+version: 107.55.6
diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md
index 87bd06303..291571b59 100644
--- a/charts/jfrog/artifactory-jcr/CHANGELOG.md
+++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md
@@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
-## [107.55.3] - Aug 25, 2022
+## [107.55.6] - Aug 25, 2022
* Included event service as mandatory and remove the flag from values.yaml
## [107.41.0] - Jul 22, 2022
diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml
index da4677646..b79c7f077 100644
--- a/charts/jfrog/artifactory-jcr/Chart.yaml
+++ b/charts/jfrog/artifactory-jcr/Chart.yaml
@@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
-appVersion: 7.55.3
+appVersion: 7.55.6
dependencies:
- name: artifactory
repository: file://./charts/artifactory
- version: 107.55.3
+ version: 107.55.6
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.55.3
+version: 107.55.6
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
index 39106e887..c8958bd7c 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 7.55.3
+appVersion: 7.55.6
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.55.3
+version: 107.55.6
diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml
index eeef7ddc0..259fbbc0c 100644
--- a/charts/kubecost/cost-analyzer/Chart.yaml
+++ b/charts/kubecost/cost-analyzer/Chart.yaml
@@ -7,7 +7,7 @@ annotations:
catalog.cattle.io/featured: "2"
catalog.cattle.io/release-name: cost-analyzer
apiVersion: v2
-appVersion: 1.100.2
+appVersion: 1.101.0
dependencies:
- condition: global.grafana.enabled
name: grafana
@@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni
cloud costs.
icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
name: cost-analyzer
-version: 1.100.2
+version: 1.101.0
diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml
index 758635912..70b724339 100644
--- a/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml
+++ b/charts/kubecost/cost-analyzer/charts/prometheus/charts/kube-state-metrics/values.yaml
@@ -89,14 +89,14 @@ podAnnotations: {}
# Available collectors for kube-state-metrics. By default all available
# collectors are enabled.
collectors:
- certificatesigningrequests: true
+ certificatesigningrequests: false
configmaps: true
cronjobs: true
daemonsets: true
deployments: true
endpoints: true
horizontalpodautoscalers: true
- ingresses: true
+ ingresses: false
jobs: true
limitranges: true
mutatingwebhookconfigurations: false
diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml
index ce0519643..8e76b90d1 100644
--- a/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml
+++ b/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml
@@ -1289,7 +1289,7 @@ serverFiles:
regex: true
- source_labels: [__meta_kubernetes_endpoints_name]
action: keep
- regex: (kubecost-kube-state-metrics|kubecost-prometheus-node-exporter|kubecost-network-costs)
+ regex: (.*kube-state-metrics|.*prometheus-node-exporter|kubecost-network-costs)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
diff --git a/charts/kubecost/cost-analyzer/scripts/create-admission-controller-tls.sh b/charts/kubecost/cost-analyzer/scripts/create-admission-controller-tls.sh
new file mode 100644
index 000000000..8f0d1c32b
--- /dev/null
+++ b/charts/kubecost/cost-analyzer/scripts/create-admission-controller-tls.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+namespace=$1
+if [ "$namespace" == "" ]; then
+ namespace=kubecost
+fi
+
+DIRECTORY=$(cd `dirname $0` && pwd)
+
+echo "Creating certificates"
+mkdir certs
+openssl genrsa -out certs/tls.key 2048
+openssl req -new -key certs/tls.key -out certs/tls.csr -subj "/CN=webhook-server.$namespace.svc"
+openssl x509 -req -days 500 -extfile <(printf "subjectAltName=DNS:webhook-server.$namespace.svc") -in certs/tls.csr -signkey certs/tls.key -out certs/tls.crt
+
+echo "Creating Webhook Server TLS Secret"
+kubectl create secret tls webhook-server-tls \
+ --cert "certs/tls.crt" \
+ --key "certs/tls.key" -n $namespace
+
+
+echo "Updating values.yaml"
+ENCODED_CA=$(cat certs/tls.crt | base64 | tr -d '\n')
+sed -i 's@${CA_BUNDLE}@'"$ENCODED_CA"'@g' ../values.yaml
diff --git a/charts/kubecost/cost-analyzer/templates/_helpers.tpl b/charts/kubecost/cost-analyzer/templates/_helpers.tpl
index 2afa1cc04..a1d4f2eb5 100644
--- a/charts/kubecost/cost-analyzer/templates/_helpers.tpl
+++ b/charts/kubecost/cost-analyzer/templates/_helpers.tpl
@@ -80,6 +80,8 @@ Network Costs name used to tie autodiscovery of metrics to daemon set pods
{{- define "kubecost.kubeMetricsName" -}}
{{- if .Values.agent }}
{{- printf "%s-%s" .Release.Name "agent" -}}
+{{- else if .Values.cloudAgent }}
+{{- printf "%s-%s" .Release.Name "cloud-agent" -}}
{{- else }}
{{- printf "%s-%s" .Release.Name "metrics" -}}
{{- end }}
diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index 900f11323..601f06cbb 100644
--- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.agent }}
+{{- if and (not .Values.agent) (not .Values.cloudAgent) }}
{{- $nginxPort := int .Values.service.port | default 9090 -}}
apiVersion: apps/v1
kind: Deployment
@@ -92,6 +92,12 @@ spec:
To opt out of ETL backups, set .Values.kubecostModel.etlBucketConfigSecret=""
*/}}
{{- $etlBackupBucketSecret := "" }}
+ {{- if .Values.global.containerSecuritycontext }}
+ - name: tmp
+ emptyDir: { }
+ - name: cache
+ emptyDir: { }
+ {{- end }}
{{- if .Values.kubecostModel.etlBucketConfigSecret }}
{{- $etlBackupBucketSecret = .Values.kubecostModel.etlBucketConfigSecret }}
{{- else if and .Values.global.thanos.enabled (ne (typeOf .Values.kubecostModel.etlBucketConfigSecret) "string") }}
@@ -186,6 +192,20 @@ spec:
path: kc.key
{{- end }}
{{- end }}
+ {{- if .Values.kubecostAdmissionController }}
+ {{- if .Values.kubecostAdmissionController.enabled }}
+ {{- if .Values.kubecostAdmissionController.secretName }}
+ - name: webhook-server-tls
+ secret:
+ secretName: {{ .Values.kubecostAdmissionController.secretName }}
+ items:
+ - key: tls.crt
+ path: tls.crt
+ - key: tls.key
+ path: tls.key
+ {{- end }}
+ {{- end }}
+ {{- end }}
{{- if .Values.saml }}
{{- if .Values.saml.enabled }}
{{- if .Values.saml.secretName }}
@@ -360,6 +380,19 @@ spec:
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 200
+ {{- if .Values.kubecostFrontend.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9003
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ failureThreshold: 200
+ {{- end }}
+ {{- if .Values.global.containerSecuritycontext }}
+ securityContext:
+ {{- toYaml .Values.global.containerSecuritycontext | nindent 12 }}
+ {{- end }}
volumeMounts:
{{- if .Values.hosted }}
- name: config-store
@@ -385,6 +418,14 @@ spec:
mountPath: /var/configs/etl/federated
readOnly: true
{{- end }}
+ {{- if .Values.kubecostAdmissionController }}
+ {{- if .Values.kubecostAdmissionController.enabled }}
+ {{- if .Values.kubecostAdmissionController.secretName }}
+ - name: {{ .Values.kubecostAdmissionController.secretName }}
+ mountPath: /certs
+ {{- end }}
+ {{- end }}
+ {{- end }}
{{- if .Values.federatedETL }}
{{- if .Values.federatedETL.federator.enabled }}
- name: federator-config
@@ -888,6 +929,10 @@ spec:
- name: GOOGLE_ANALYTICS_TAG
value: {{ .Values.reporting.googleAnalyticsTag }}
{{- end }}
+ {{- if .Values.costEventsAudit }}
+ - name: COST_EVENTS_AUDIT_ENABLED
+ value: {{ (quote .Values.costEventsAudit.enabled) | default (quote false) }}
+ {{- end }}
{{- /*
Leader/Follower has baseline requirements before enabling:
* ETL FileStore Enabled
@@ -971,6 +1016,12 @@ spec:
mountPath: /tmp
- name: nginx-conf
mountPath: /etc/nginx/conf.d/
+ {{- if .Values.global.containerSecuritycontext }}
+ - mountPath: /var/cache/nginx
+ name: cache
+ - mountPath: /var/run
+ name: tmp
+ {{- end }}
{{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }}
- name: tls
@@ -991,6 +1042,19 @@ spec:
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 200
+ {{- if .Values.kubecostFrontend.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9003
+ initialDelaySeconds: {{ .Values.kubecostFrontend.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.kubecostFrontend.livenessProbe.periodSeconds }}
+ failureThreshold: {{ .Values.kubecostFrontend.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.global.containerSecuritycontext }}
+ securityContext:
+ {{- toYaml .Values.global.containerSecuritycontext | nindent 12 }}
+ {{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml
index 275ba538e..9d8a74074 100644
--- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.agent }}
+{{- if and (not .Values.agent) (not .Values.cloudAgent) }}
{{- $serviceName := include "cost-analyzer.serviceName" . -}}
{{- $nginxPort := .Values.service.targetPort | default 9090 -}}
{{- if .Values.saml.enabled }}
diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml
index 294cbdd53..3ac3e2401 100644
--- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml
@@ -17,7 +17,26 @@ data:
"authURL" : "{{ .Values.oidc.authURL }}",
"loginRedirectURL" : "{{ .Values.oidc.loginRedirectURL }}",
"discoveryURL" : "{{ .Values.oidc.discoveryURL }}",
- "hostedDomain" : "{{ .Values.oidc.hostedDomain }}"
+ "hostedDomain" : "{{ .Values.oidc.hostedDomain }}",
+ "rbac" : {
+ "enabled" : {{ .Values.oidc.rbac.enabled }},
+ "groups" : [
+ {{- range $i, $g := .Values.oidc.rbac.groups }}
+ {{- if ne $i 0 }},{{- end }}
+ {
+ "roleName": "{{ $g.name }}",
+ "enabled": {{ $g.enabled }},
+ "claimName": "{{ $g.claimName }}",
+ "claimValues": [
+ {{- range $j, $v := $g.claimValues }}
+ {{- if ne $j 0 }},{{- end }}
+ "{{ $v }}"
+ {{- end }}
+ ]
+ }
+ {{- end }}
+ ]
+ }
}
{{- end -}}
{{- end -}}
\ No newline at end of file
diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml
index b1b8893a3..4776b8b31 100644
--- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.agent }}
+{{- if and (not .Values.agent) (not .Values.cloudAgent) }}
{{- $nginxPort := .Values.service.targetPort | default 9090 -}}
{{- $servicePort := .Values.service.port | default 9090 -}}
kind: Service
diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml
index c5abdf361..658dca3a9 100644
--- a/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
kind: Service
metadata:
name: webhook-server
- namespace: kubecost
+ namespace: {{.Release.Namespace}}
spec:
selector:
{{ include "cost-analyzer.selectorLabels" . | nindent 4 }}
diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml
index 5fe89f007..be68bcea1 100644
--- a/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml
@@ -7,11 +7,6 @@ metadata:
webhooks:
- name: "kubecost-deployment-validation.kubecost.svc"
failurePolicy: Ignore
- namespaceSelector:
- matchExpressions:
- - key: kubernetes.io/metadata.name
- operator: In
- values: [ "kubecost" ]
rules:
- operations: [ "CREATE", "UPDATE" ]
apiGroups: [ "apps" ]
@@ -20,10 +15,14 @@ webhooks:
scope: "*"
clientConfig:
service:
- namespace: kubecost
+ namespace: {{.Release.Namespace}}
name: webhook-server
path: "/validate"
+ {{- if .Values.kubecostAdmissionController.caBundle }}
+ caBundle: {{ .Values.kubecostAdmissionController.caBundle }}
+ {{- else }}
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lVR3E2YkdOaEowVjRsb0NiWHhUa0pocWkwUnB3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0pqRWtNQ0lHQTFVRUF3d2JkMlZpYUc5dmF5MXpaWEoyWlhJdWEzVmlaV052YzNRdWMzWmpNQjRYRFRJegpNREl3T1RFNU1UVTFNbG9YRFRJME1EWXlNekU1TVRVMU1sb3dKakVrTUNJR0ExVUVBd3diZDJWaWFHOXZheTF6ClpYSjJaWEl1YTNWaVpXTnZjM1F1YzNaak1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQXpvU2JBejBhZFJTdEN3eVRPSGd2S2VuQ29GbWE2OC9nYTFHZjVST2dXeGJhamhQRTZKbEtBcENwK1pzKwo2bHJzL2J3bkx5SDdoMUFJa1NmZ25EYlNadDJjdHRFSmhSd25vKy90WElMYk84WndRQTErYXpUQzVtSkluZVF3CktRMkErYy9CUnk3N3B0SnZIRStkTEllcWhRelV2M25nWUwvSDZaMUZPa20xUCtlR0FwSWxyVHVPV1ozUVhRYkMKemhOQXppRWNjL3o3RERBdlFBMlpIQ1I2OGl1V0ptd0RYZEdjWmEwenNVb1hDbGIvWXdiWFgvMlp2dklIbkdtawp5VTlZdEhxNVpscFZjT0V5MTVBWFVEOFZVUU1jVXQ5NkJvVThMMXJKbTZJK0E0YmFySEs5QjlxcjdzRmFaY2wvCnBncHZGd0NBaHZHYUM2VzA5UnM3T0NrdXh3SURBUUFCb3lvd0tEQW1CZ05WSFJFRUh6QWRnaHQzWldKb2IyOXIKTFhObGNuWmxjaTVyZFdKbFkyOXpkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDdVhNcUgzYmhsVApGKzlRUFplS2xiUTZlWSs0NlhMVGtEdlZzenAyZysweWhlMVNRRHZRUTVad1l6MnMwODNqb2loTXVzeFZ1TmFGCk1LdE9vbGY2bitsaUZFcEw4OU9XZ1VjdzJRdFdqVWUraU1zby91dWN0eGVPTzZLam9JcUVrUlg5YXh1cGxxVm0KakZRaGZtNlRYZ2pxWmttUVNsbHdLVkcxSFJZTkRveFpFa0JHK1l6RWF5QmdQdXl4bW5iTDdlck5IOVJQSVZtbAoxaWFnS1NVVG5vN0hJY3IwdHYzT3JEWDZRN3VJUGdWanBRSHMzNXBZSWlBYjVNR0RjWFZvY050SEZ0YnluREhzCi80WGhYMjFhOXdnSVF6dUF3ck0zQ0VDRnVocHJzWlZmQjBKQ1dBOG1aVEZneTVBL0tLUjJmTXRMRWRQS1ZsSXUKZjc1MjB3T3JzME09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ {{- end }}
admissionReviewVersions: ["v1"]
sideEffects: None
timeoutSeconds: 5
diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml
index fecb5b9b7..b99f88f87 100644
--- a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml
+++ b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml
@@ -1,6 +1,6 @@
{{- if .Values.kubecostMetrics }}
{{- if .Values.kubecostMetrics.exporter }}
-{{- if or .Values.kubecostMetrics.exporter.enabled .Values.agent }}
+{{- if or (or .Values.kubecostMetrics.exporter.enabled .Values.agent) .Values.cloudAgent }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -39,6 +39,22 @@ spec:
{{- end }}
{{- end }}
spec:
+ {{- if .Values.kubecostFrontend.tls }}
+ {{- if .Values.kubecostFrontend.tls.enabled }}
+ securityContext:
+ runAsUser: 0
+ {{- else }}
+ securityContext:
+ runAsUser: 1001
+ runAsGroup: 1001
+ fsGroup: 1001
+ {{- end }}
+ {{- else }}
+ securityContext:
+ runAsUser: 1001
+ runAsGroup: 1001
+ fsGroup: 1001
+ {{- end }}
restartPolicy: Always
serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }}
volumes:
@@ -170,11 +186,11 @@ spec:
- name: gcp-key-secret
mountPath: /var/secrets
{{- end }}
- {{- if or .Values.kubecostProductConfigs.azureStorageSecretName .Values.kubecostProductConfigs.azureStorageCreateSecret}}
+ {{- if or .Values.kubecostProductConfigs.azureStorageSecretName .Values.kubecostProductConfigs.azureStorageCreateSecret }}
- name: azure-storage-config
mountPath: /var/azure-storage-config
{{- end }}
- {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret}}
+ {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }}
- name: cloud-integration
mountPath: /var/cloud-integration
{{- end }}
@@ -184,7 +200,11 @@ spec:
{{- end }}
{{- end }}
args:
+ {{- if .Values.cloudAgent }}
+ - cloud-agent
+ {{- else }}
- agent
+ {{- end }}
{{- if .Values.kubecostMetrics.exporter.extraArgs }}
{{ toYaml .Values.kubecostMetrics.exporter.extraArgs | nindent 12 }}
{{- end }}
@@ -194,6 +214,12 @@ spec:
configMapKeyRef:
name: {{ template "cost-analyzer.fullname" . }}
key: prometheus-server-endpoint
+ {{- if .Values.cloudAgent }}
+ - name: CLOUD_AGENT_KEY
+ value: {{ .Values.cloudAgentKey }}
+ - name: CLOUD_REPORTING_SERVER
+ value: {{ .Values.cloudReportingServer }}
+ {{- end }}
- name: CLOUD_PROVIDER_API_KEY
value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key.
{{- if .Values.kubecostProductConfigs }}
@@ -247,7 +273,10 @@ spec:
- name: INSECURE_SKIP_VERIFY
value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }}
{{- end }}
- {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }}
+ {{- if .Values.cloudAgentClusterId }}
+ - name: CLUSTER_ID
+ value: {{ .Values.cloudAgentClusterId }}
+ {{- else if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }}
- name: CLUSTER_ID
value: {{ .Values.prometheus.server.global.external_labels.cluster_id }}
{{- end }}
@@ -262,15 +291,26 @@ spec:
- name: PROM_CLUSTER_ID_LABEL
value: {{ .Values.kubecostModel.promClusterIDLabel }}
{{- end }}
+ - name: PV_ENABLED
+ value: {{ (quote .Values.persistentVolume.enabled) | default (quote true) }}
- name: RELEASE_NAME
value: {{ .Release.Name }}
- name: KUBECOST_NAMESPACE
value: {{ .Release.Namespace }}
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
- name: KUBECOST_TOKEN
valueFrom:
configMapKeyRef:
name: {{ template "cost-analyzer.fullname" . }}
key: kubecost-token
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ toYaml .Values.imagePullSecrets | indent 2 }}
+ {{- end }}
{{- if .Values.kubecostMetrics.exporter.priorityClassName }}
priorityClassName: {{ .Values.kubecostMetrics.exporter.priorityClassName }}
{{- end }}
diff --git a/charts/kubecost/cost-analyzer/values-cloud-agent.yaml b/charts/kubecost/cost-analyzer/values-cloud-agent.yaml
new file mode 100644
index 000000000..9d4c5090f
--- /dev/null
+++ b/charts/kubecost/cost-analyzer/values-cloud-agent.yaml
@@ -0,0 +1,36 @@
+# Kubecost running as an Agent is designed for external hosting. The current setup deploys a
+# kubecost-agent pod and prometheus server
+global:
+ thanos:
+ enabled: false
+ grafana:
+ enabled: false
+ proxy: false
+
+# Cloud Agent enables specific features designed to enhance the metrics exporter deployment
+# with enhancements designed for Kubecost Cloud
+cloudAgent: true
+cloudAgentKey: ""
+
+# No Grafana configuration is required.
+grafana:
+ sidecar:
+ dashboards:
+ enabled: false
+ datasources:
+ defaultDatasourceEnabled: false
+
+# Exporter Pod
+kubecostMetrics:
+ exporter:
+ enabled: true
+ exportClusterInfo: false
+ exportClusterCache: false
+
+# Disable KSM and NodeExporter (?)
+prometheus:
+ nodeExporter:
+ enabled: false
+ kube-state-metrics:
+ enabled: false
+ disabled: true
diff --git a/charts/kubecost/cost-analyzer/values.yaml b/charts/kubecost/cost-analyzer/values.yaml
index 09f1c928f..e5bac1940 100644
--- a/charts/kubecost/cost-analyzer/values.yaml
+++ b/charts/kubecost/cost-analyzer/values.yaml
@@ -44,6 +44,7 @@ global:
# globalAlertEmails:
# - recipient@example.com
# - additionalRecipient@example.com
+ # globalEmailSubject: Custom Subject
# Alerts generated by kubecost, about cluster data
# alerts:
# Daily namespace budget alert on namespace `kubecost`
@@ -107,7 +108,9 @@ global:
- title: "Example Saved Report 0"
window: "today"
aggregateBy: "namespace"
+ chartDisplay: "category"
idle: "separate"
+ rate: "cumulative"
accumulate: false # daily resolution
filters:
- property: "cluster"
@@ -117,7 +120,9 @@ global:
- title: "Example Saved Report 1"
window: "month"
aggregateBy: "controllerKind"
+ chartDisplay: "category"
idle: "share"
+ rate: "monthly"
accumulate: false
filters:
- property: "label"
@@ -127,7 +132,9 @@ global:
- title: "Example Saved Report 2"
window: "2020-11-11T00:00:00Z,2020-12-09T23:59:59Z"
aggregateBy: "service"
+ chartDisplay: "category"
idle: "hide"
+ rate: "daily"
accumulate: true # entire window resolution
filters: [] # if no filters, specify empty array
@@ -162,6 +169,9 @@ global:
# iam.amazonaws.com/role: role-arn
additionalLabels: {}
+ containerSecuritycontext: {}
+ # readOnlyRootFilesystem: true
+
# generated at http://kubecost.com/install, used for alerts tracking and free trials
kubecostToken: # ""
@@ -199,7 +209,7 @@ saml:
- name: readonly
enabled: false # if readonly is disabled, all users authorized on SAML will default to readonly
assertionName: "http://schemas.auth0.com/userType"
- assertionvalues:
+ assertionValues:
- "readonly"
- name: editor
enabled: true # if editor is enabled, editors will be allowed to edit reports/alerts scoped to them, and act as readers otherwise. Users will never default to editor.
@@ -216,6 +226,25 @@ oidc:
loginRedirectURL: "http://my.kubecost.url/model/oidc/authorize" # Kubecost url configured in provider for redirect after authentication
discoveryURL: "https://my.auth.server/.well-known/openid-configuration" # url for OIDC endpoint discovery
# hostedDomain: "example.com" # optional, blocks access to the auth domain specified in the hd claim of the provider ID token
+ rbac:
+ enabled: false
+ groups:
+ - name: admin
+ enabled: false # if admin is disabled, all SAML users will be able to make configuration changes to the kubecost frontend
+ assertionName: "preferred_username" # field used for role matching in the OIDC access token
+ assertionValues:
+ - "admin"
+ - "superusers"
+ - name: readonly
+ enabled: false # if readonly is disabled, all users authorized on SAML will default to readonly
+ assertionName: "preferred_username"
+ assertionValues:
+ - "readonly"
+ - name: editor
+ enabled: false # if editor is enabled, editors will be allowed to edit reports/alerts scoped to them, and act as readers otherwise. Users will never default to editor.
+ assertionName: "preferred_username"
+ assertionValues:
+ - "editor"
# Adds an httpProxy as an environment variable. systemProxy.enabled must be `true`to have any effect.
# Ref: https://www.oreilly.com/library/view/security-with-go/9781788627917/5ea6a02b-3d96-44b1-ad3c-6ab60fcbbe4f.xhtml
@@ -243,6 +272,11 @@ kubecostFrontend:
#limits:
# cpu: "100m"
# memory: "256Mi"
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ failureThreshold: 200
ipv6:
enabled: true # disable if the cluster does not support ipv6
# api:
@@ -374,6 +408,11 @@ kubecostModel:
#limits:
# cpu: "800m"
# memory: "256Mi"
+ livenessProbe:
+ enabled: false
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ failureThreshold: 200
extraArgs: []
# Basic Kubecost ingress, more examples available at https://github.com/kubecost/docs/blob/master/ingress-examples.md
@@ -598,7 +637,7 @@ networkCosts:
enabled: false
podSecurityPolicy:
enabled: false
- image: gcr.io/kubecost1/kubecost-network-costs:v16.4
+ image: gcr.io/kubecost1/kubecost-network-costs:v16.5
imagePullPolicy: Always
updateStrategy:
type: RollingUpdate
@@ -650,6 +689,14 @@ networkCosts:
# classified as non-internet egress from one region to another.
cross-region: []
+ # Internet contains a list of address/range that will be
+ # classified as internet traffic. This is synonymous with traffic
+ # that cannot be classified within the cluster.
+ # NOTE: Internet classification filters are executed _after_
+ # NOTE: direct-classification, but before in-zone, in-region,
+ # NOTE: and cross-region.
+ internet: []
+
# Direct Classification specifically maps an ip address or range
# to a region (required) and/or zone (optional). This classification
# takes priority over in-zone, in-region, and cross-region configurations.
@@ -721,7 +768,7 @@ kubecostDeployment:
# Kubecost Cluster Controller for Right Sizing and Cluster Turndown
clusterController:
enabled: false
- image: gcr.io/kubecost1/cluster-controller:v0.6.1
+ image: gcr.io/kubecost1/cluster-controller:v0.6.2
imagePullPolicy: Always
kubescaler:
# If true, will cause all (supported) workloads to be have their requests
@@ -829,6 +876,13 @@ federatedETL:
kubecostAdmissionController:
enabled: false
+# Enables or disables the Cost Event Audit pipeline, which tracks recent changes at cluster level
+# and provides an estimated cost impact via the Kubecost Predict API.
+#
+# It is disabled by default to avoid problems in high-scale environments.
+costEventsAudit:
+ enabled: false
+
# readonly: false # disable updates to kubecost from the frontend UI and via POST request
# These configs can also be set from the Settings page in the Kubecost product UI
@@ -934,3 +988,8 @@ kubecostAdmissionController:
# mountPath: "/some/custom/path/productkey.json" # (use instead of secretname) declare the path at which the product key file is mounted (eg. by a secrets provisioner). The file must be of format { "key": "kc-b1325234" }
# cloudIntegrationSecret: "cloud-integration"
# ingestPodUID: false # Enables using UIDs to uniquely ID pods. This requires either Kubecost's replicated KSM metrics, or KSM v2.1.0+. This may impact performance, and changes the default cost-model allocation behavior.
+
+#kubecostAdmissionController:
+# enabled: true
+# secretName: webhook-server-tls
+# caBundle: ${CA_BUNDLE}
diff --git a/charts/loft/loft/Chart.yaml b/charts/loft/loft/Chart.yaml
index 8a61e67fa..24c26ae9b 100644
--- a/charts/loft/loft/Chart.yaml
+++ b/charts/loft/loft/Chart.yaml
@@ -28,4 +28,4 @@ name: loft
sources:
- https://github.com/loft-sh/loft
type: application
-version: 2.3.3
+version: 3.0.0
diff --git a/charts/loft/loft/templates/apiservice.yaml b/charts/loft/loft/templates/apiservice.yaml
new file mode 100644
index 000000000..2c1000a30
--- /dev/null
+++ b/charts/loft/loft/templates/apiservice.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.apiservice }}
+{{- if .Values.apiservice.create }}
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+ name: v1.management.loft.sh
+spec:
+ version: v1
+ versionPriority: 1000
+ group: management.loft.sh
+ groupPriorityMinimum: 10000
+ service:
+ name: loft-apiservice
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loft-apiservice
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "loft.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+spec:
+ ports:
+ - name: apiservice
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app: {{ template "loft.fullname" . }}
+ release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/loft/loft/templates/deployment.yaml b/charts/loft/loft/templates/deployment.yaml
index ad7332d69..bc139537c 100644
--- a/charts/loft/loft/templates/deployment.yaml
+++ b/charts/loft/loft/templates/deployment.yaml
@@ -124,10 +124,6 @@ spec:
key: {{ .Values.tls.keyKey }}
{{- end }}
{{- end }}
- {{- if not .Values.apiService.enabled }}
- - name: APISERVICE_DISABLED
- value: "true"
- {{- end }}
{{- range $key, $value := .Values.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
diff --git a/charts/loft/loft/templates/secret.yaml b/charts/loft/loft/templates/secret.yaml
index 76b75093d..b0b93696e 100644
--- a/charts/loft/loft/templates/secret.yaml
+++ b/charts/loft/loft/templates/secret.yaml
@@ -1,11 +1,16 @@
{{- if .Values.config }}
+---
apiVersion: v1
kind: Secret
metadata:
- name: loft-config
+ name: loft-manager-config
namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "loft.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
annotations:
- helm.sh/hook: pre-install
{{- if or .Values.commonAnnotations .Values.secretAnnotations }}
{{- with .Values.secretAnnotations }}
{{- toYaml . | nindent 4 }}
@@ -16,4 +21,29 @@ metadata:
{{- end }}
data:
config: {{ toYaml .Values.config | b64enc }}
+{{- end }}
+
+{{- if .Values.agentValues }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: loft-default-agent-values
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "loft.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ annotations:
+ {{- if or .Values.commonAnnotations .Values.agentSecretAnnotations }}
+ {{- with .Values.agentSecretAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.commonAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
+data:
+ values: {{ toYaml .Values.agentValues | b64enc }}
{{- end }}
\ No newline at end of file
diff --git a/charts/loft/loft/values.yaml b/charts/loft/loft/values.yaml
index 3bc84caaf..79e6db2ee 100644
--- a/charts/loft/loft/values.yaml
+++ b/charts/loft/loft/values.yaml
@@ -48,6 +48,9 @@ tls:
# Annotations for the loft-config secret
# secretAnnotations: {}
+# Annotations for the loft-default-agent-values secret
+# agentSecretAnnotations: {}
+
# Additional labels for the loft pod
# podLabels: {}
@@ -75,10 +78,10 @@ replicaCount: 1
# Resources of the loft deployment
resources:
requests:
- memory: 128Mi
- cpu: 50m
+ memory: 256Mi
+ cpu: 200m
limits:
- memory: 2Gi
+ memory: 4Gi
cpu: "2"
# Additional volumes that should be mounted to the loft deployment
@@ -97,8 +100,8 @@ livenessProbe:
# If an extension api service should be registered for
# the loft apis in kubernetes
-apiService:
- enabled: false
+apiservice:
+ create: true
# Additional loft service account options
serviceAccount:
@@ -144,7 +147,8 @@ serviceMonitor:
scrapeTimeout: 30s
labels: {}
-# Loft config to use initially
+# Loft config to use, all options can be seen at:
+# https://loft.sh/docs/admin/config
config:
audit:
enabled: true
@@ -154,4 +158,9 @@ config:
# - drops all capabilities
# - runs as non-root
securityContext:
- enabled: true
\ No newline at end of file
+ enabled: true
+
+# Loft *agent* default values to use, options can be seen in the loft-agent chart values:
+# https://github.com/loft-sh/loft/blob/master/charts/loft-agent/values.yaml
+# agent values cluster annotations take precedent over these values
+agentValues: {}
diff --git a/charts/ondat/ondat-operator/Chart.yaml b/charts/ondat/ondat-operator/Chart.yaml
index 244fb8f1b..225156686 100644
--- a/charts/ondat/ondat-operator/Chart.yaml
+++ b/charts/ondat/ondat-operator/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: ondat-operator
apiVersion: v2
-appVersion: v2.9.1
+appVersion: v2.10.0
description: Cloud Native storage for containers
home: https://ondat.io
icon: https://docs.ondat.io/images/generic/Ondat_logo.svg
@@ -23,4 +23,4 @@ maintainers:
name: ondat-operator
sources:
- https://github.com/ondat
-version: 0.7.3
+version: 0.7.4
diff --git a/charts/ondat/ondat-operator/crds/storageoscluster_crd.yaml b/charts/ondat/ondat-operator/crds/storageoscluster_crd.yaml
index 6eec65177..1324890dc 100644
--- a/charts/ondat/ondat-operator/crds/storageoscluster_crd.yaml
+++ b/charts/ondat/ondat-operator/crds/storageoscluster_crd.yaml
@@ -51,6 +51,416 @@ spec:
spec:
description: StorageOSClusterSpec defines the desired state of StorageOSCluster
properties:
+ containerResources:
+ description: ContainerResources is to set the resource requirements
+ of each individual container managed by the operator.
+ properties:
+ apiManagerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ cliContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ csiExternalAttacherContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ csiExternalProvisionerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ csiExternalResizerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ csiExternalSnapshotterContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ csiLivenessProbeContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ csiNodeDriverRegistrarContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ initContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ kubeSchedulerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ metricsExporterContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ nodeContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ nodeManagerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ portalManagerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ snapshotControllerContainer:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute
+ resources required. If Requests is omitted for a container,
+ it defaults to Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ type: object
csi:
description: CSI defines the configurations for CSI.
properties:
@@ -100,6 +510,9 @@ spec:
debug:
description: Debug is to set debug mode of the cluster.
type: boolean
+ disableCLI:
+ description: Disable StorageOS CLI deployment.
+ type: boolean
disableFencing:
description: "Disable Pod Fencing. With StatefulSets, Pods are only
re-scheduled if the Pod has been marked as killed. In practice
@@ -158,6 +571,8 @@ spec:
properties:
apiManagerContainer:
type: string
+ cliContainer:
+ type: string
csiClusterDriverRegistrarContainer:
type: string
csiExternalAttacherContainer:
@@ -190,6 +605,8 @@ spec:
type: string
portalManagerContainer:
type: string
+ snapshotControllerContainer:
+ type: string
type: object
ingress:
description: 'Ingress defines the ingress configurations used in the
@@ -356,8 +773,9 @@ spec:
Not used any more, operator is always running.'
type: boolean
resources:
- description: Resources is to set the resource requirements of the
- storageos containers.
+ description: 'Resources is to set the resource requirements of the
+ storageos containers. Deprecated: Set resource requests for individual
+ containers via ContainerResources field in spec.'
properties:
limits:
additionalProperties:
diff --git a/charts/ondat/ondat-operator/templates/cleanup.yaml b/charts/ondat/ondat-operator/templates/cleanup.yaml
index 2b1868aa9..2f96fb0b3 100644
--- a/charts/ondat/ondat-operator/templates/cleanup.yaml
+++ b/charts/ondat/ondat-operator/templates/cleanup.yaml
@@ -11,19 +11,22 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: storageos-cleanup
+ name: storageos-cleanup-1
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "1"
-
+{{- with .Values.images.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: storageos:cleanup
+ name: storageos:cleanup-1
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
@@ -96,17 +99,17 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: storageos:cleanup
+ name: storageos:cleanup-1
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "2"
subjects:
-- name: storageos-cleanup
+- name: storageos-cleanup-1
kind: ServiceAccount
namespace: {{ .Release.Namespace }}
roleRef:
- name: storageos:cleanup
+ name: storageos:cleanup-1
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
@@ -127,7 +130,7 @@ metadata:
spec:
template:
spec:
- serviceAccountName: storageos-cleanup
+ serviceAccountName: storageos-cleanup-1
containers:
- name: "storageos-storageoscluster-cleanup"
image: "{{ $.Values.images.kubectl.registry }}/{{ $.Values.images.kubectl.image }}:{{ $.Values.images.kubectl.tag }}"
@@ -156,7 +159,7 @@ metadata:
spec:
template:
spec:
- serviceAccountName: storageos-cleanup
+ serviceAccountName: storageos-cleanup-1
containers:
- name: "storageos-cleanup-wait"
image: "{{ $.Values.images.kubectl.registry }}/{{ $.Values.images.kubectl.image }}:{{ $.Values.images.kubectl.tag }}"
@@ -181,19 +184,23 @@ spec:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: storageos-cleanup
+ name: storageos-cleanup-2
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "1"
+{{- with .Values.images.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: storageos:cleanup
+ name: storageos:cleanup-2
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
@@ -266,17 +273,17 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: storageos:cleanup
+ name: storageos:cleanup-2
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "2"
subjects:
-- name: storageos-cleanup
+- name: storageos-cleanup-2
kind: ServiceAccount
namespace: {{ .Release.Namespace }}
roleRef:
- name: storageos:cleanup
+ name: storageos:cleanup-2
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
@@ -297,7 +304,7 @@ metadata:
spec:
template:
spec:
- serviceAccountName: storageos-cleanup
+ serviceAccountName: storageos-cleanup-2
containers:
- name: "storageos-operator-data-cleanup"
image: "{{ $.Values.images.kubectl.registry }}/{{ $.Values.images.kubectl.image }}:{{ $.Values.images.kubectl.tag }}"
diff --git a/charts/ondat/ondat-operator/templates/config-maps.yaml b/charts/ondat/ondat-operator/templates/config-maps.yaml
index 4927df4d3..e209622ec 100644
--- a/charts/ondat/ondat-operator/templates/config-maps.yaml
+++ b/charts/ondat/ondat-operator/templates/config-maps.yaml
@@ -16,6 +16,7 @@ data:
webhookServiceName: storageos-operator-webhook
webhookSecretRef: storageos-operator-webhook
validatingWebhookConfigRef: storageos-operator-validating-webhook
+ serialExecutionStrategy: false
kind: ConfigMap
metadata:
labels:
@@ -33,6 +34,9 @@ data:
{{- if and .Values.images.apiManager.image .Values.images.apiManager.tag }}
RELATED_IMAGE_API_MANAGER: "{{ .Values.images.apiManager.registry}}/{{ .Values.images.apiManager.image }}:{{ .Values.images.apiManager.tag }}"
{{- end }}
+ {{- if and .Values.images.cli.image .Values.images.cli.tag }}
+ RELATED_IMAGE_CLI: "{{ .Values.images.cli.registry}}/{{ .Values.images.cli.image }}:{{ .Values.images.cli.tag }}"
+ {{- end }}
{{- if and .Values.images.csiV1ExternalAttacherV3.image .Values.images.csiV1ExternalAttacherV3.tag }}
RELATED_IMAGE_CSIV1_EXTERNAL_ATTACHER_V3: "{{ .Values.images.csiV1ExternalAttacherV3.registry}}/{{ .Values.images.csiV1ExternalAttacherV3.image }}:{{ .Values.images.csiV1ExternalAttacherV3.tag }}"
{{- end }}
@@ -63,6 +67,9 @@ data:
{{- if and .Values.images.portalManager.image .Values.images.portalManager.tag }}
RELATED_IMAGE_PORTAL_MANAGER: "{{ .Values.images.portalManager.registry}}/{{ .Values.images.portalManager.image }}:{{ .Values.images.portalManager.tag }}"
{{- end }}
+ {{- if and .Values.images.snapshotController.image .Values.images.snapshotController.tag }}
+ RELATED_IMAGE_SNAPSHOT_CONTROLLER: "{{ .Values.images.snapshotController.registry}}/{{ .Values.images.snapshotController.image }}:{{ .Values.images.snapshotController.tag }}"
+ {{- end }}
{{- if and .Values.images.init.image .Values.images.init.tag }}
RELATED_IMAGE_STORAGEOS_INIT: "{{ .Values.images.init.registry}}/{{ .Values.images.init.image }}:{{ .Values.images.init.tag }}"
{{- end }}
diff --git a/charts/ondat/ondat-operator/templates/operator.yaml b/charts/ondat/ondat-operator/templates/operator.yaml
index a643f7d2f..f5bb703ac 100644
--- a/charts/ondat/ondat-operator/templates/operator.yaml
+++ b/charts/ondat/ondat-operator/templates/operator.yaml
@@ -28,6 +28,10 @@ spec:
control-plane: controller-manager
release: {{ .Release.Name }}
spec:
+ {{- with .Values.images.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
containers:
- args:
- --config=operator_config.yaml
@@ -38,6 +42,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: DISABLE_CONFIG_WATCH
envFrom:
- configMapRef:
name: storageos-related-images
diff --git a/charts/ondat/ondat-operator/templates/service-account.yaml b/charts/ondat/ondat-operator/templates/service-account.yaml
index fdc2e9198..efb3fb4bf 100644
--- a/charts/ondat/ondat-operator/templates/service-account.yaml
+++ b/charts/ondat/ondat-operator/templates/service-account.yaml
@@ -9,3 +9,7 @@ metadata:
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+{{- with .Values.images.imagePullSecrets }}
+imagePullSecrets:
+ {{- toYaml . | nindent 2 }}
+{{- end }}
diff --git a/charts/ondat/ondat-operator/values.yaml b/charts/ondat/ondat-operator/values.yaml
index 303e03228..37d97d0b6 100644
--- a/charts/ondat/ondat-operator/values.yaml
+++ b/charts/ondat/ondat-operator/values.yaml
@@ -8,38 +8,44 @@ k8sDistro: default
# operator-specific configuation parameters.
images:
+ # imagePullSecrets:
+ # - name: ""
operator:
registry: docker.io/storageos
image: operator
- tag: v2.9.1
+ tag: v2.10.0
apiManager:
registry: docker.io/storageos
image: api-manager
- tag: v1.2.14
+ tag: v1.2.16
+ cli:
+ registry: docker.io/storageos
+ image: cli
+ tag: v2.10.0
csiV1ExternalAttacherV3:
- registry: quay.io/k8scsi
+ registry: k8s.gcr.io/sig-storage
image: csi-attacher
- tag: v3.1.0
+ tag: v3.5.0
csiV1ExternalProvisioner:
registry: docker.io/storageos
image: csi-provisioner
- tag: v2.1.1-snapshots-patched
+ tag: v3.3.0-patched
csiV1ExternalResizer:
- registry: quay.io/k8scsi
+ registry: k8s.gcr.io/sig-storage
image: csi-resizer
- tag: v1.1.0
+ tag: v1.6.0
csiV1ExternalSnapshotter:
- registry: quay.io/k8scsi
+ registry: k8s.gcr.io/sig-storage
image: csi-snapshotter
- tag: v4.0.0
+ tag: v4.2.1
csiV1LivenessProbe:
- registry: quay.io/k8scsi
+ registry: registry.k8s.io/sig-storage
image: livenessprobe
- tag: v2.2.0
+ tag: v2.8.0
csiV1NodeDriverRegistrar:
- registry: quay.io/k8scsi
+ registry: registry.k8s.io/sig-storage
image: csi-node-driver-registrar
- tag: v2.1.0
+ tag: v2.6.0
init:
registry: docker.io/storageos
image: init
@@ -54,7 +60,7 @@ images:
registry: quay.io/brancz
image: kube-rbac-proxy
tag: v0.10.0
- # These values SHOULD be set dynamically on install based on the Kubernetes version.
+ # These values SHOULD be set dynamically on install based on Kubernetes version.
# That behaviour will be overridden if values are set here.
# i.e. only fill these fields if you are sure you know what you're doing.
kubeScheduler:
@@ -64,7 +70,7 @@ images:
node:
registry: docker.io/storageos
image: node
- tag: v2.9.1
+ tag: v2.10.0
metricsExporter:
registry: docker.io/storageos
image: metrics-exporter
@@ -72,15 +78,19 @@ images:
nodeManager:
registry: docker.io/storageos
image: node-manager
- tag: v0.0.8
+ tag: v0.0.9
portalManager:
registry: docker.io/storageos
image: portal-manager
- tag: v1.0.6
+ tag: v1.0.7
nodeGuard:
registry: docker.io/storageos
image: node-guard
tag: v0.0.2
+ snapshotController:
+ registry: k8s.gcr.io/sig-storage
+ image: snapshot-controller
+ tag: v4.2.1
# parameters for StorageOS resource quotas
# Required for GKE installation!
diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml
index ceb2963c4..cbc4b77eb 100644
--- a/charts/redpanda/redpanda/Chart.yaml
+++ b/charts/redpanda/redpanda/Chart.yaml
@@ -1,7 +1,7 @@
annotations:
artifacthub.io/images: |
- name: redpanda
- image: vectorized/redpanda:v22.3.13
+ image: vectorized/redpanda:v23.1.1
- name: busybox
image: busybox:latest
artifacthub.io/license: Apache-2.0
@@ -15,7 +15,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: redpanda
apiVersion: v2
-appVersion: v22.3.13
+appVersion: v23.1.1
dependencies:
- condition: console.enabled
name: console
@@ -31,4 +31,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
-version: 2.12.2
+version: 3.0.2
diff --git a/charts/redpanda/redpanda/ci/09-initcontainers-resources-values.yaml b/charts/redpanda/redpanda/ci/09-initcontainers-resources-values.yaml
new file mode 100644
index 000000000..3a52e2522
--- /dev/null
+++ b/charts/redpanda/redpanda/ci/09-initcontainers-resources-values.yaml
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+statefulset:
+ initContainers:
+ configurator:
+ resources:
+ requests:
+ memory: "20Mi"
+ cpu: "100m"
+ limits:
+ memory: "60Mi"
+ cpu: "200m"
diff --git a/charts/redpanda/redpanda/cr.yaml b/charts/redpanda/redpanda/cr.yaml
new file mode 100644
index 000000000..2f38f5ead
--- /dev/null
+++ b/charts/redpanda/redpanda/cr.yaml
@@ -0,0 +1,6 @@
+owner: redpanda-data
+git-repo: redpanda-data/helm-charts
+token: lab
+make-release-latest: true
+generate-release-notes: true
+package-path: ./charts/
diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl
index da72ce8cf..0c0d7326f 100644
--- a/charts/redpanda/redpanda/templates/_helpers.tpl
+++ b/charts/redpanda/redpanda/templates/_helpers.tpl
@@ -479,6 +479,7 @@ than 1 core.
# manage backward compatibility with renaming podSecurityContext to securityContext
{{- define "pod-security-context" -}}
fsGroup: {{ dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset }}
+fsGroupChangePolicy: {{ dig "securityContext" "fsGroupChangePolicy" "OnRootMismatch" .Values.statefulset }}
{{- end -}}
# for backward compatibility, force a default on releases that didn't
diff --git a/charts/redpanda/redpanda/templates/certs.yaml b/charts/redpanda/redpanda/templates/certs.yaml
index a0c76eee2..ba4f5945e 100644
--- a/charts/redpanda/redpanda/templates/certs.yaml
+++ b/charts/redpanda/redpanda/templates/certs.yaml
@@ -35,6 +35,7 @@ metadata:
{{- end }}
spec:
dnsNames:
+{{- if (empty $data.issuerRef) }}
- {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }}
- {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }}
- {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }}
@@ -47,12 +48,13 @@ spec:
- {{ printf "*.%s.%s.svc.%s" $service $ns $domain | quote }}
- {{ printf "*.%s.%s.svc" $service $ns | quote }}
- {{ printf "*.%s.%s" $service $ns | quote }}
+{{- end }}
{{- if $values.external.domain }}
+ - "{{ $values.external.domain }}"
- "*.{{ $values.external.domain }}"
{{- end }}
duration: {{ $d | default "43800h" }}
isCA: false
- commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
privateKey:
algorithm: ECDSA
diff --git a/charts/redpanda/redpanda/templates/service.loadbalancer.yaml b/charts/redpanda/redpanda/templates/service.loadbalancer.yaml
index 150de32a4..c762e910b 100644
--- a/charts/redpanda/redpanda/templates/service.loadbalancer.yaml
+++ b/charts/redpanda/redpanda/templates/service.loadbalancer.yaml
@@ -29,6 +29,10 @@ metadata:
{{- . | nindent 4 }}
{{- end }}
repdanda.com/type: "loadbalancer"
+{{- with $values.external.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
spec:
type: LoadBalancer
{{- if not ( empty $root.Values.external.sourceRanges ) }}
diff --git a/charts/redpanda/redpanda/templates/services.nodeport.yaml b/charts/redpanda/redpanda/templates/services.nodeport.yaml
index f06152698..967bdc4c0 100644
--- a/charts/redpanda/redpanda/templates/services.nodeport.yaml
+++ b/charts/redpanda/redpanda/templates/services.nodeport.yaml
@@ -26,6 +26,10 @@ metadata:
{{- with include "full.labels" . }}
{{- . | nindent 4 }}
{{- end }}
+{{- with $values.external.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
spec:
type: NodePort
externalTrafficPolicy: Local
diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml
index 874e7e7d7..d70fde670 100644
--- a/charts/redpanda/redpanda/templates/statefulset.yaml
+++ b/charts/redpanda/redpanda/templates/statefulset.yaml
@@ -71,22 +71,20 @@ spec:
volumeMounts:
- name: {{ template "redpanda.fullname" . }}
mountPath: /etc/redpanda
+ {{- if get .Values.statefulset.initContainers.tuning "resources" }}
+ resources: {{- toYaml .Values.statefulset.initContainers.tuning.resources | nindent 12 }}
+ {{- end }}
{{- end }}
-{{- if not .Values.statefulset.skipChown }}
- - name: set-datadir-ownership
- image: {{ .Values.statefulset.initContainerImage.repository }}:{{ .Values.statefulset.initContainerImage.tag }}
- command: ["/bin/sh", "-c", "chown {{ $uid }}:{{ $gid }} -R /var/lib/redpanda/data"]
- volumeMounts:
- - name: datadir
- mountPath: /var/lib/redpanda/data
- {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }}
+{{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }}
- name: set-tiered-storage-cache-dir-ownership
image: {{ .Values.statefulset.initContainerImage.repository }}:{{ .Values.statefulset.initContainerImage.tag }}
command: ["/bin/sh", "-c", 'chown {{ $uid }}:{{ $gid }} -R {{ template "tieredStorage.cacheDirectory" . }}']
volumeMounts:
- name: tiered-storage-dir
mountPath: {{ template "tieredStorage.cacheDirectory" . }}
- {{- end }}
+ {{- if get .Values.statefulset.initContainers.setTieredStorageCacheDirOwnership "resources" }}
+ resources: {{- toYaml .Values.statefulset.initContainers.setTieredStorageCacheDirOwnership.resources | nindent 12 }}
+ {{- end }}
{{- end }}
- name: {{ (include "redpanda.name" .) | trunc 51 }}-configurator
image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }}
@@ -178,7 +176,9 @@ spec:
mountPath: /tmp/base-config
- name: config
mountPath: /etc/redpanda
- resources: {{ toYaml .Values.statefulset.resources | nindent 12 }}
+ {{- if get .Values.statefulset.initContainers.configurator "resources" }}
+ resources: {{- toYaml .Values.statefulset.initContainers.configurator.resources | nindent 12 }}
+ {{- end }}
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }}
diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json
index 79e20814b..fb23d6a18 100644
--- a/charts/redpanda/redpanda/values.schema.json
+++ b/charts/redpanda/redpanda/values.schema.json
@@ -191,6 +191,9 @@
},
"sourceRanges": {
"type": "array"
+ },
+ "annotations": {
+ "type": "object"
}
}
},
@@ -663,14 +666,41 @@
},
"runAsUser": {
"type": "integer"
+ },
+ "fsGroupChangePolicy": {
+ "type": "string",
+ "pattern": "^(OnRootMismatch|Always)$"
}
}
},
- "initContainer": {
- "type": "string"
- },
- "skipChown": {
- "type": "boolean"
+ "initContainers": {
+ "type": "object",
+ "properties": {
+ "tuning": {
+ "type": "object",
+ "properties": {
+ "resources": {
+ "type": "object"
+ }
+ }
+ },
+ "setTieredStorageCacheDirOwnership": {
+ "type": "object",
+ "properties": {
+ "resources": {
+ "type": "object"
+ }
+ }
+ },
+ "configurator": {
+ "type": "object",
+ "properties": {
+ "resources": {
+ "type": "object"
+ }
+ }
+ }
+ }
}
}
},
diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml
index 8137aa757..72784a6b8 100644
--- a/charts/redpanda/redpanda/values.yaml
+++ b/charts/redpanda/redpanda/values.yaml
@@ -460,7 +460,6 @@ post_upgrade_job:
# extraEnvFrom:
# - secretRef:
# name: redpanda-aws-secrets
-
statefulset:
# Number of Redpanda brokers (recommend setting this to the number of nodes in the cluster)
replicas: 3
@@ -534,12 +533,17 @@ statefulset:
securityContext:
fsGroup: 101
runAsUser: 101
+ fsGroupChangePolicy: OnRootMismatch
+ initContainers:
+ tuning:
+ resources: {}
+ setTieredStorageCacheDirOwnership:
+ resources: {}
+ configurator:
+ resources: {}
initContainerImage:
repository: busybox
tag: latest
- # in environments where root is not allowed, you cannot change the ownership of files and directories
- # set this to skip this step
- skipChown: false
# Service account management
serviceAccount:
diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml
index de0160065..fd925ca05 100644
--- a/charts/speedscale/speedscale-operator/Chart.yaml
+++ b/charts/speedscale/speedscale-operator/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
-appVersion: 1.2.380
+appVersion: 1.2.416
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
home: https://speedscale.com
@@ -24,4 +24,4 @@ maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
-version: 1.2.24
+version: 1.2.26
diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md
index d480b9ede..f9e48fe23 100644
--- a/charts/speedscale/speedscale-operator/README.md
+++ b/charts/speedscale/speedscale-operator/README.md
@@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
-### Upgrade to 1.2.24
+### Upgrade to 1.2.26
```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.24/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.26/templates/crds/trafficreplays.yaml
```
### Upgrade to 1.1.0
diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md
index d480b9ede..f9e48fe23 100644
--- a/charts/speedscale/speedscale-operator/app-readme.md
+++ b/charts/speedscale/speedscale-operator/app-readme.md
@@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
-### Upgrade to 1.2.24
+### Upgrade to 1.2.26
```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.24/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.26/templates/crds/trafficreplays.yaml
```
### Upgrade to 1.1.0
diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml
index a2b4acfaf..a64d969c8 100644
--- a/charts/speedscale/speedscale-operator/values.yaml
+++ b/charts/speedscale/speedscale-operator/values.yaml
@@ -20,7 +20,7 @@ clusterName: "my-cluster"
# Speedscale components image settings.
image:
registry: gcr.io/speedscale
- tag: v1.2.380
+ tag: v1.2.416
pullPolicy: Always
# Log level for Speedscale components.
diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md
index e904eb7ee..613a1914b 100644
--- a/charts/sysdig/sysdig/CHANGELOG.md
+++ b/charts/sysdig/sysdig/CHANGELOG.md
@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.15.78
+### Chores
+* **sysdig** [8cb737c](https://github.com/sysdiglabs/charts/commit/8cb737cc8d1f5124315f68409091fa4e4e5cd78e): bump agent version to 12.12.1 ([#981](https://github.com/sysdiglabs/charts/issues/981))
+# v1.15.77
+### Bug Fixes
+* **sysdig,node-analyzer** [27ce551](https://github.com/sysdiglabs/charts/commit/27ce5515b64325ebe0e97762dbcc0a2b8deddbd3): Added missing volumeMount required for IBM OCP on legacy and new VM ([#955](https://github.com/sysdiglabs/charts/issues/955))
# v1.15.76
### Chores
* **sysdig** [40b4958](https://github.com/sysdiglabs/charts/commit/40b4958987085f6682751814a9276fdafa4d9c2e): bump agent version to 12.12.0 ([#973](https://github.com/sysdiglabs/charts/issues/973))
diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml
index dd5ba5457..f2dd16c70 100644
--- a/charts/sysdig/sysdig/Chart.yaml
+++ b/charts/sysdig/sysdig/Chart.yaml
@@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: Sysdig
catalog.cattle.io/release-name: sysdig
apiVersion: v1
-appVersion: 12.12.0
+appVersion: 12.12.1
description: Sysdig Monitor and Secure agent
home: https://www.sysdig.com/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
@@ -29,4 +29,4 @@ name: sysdig
sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
-version: 1.15.76
+version: 1.15.78
diff --git a/charts/sysdig/sysdig/README.md b/charts/sysdig/sysdig/README.md
index 1c3cf8e0e..dc5fbc866 100644
--- a/charts/sysdig/sysdig/README.md
+++ b/charts/sysdig/sysdig/README.md
@@ -84,7 +84,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
|----------------------------------------------------------------------|------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|
| `image.registry` | Sysdig Agent image registry | `quay.io` |
| `image.repository` | The image repository to pull from | `sysdig/agent` |
-| `image.tag` | The image tag to pull | `12.12.0` |
+| `image.tag` | The image tag to pull | `12.12.1` |
| `image.digest` | The image digest to pull | ` ` |
| `image.pullPolicy` | The Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `nil` |
diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md
index a90c2501e..2f7752d03 100644
--- a/charts/sysdig/sysdig/RELEASE-NOTES.md
+++ b/charts/sysdig/sysdig/RELEASE-NOTES.md
@@ -1,6 +1,6 @@
# What's Changed
### Chores
-- **sysdig** [40b4958](https://github.com/sysdiglabs/charts/commit/40b4958987085f6682751814a9276fdafa4d9c2e): bump agent version to 12.12.0 ([#973](https://github.com/sysdiglabs/charts/issues/973))
+- **sysdig** [8cb737c](https://github.com/sysdiglabs/charts/commit/8cb737cc8d1f5124315f68409091fa4e4e5cd78e): bump agent version to 12.12.1 ([#981](https://github.com/sysdiglabs/charts/issues/981))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/harbor-scanner-sysdig-secure-0.3.6...sysdig-1.15.76
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.5.76...sysdig-1.15.78
diff --git a/charts/sysdig/sysdig/templates/daemonset-node-analyzer.yaml b/charts/sysdig/sysdig/templates/daemonset-node-analyzer.yaml
index cb1e919b7..d170a437a 100644
--- a/charts/sysdig/sysdig/templates/daemonset-node-analyzer.yaml
+++ b/charts/sysdig/sysdig/templates/daemonset-node-analyzer.yaml
@@ -165,6 +165,9 @@ spec:
resources:
{{ toYaml .Values.nodeAnalyzer.imageAnalyzer.resources | indent 10 }}
volumeMounts:
+ # Needed for some IBM OpenShift clusters which symlink /var/run/containers/storage to contents of /var/data by default
+ - mountPath: /var/data
+ name: vardata-vol
- mountPath: /var/run
name: varrun-vol
- mountPath: /etc/containers/storage.conf
@@ -556,6 +559,9 @@ spec:
optional: true
{{- end }}
volumeMounts:
+ # Needed for some IBM OpenShift clusters which symlink /var/run/containers/storage to contents of /var/data by default
+ - mountPath: /var/data
+ name: vardata-vol
- mountPath: /var/run
name: varrun-vol
- mountPath: /etc/containers/storage.conf
diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml
index a4ec14ba4..40fc8bbb7 100644
--- a/charts/sysdig/sysdig/values.yaml
+++ b/charts/sysdig/sysdig/values.yaml
@@ -8,7 +8,7 @@ image:
registry: quay.io
repository: sysdig/agent
- tag: 12.12.0
+ tag: 12.12.1
# Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/charts/traefik/traefik/Changelog.md b/charts/traefik/traefik/Changelog.md
index 7a4f94562..5bc0f103d 100644
--- a/charts/traefik/traefik/Changelog.md
+++ b/charts/traefik/traefik/Changelog.md
@@ -1,5 +1,15 @@
# Change Log
+## 21.2.0   
+
+**Release date:** 2023-03-07
+
+* Update Chart.yaml
+* 🚨 Fail when enabling PSP on Kubernetes v1.25+ (#801)
+* Separate UDP hostPort for HTTP/3
+* ⬆️ Upgrade traefik Docker tag to v2.9.8
+
+
## 21.1.0   
**Release date:** 2023-02-15
diff --git a/charts/traefik/traefik/Chart.yaml b/charts/traefik/traefik/Chart.yaml
index f1988a6ec..d4294a38c 100644
--- a/charts/traefik/traefik/Chart.yaml
+++ b/charts/traefik/traefik/Chart.yaml
@@ -1,16 +1,14 @@
annotations:
- artifacthub.io/changes: |
- - "✨ release 21.1.0"
- - "⬆️ Upgrade traefik Docker tag to v2.9.7"
- - "fix: traefik image name for renovate"
- - "feat: Add volumeName to PersistentVolumeClaim (#792)"
- - "Allow setting TLS options on dashboard IngressRoute"
+ artifacthub.io/changes: "- \"⬆️ Upgrade traefik Docker tag to v2.9.8\"\n- \"\U0001F6A8
+ Fail when enabling PSP on Kubernetes v1.25+ (#801)\"\n- \"Separate UDP hostPort
+ for HTTP/3\"\n- \"feat: Add volumeName to PersistentVolumeClaim (#792)\"\n- \"Allow
+ setting TLS options on dashboard IngressRoute\"\n"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Traefik Proxy
catalog.cattle.io/kube-version: '>=1.16.0-0'
catalog.cattle.io/release-name: traefik
apiVersion: v2
-appVersion: v2.9.7
+appVersion: v2.9.8
description: A Traefik based Kubernetes ingress controller
home: https://traefik.io/
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
@@ -35,4 +33,4 @@ sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
type: application
-version: 21.1.0
+version: 21.2.0
diff --git a/charts/traefik/traefik/README.md b/charts/traefik/traefik/README.md
index 7d159f086..6c9705213 100644
--- a/charts/traefik/traefik/README.md
+++ b/charts/traefik/traefik/README.md
@@ -63,7 +63,7 @@ helm repo update
# See current Chart & Traefik version
helm search repo traefik/traefik
# Upgrade Traefik
-helm upgrade traefik traefik/traefik
+helm upgrade --reuse-values traefik traefik/traefik
```
New major version indicates that there is an incompatible breaking change.
diff --git a/charts/traefik/traefik/templates/_podtemplate.tpl b/charts/traefik/traefik/templates/_podtemplate.tpl
index 3089be7e9..8b54a1dc0 100644
--- a/charts/traefik/traefik/templates/_podtemplate.tpl
+++ b/charts/traefik/traefik/templates/_podtemplate.tpl
@@ -76,6 +76,15 @@
hostIP: {{ $config.hostIP }}
{{- end }}
protocol: {{ default "TCP" $config.protocol | quote }}
+ {{- if $config.http3 }}
+ {{- if and $config.http3.enabled $config.hostPort }}
+ {{- $http3Port := default $config.hostPort $config.http3.advertisedPort }}
+ - name: "{{ $name }}-http3"
+ containerPort: {{ $config.port }}
+ hostPort: {{ $http3Port }}
+ protocol: UDP
+ {{- end }}
+ {{- end }}
{{- end }}
{{- end }}
{{- if .Values.hub.enabled }}
diff --git a/charts/traefik/traefik/templates/rbac/podsecuritypolicy.yaml b/charts/traefik/traefik/templates/rbac/podsecuritypolicy.yaml
index f4cedc642..bc0a3bdc7 100644
--- a/charts/traefik/traefik/templates/rbac/podsecuritypolicy.yaml
+++ b/charts/traefik/traefik/templates/rbac/podsecuritypolicy.yaml
@@ -1,4 +1,7 @@
{{- if .Values.podSecurityPolicy.enabled }}
+{{- if semverCompare ">=1.25.0-0" .Capabilities.KubeVersion.Version }}
+ {{- fail "ERROR: PodSecurityPolicy has been removed in Kubernetes v1.25+" }}
+{{- end }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
@@ -62,4 +65,4 @@ spec:
{{- if .Values.persistence.enabled }}
- persistentVolumeClaim
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/charts/yugabyte/yugabyte/Chart.yaml b/charts/yugabyte/yugabyte/Chart.yaml
index 52b49a383..4e5aa8527 100644
--- a/charts/yugabyte/yugabyte/Chart.yaml
+++ b/charts/yugabyte/yugabyte/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: yugabyte
apiVersion: v1
-appVersion: 2.16.1.0-b50
+appVersion: 2.16.2.0-b41
description: YugabyteDB is the high-performance distributed SQL database for building
global, internet-scale apps.
home: https://www.yugabyte.com
@@ -17,4 +17,4 @@ maintainers:
name: yugabyte
sources:
- https://github.com/yugabyte/yugabyte-db
-version: 2.16.1
+version: 2.16.2
diff --git a/charts/yugabyte/yugabyte/app-readme.md b/charts/yugabyte/yugabyte/app-readme.md
index 415d3a539..0e7f22486 100644
--- a/charts/yugabyte/yugabyte/app-readme.md
+++ b/charts/yugabyte/yugabyte/app-readme.md
@@ -1 +1 @@
-This chart bootstraps an RF3 YugabyteDB version 2.16.1.0-b50 cluster using the Helm Package Manager.
+This chart bootstraps an RF3 YugabyteDB version 2.16.2.0-b41 cluster using the Helm Package Manager.
diff --git a/charts/yugabyte/yugabyte/templates/_helpers.tpl b/charts/yugabyte/yugabyte/templates/_helpers.tpl
index 72275d3d9..1d506a432 100644
--- a/charts/yugabyte/yugabyte/templates/_helpers.tpl
+++ b/charts/yugabyte/yugabyte/templates/_helpers.tpl
@@ -146,10 +146,17 @@ Generate server broadcast address.
{{/*
Generate server RPC bind address.
+
+In case of multi-cluster services (MCS), we set it to $(POD_IP) to
+ensure YCQL uses a resolvable address.
+See https://github.com/yugabyte/yugabyte-db/issues/16155
*/}}
{{- define "yugabyte.rpc_bind_address" -}}
- {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports -}}
- 0.0.0.0:{{ index .Service.ports "tcp-rpc-port" -}}
+ {{- $port := index .Service.ports "tcp-rpc-port" -}}
+ {{- if .Values.istioCompatibility.enabled -}}
+ 0.0.0.0:{{ $port }}
+ {{- else if .Values.multicluster.createServiceExports -}}
+ $(POD_IP):{{ $port }}
{{- else -}}
{{- include "yugabyte.server_fqdn" . -}}
{{- end -}}
diff --git a/charts/yugabyte/yugabyte/templates/multicluster-common-tserver-service.yaml b/charts/yugabyte/yugabyte/templates/multicluster/common-tserver-service.yaml
similarity index 100%
rename from charts/yugabyte/yugabyte/templates/multicluster-common-tserver-service.yaml
rename to charts/yugabyte/yugabyte/templates/multicluster/common-tserver-service.yaml
diff --git a/charts/yugabyte/yugabyte/templates/multi-cluster-services/gke/service-export.yaml b/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml
similarity index 74%
rename from charts/yugabyte/yugabyte/templates/multi-cluster-services/gke/service-export.yaml
rename to charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml
index 270cb9ab2..eeafcb1bb 100644
--- a/charts/yugabyte/yugabyte/templates/multi-cluster-services/gke/service-export.yaml
+++ b/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml
@@ -1,20 +1,21 @@
{{- /*
Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export
+ https://github.com/kubernetes/enhancements/tree/master/keps/sig-multicluster/1645-multi-cluster-services-api#exporting-services
*/}}
{{- if .Values.multicluster.createServiceExports }}
+apiVersion: {{ .Values.multicluster.mcsApiVersion }}
kind: ServiceExport
-apiVersion: net.gke.io/v1
metadata:
name: {{ .Values.oldNamingStyle | ternary "yb-masters" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-masters") | quote }}
namespace: "{{ .Release.Namespace }}"
labels:
{{- include "yugabyte.labels" . | indent 4 }}
---
+apiVersion: {{ .Values.multicluster.mcsApiVersion }}
kind: ServiceExport
-apiVersion: net.gke.io/v1
metadata:
name: {{ .Values.oldNamingStyle | ternary "yb-tservers" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-tservers") | quote }}
namespace: "{{ .Release.Namespace }}"
labels:
{{- include "yugabyte.labels" . | indent 4 }}
-{{ end -}}
\ No newline at end of file
+{{ end -}}
diff --git a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml b/charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml
similarity index 100%
rename from charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml
rename to charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml
diff --git a/charts/yugabyte/yugabyte/values.yaml b/charts/yugabyte/yugabyte/values.yaml
index 19b8ccf83..b6b854d5a 100644
--- a/charts/yugabyte/yugabyte/values.yaml
+++ b/charts/yugabyte/yugabyte/values.yaml
@@ -4,7 +4,7 @@
Component: "yugabytedb"
Image:
repository: "yugabytedb/yugabyte"
- tag: 2.16.1.0-b50
+ tag: 2.16.2.0-b41
pullPolicy: IfNotPresent
storage:
@@ -168,7 +168,7 @@ multicluster:
## Enable it to deploy YugabyteDB in a multi-cluster services enabled
## Kubernetes cluster (KEP-1645). This will create ServiceExport.
## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export
- ## You can use this gist for the reference to deploy the Yugabyte DB in a multi-cluster scenario.
+ ## You can use this gist for the reference to deploy the YugabyteDB in a multi-cluster scenario.
## Gist - https://gist.github.com/baba230896/78cc9bb6f4ba0b3d0e611cd49ed201bf
createServiceExports: false
@@ -177,6 +177,10 @@ multicluster:
## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#enabling
kubernetesClusterId: ""
+ ## mcsApiVersion is used for the MCS resources created by the
+ ## chart. Set to net.gke.io/v1 when using GKE MCS.
+ mcsApiVersion: "multicluster.x-k8s.io/v1alpha1"
+
serviceMonitor:
## If true, two ServiceMonitor CRs are created. One for yb-master
## and one for yb-tserver
diff --git a/charts/yugabyte/yugaware/Chart.yaml b/charts/yugabyte/yugaware/Chart.yaml
index 41f39b7b8..9a1bc8d8f 100644
--- a/charts/yugabyte/yugaware/Chart.yaml
+++ b/charts/yugabyte/yugaware/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: yugaware
apiVersion: v1
-appVersion: 2.16.1.0-b50
+appVersion: 2.16.2.0-b41
description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring
for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB cluster
with multiple pods provided by Kubernetes or OpenShift and logically grouped together
@@ -17,4 +17,4 @@ maintainers:
- email: arnav@yugabyte.com
name: Arnav Agarwal
name: yugaware
-version: 2.16.1
+version: 2.16.2
diff --git a/charts/yugabyte/yugaware/templates/configs.yaml b/charts/yugabyte/yugaware/templates/configs.yaml
index 64702e65c..f66e8d5d3 100644
--- a/charts/yugabyte/yugaware/templates/configs.yaml
+++ b/charts/yugabyte/yugaware/templates/configs.yaml
@@ -86,6 +86,8 @@ data:
kubernetes.storageClass = "{{ .Values.yugaware.storageClass }}"
kubernetes.pullSecretName = "{{ .Values.image.pullSecret }}"
url = "https://{{ .Values.tls.hostname }}"
+ # GKE MCS takes 7 to 10 minutes to setup DNS
+ wait_for_server_timeout = 15 minutes
}
play.filters {
diff --git a/charts/yugabyte/yugaware/values.yaml b/charts/yugabyte/yugaware/values.yaml
index d14a04898..63da68240 100644
--- a/charts/yugabyte/yugaware/values.yaml
+++ b/charts/yugabyte/yugaware/values.yaml
@@ -8,7 +8,7 @@ image:
# including the yugaware image
repository: quay.io/yugabyte/yugaware
- tag: 2.16.1.0-b50
+ tag: 2.16.2.0-b41
pullPolicy: IfNotPresent
pullSecret: yugabyte-k8s-pull-secret
## Docker config JSON File name
@@ -22,7 +22,7 @@ image:
postgres:
registry: ""
- tag: '14.4'
+ tag: '14.6'
name: postgres
postgres-upgrade:
diff --git a/index.yaml b/index.yaml
index 1578f3b64..2d0ceb3da 100644
--- a/index.yaml
+++ b/index.yaml
@@ -80,6 +80,51 @@ entries:
- assets/datawiza/access-broker-0.1.1.tgz
version: 0.1.1
airflow:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Airflow
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: airflow
+ category: WorkFlow
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 2.5.1
+ created: "2023-03-10T23:04:31.567838873Z"
+ dependencies:
+ - condition: redis.enabled
+ name: redis
+ repository: file://./charts/redis
+ version: 17.x.x
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 12.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Airflow is a tool to express and execute workflows as directed
+ acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task
+ progress and handle task dependencies.
+ digest: c88e3805f8854df8ec1706278bf6e91fabda2b470c4a3c38321920b4665140f5
+ home: https://github.com/bitnami/charts/tree/main/bitnami/airflow
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg
+ keywords:
+ - apache
+ - airflow
+ - workflow
+ - dag
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: airflow
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/airflow
+ - https://airflow.apache.org/
+ urls:
+ - assets/bitnami/airflow-14.0.14.tgz
+ version: 14.0.14
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Airflow
@@ -736,6 +781,42 @@ entries:
- assets/ambassador/ambassador-6.7.1100.tgz
version: 6.7.1100
argo-cd:
+ - annotations:
+ artifacthub.io/changes: |
+ - kind: added
+ description: Add parameter env to redis exporter
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Argo CD
+ catalog.cattle.io/kube-version: '>=1.22.0-0'
+ catalog.cattle.io/release-name: argo-cd
+ apiVersion: v2
+ appVersion: v2.6.4
+ created: "2023-03-10T23:04:30.983351Z"
+ dependencies:
+ - condition: redis-ha.enabled
+ name: redis-ha
+ repository: file://./charts/redis-ha
+ version: 4.22.4
+ description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery
+ tool for Kubernetes.
+ digest: 8e23c041849a90f3fb2f246a9d10b3c88863b52f9fb3a86ab03c50859e04d1d4
+ home: https://github.com/argoproj/argo-helm
+ icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
+ keywords:
+ - argoproj
+ - argocd
+ - gitops
+ kubeVersion: '>=1.22.0-0'
+ maintainers:
+ - name: argoproj
+ url: https://argoproj.github.io/
+ name: argo-cd
+ sources:
+ - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
+ - https://github.com/argoproj/argo-cd
+ urls:
+ - assets/argo/argo-cd-5.25.0.tgz
+ version: 5.25.0
- annotations:
artifacthub.io/changes: |
- kind: added
@@ -1988,6 +2069,39 @@ entries:
- assets/argo/argo-cd-5.8.0.tgz
version: 5.8.0
artifactory-ha:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: JFrog Artifactory HA
+ catalog.cattle.io/kube-version: '>= 1.14.0-0'
+ catalog.cattle.io/release-name: artifactory-ha
+ apiVersion: v2
+ appVersion: 7.55.6
+ created: "2023-03-10T23:04:34.595603058Z"
+ dependencies:
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 10.3.18
+ description: Universal Repository Manager supporting all major packaging formats,
+ build tools and CI servers.
+ digest: 72a1e381aa923a8a063dcb97215c4428d51894c2369d24c1598a29d2313790a8
+ home: https://www.jfrog.com/artifactory/
+ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png
+ keywords:
+ - artifactory
+ - jfrog
+ - devops
+ kubeVersion: '>= 1.14.0-0'
+ maintainers:
+ - email: installers@jfrog.com
+ name: Chart Maintainers at JFrog
+ name: artifactory-ha
+ sources:
+ - https://github.com/jfrog/charts
+ type: application
+ urls:
+ - assets/jfrog/artifactory-ha-107.55.6.tgz
+ version: 107.55.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
@@ -2576,6 +2690,40 @@ entries:
- assets/jfrog/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: JFrog Container Registry
+ catalog.cattle.io/kube-version: '>= 1.14.0-0'
+ catalog.cattle.io/release-name: artifactory-jcr
+ apiVersion: v2
+ appVersion: 7.55.6
+ created: "2023-03-10T23:04:34.818138755Z"
+ dependencies:
+ - name: artifactory
+ repository: file://./charts/artifactory
+ version: 107.55.6
+ description: JFrog Container Registry
+ digest: 8d6e1008afe94185339630d5a544fb989583a1f43536770327054f2075b6f421
+ home: https://jfrog.com/container-registry/
+ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
+ keywords:
+ - artifactory
+ - jfrog
+ - container
+ - registry
+ - devops
+ - jfrog-container-registry
+ kubeVersion: '>= 1.14.0-0'
+ maintainers:
+ - email: helm@jfrog.com
+ name: Chart Maintainers at JFrog
+ name: artifactory-jcr
+ sources:
+ - https://github.com/jfrog/charts
+ type: application
+ urls:
+ - assets/jfrog/artifactory-jcr-107.55.6.tgz
+ version: 107.55.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
@@ -3152,6 +3300,71 @@ entries:
- assets/jfrog/artifactory-jcr-2.5.100.tgz
version: 2.5.100
asserts:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Asserts
+ catalog.cattle.io/kube-version: '>=1.17-0'
+ catalog.cattle.io/release-name: asserts
+ apiVersion: v2
+ created: "2023-03-10T23:04:31.351416958Z"
+ dependencies:
+ - condition: knowledge-sensor.enabled
+ name: knowledge-sensor
+ repository: file://./charts/knowledge-sensor
+ version: 1.1.0
+ - alias: tsdb
+ condition: tsdb.enabled
+ name: victoria-metrics-single
+ repository: file://./charts/victoria-metrics-single
+ version: 1.1.0
+ - condition: alertmanager.enabled
+ name: alertmanager
+ repository: file://./charts/alertmanager
+ version: 1.0.0
+ - alias: promxyruler
+ condition: promxyruler.enabled
+ name: promxy
+ repository: file://./charts/promxy
+ version: 0.7.0
+ - alias: promxyuser
+ condition: promxyuser.enabled
+ name: promxy
+ repository: file://./charts/promxy
+ version: 0.7.0
+ - alias: ebpfProbe
+ condition: ebpfProbe.enabled
+ name: ebpf-probe
+ repository: file://./charts/ebpf-probe
+ version: 0.3.0
+ - name: common
+ repository: file://./charts/common
+ version: 1.x.x
+ - alias: redisgraph
+ condition: redisgraph.enabled
+ name: redis
+ repository: file://./charts/redis
+ version: 16.13.2
+ - alias: redisearch
+ condition: redisearch.enabled
+ name: redis
+ repository: file://./charts/redis
+ version: 16.13.2
+ - alias: postgres
+ condition: postgres.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 11.9.13
+ description: Asserts Helm Chart to configure entire asserts stack
+ digest: b897d386f9f019c5d5620939d0a61ee12eef6bfcf20720855a559bc41069f81e
+ icon: https://www.asserts.ai/favicon.png
+ maintainers:
+ - name: Asserts
+ url: https://github.com/asserts
+ name: asserts
+ type: application
+ urls:
+ - assets/asserts/asserts-1.34.0.tgz
+ version: 1.34.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Asserts
@@ -4329,6 +4542,42 @@ entries:
- assets/aws-event-sources/aws-event-sources-0.1.901.tgz
version: 0.1.901
cassandra:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Cassandra
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: cassandra
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 4.1.0
+ created: "2023-03-10T23:04:31.724648285Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Cassandra is an open source distributed database management
+ system designed to handle large amounts of data across many servers, providing
+ high availability with no single point of failure.
+ digest: 4d25126953af29706f6c4d96c7f58034e86f5276a344ebbef8f13d6ed514b8b7
+ home: https://github.com/bitnami/charts/tree/main/bitnami/cassandra
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg
+ keywords:
+ - cassandra
+ - database
+ - nosql
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: cassandra
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/cassandra
+ - http://cassandra.apache.org
+ urls:
+ - assets/bitnami/cassandra-10.1.0.tgz
+ version: 10.1.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Cassandra
@@ -4809,6 +5058,22 @@ entries:
- assets/cert-manager/cert-manager-1.10.0.tgz
version: 1.10.0
cf-runtime:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Codefresh
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: cf-runtime
+ apiVersion: v2
+ appVersion: 1.9.11
+ created: "2023-03-10T23:04:32.807542772Z"
+ description: A Helm chart for Codefresh Runner
+ digest: bdb94ebe993cdce475a3c60f33409ea6157347e96198e98022fcd48b031f2c37
+ icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
+ name: cf-runtime
+ type: application
+ urls:
+ - assets/codefresh/cf-runtime-1.9.11.tgz
+ version: 1.9.11
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
@@ -5459,6 +5724,27 @@ entries:
- assets/cloudcasa/cloudcasa-0.1.000.tgz
version: 0.1.000
cockroachdb:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: CockroachDB
+ catalog.cattle.io/kube-version: '>=1.8-0'
+ catalog.cattle.io/release-name: cockroachdb
+ apiVersion: v1
+ appVersion: 22.2.6
+ created: "2023-03-10T23:04:32.793953889Z"
+ description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
+ digest: 3e03423fa6d20b75113679eca6c8942d9dad3c5e90e9033a059592c5a527b769
+ home: https://www.cockroachlabs.com
+ icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
+ maintainers:
+ - email: helm-charts@cockroachlabs.com
+ name: cockroachlabs
+ name: cockroachdb
+ sources:
+ - https://github.com/cockroachdb/cockroach
+ urls:
+ - assets/cockroach-labs/cockroachdb-10.0.6.tgz
+ version: 10.0.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: CockroachDB
@@ -6222,8 +6508,8 @@ entries:
catalog.cattle.io/featured: "2"
catalog.cattle.io/release-name: cost-analyzer
apiVersion: v2
- appVersion: 1.100.2
- created: "2023-02-16T16:26:04.607863747Z"
+ appVersion: 1.101.0
+ created: "2023-03-10T23:04:45.770531554Z"
dependencies:
- condition: global.grafana.enabled
name: grafana
@@ -6239,7 +6525,38 @@ entries:
version: ~0.29.0
description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor
cloud costs.
- digest: 63bb126bb1df506726ad5659ba164e7dbccd6751f46915070ea2440bf141086f
+ digest: cc96f37c0876e1e412858a9d140c8088553cedd169f9ec762d24c72f6334a058
+ icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
+ name: cost-analyzer
+ urls:
+ - assets/kubecost/cost-analyzer-1.101.0.tgz
+ version: 1.101.0
+ - annotations:
+ artifacthub.io/links: |
+ - name: Homepage
+ url: https://www.kubecost.com
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Kubecost
+ catalog.cattle.io/release-name: cost-analyzer
+ apiVersion: v2
+ appVersion: 1.100.2
+ created: "2023-03-10T23:04:35.363066496Z"
+ dependencies:
+ - condition: global.grafana.enabled
+ name: grafana
+ repository: file://./charts/grafana
+ version: ~1.17.2
+ - condition: global.prometheus.enabled
+ name: prometheus
+ repository: file://./charts/prometheus
+ version: ~11.0.2
+ - condition: global.thanos.enabled
+ name: thanos
+ repository: file://./charts/thanos
+ version: ~0.29.0
+ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor
+ cloud costs.
+ digest: 7a674d8c86fb2e97539a896ce73d2adcdf9fa54dc5cb82b4d63626e9c8216156
icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
name: cost-analyzer
urls:
@@ -6877,6 +7194,43 @@ entries:
- assets/weka/csi-wekafsplugin-0.6.400.tgz
version: 0.6.400
datadog:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Datadog
+ catalog.cattle.io/kube-version: '>=1.10-0'
+ catalog.cattle.io/release-name: datadog
+ apiVersion: v1
+ appVersion: "7"
+ created: "2023-03-10T23:04:32.961588847Z"
+ dependencies:
+ - condition: clusterAgent.metricsProvider.useDatadogMetrics
+ name: datadog-crds
+ repository: https://helm.datadoghq.com
+ tags:
+ - install-crds
+ version: 0.4.7
+ - condition: datadog.kubeStateMetricsEnabled
+ name: kube-state-metrics
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 2.13.2
+ description: Datadog Agent
+ digest: 762661552709e72180b520367c5225f998f2fe3fc44365065b4bd922b3ba4462
+ home: https://www.datadoghq.com
+ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png
+ keywords:
+ - monitoring
+ - alerting
+ - metric
+ maintainers:
+ - email: support@datadoghq.com
+ name: Datadog
+ name: datadog
+ sources:
+ - https://app.datadoghq.com/account/settings#agent/kubernetes
+ - https://github.com/DataDog/datadog-agent
+ urls:
+ - assets/datadog/datadog-3.19.1.tgz
+ version: 3.19.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Datadog
@@ -9329,6 +9683,70 @@ entries:
- assets/inaccel/fpga-operator-2.5.201.tgz
version: 2.5.201
gitlab:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: GitLab
+ catalog.cattle.io/release-name: gitlab
+ apiVersion: v1
+ appVersion: 15.9.3
+ created: "2023-03-10T23:04:34.089327538Z"
+ dependencies:
+ - name: gitlab
+ repository: ""
+ version: '*.*.*'
+ - name: certmanager-issuer
+ repository: ""
+ version: '*.*.*'
+ - name: minio
+ repository: ""
+ version: '*.*.*'
+ - name: registry
+ repository: ""
+ version: '*.*.*'
+ - alias: certmanager
+ condition: certmanager.install
+ name: cert-manager
+ repository: https://charts.jetstack.io/
+ version: 1.5.4
+ - condition: prometheus.install
+ name: prometheus
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 15.0.4
+ - condition: postgresql.install
+ name: postgresql
+ repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami
+ version: 8.9.4
+ - condition: gitlab-runner.install
+ name: gitlab-runner
+ repository: https://charts.gitlab.io/
+ version: 0.50.1
+ - condition: global.grafana.enabled
+ name: grafana
+ repository: https://grafana.github.io/helm-charts
+ version: 6.11.0
+ - condition: redis.install
+ name: redis
+ repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami
+ version: 11.3.4
+ - condition: nginx-ingress.enabled
+ name: nginx-ingress
+ repository: ""
+ version: '*.*.*'
+ description: The One DevOps Platform
+ digest: a1a60b83ee4ea012f4ee8773e8868463cef807ffb38099b3f8f7274e2e6ce8f1
+ home: https://about.gitlab.com/
+ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
+ keywords:
+ - gitlab
+ maintainers:
+ - email: support@gitlab.com
+ name: GitLab Inc.
+ name: gitlab
+ sources:
+ - https://gitlab.com/gitlab-org/charts/gitlab
+ urls:
+ - assets/gitlab/gitlab-6.9.3.tgz
+ version: 6.9.3
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: GitLab
@@ -10354,6 +10772,112 @@ entries:
- assets/gitlab/gitlab-6.5.1.tgz
version: 6.5.1
gluu:
+ - annotations:
+ artifacthub.io/changes: |
+ - Chart 5.0.12 official release
+ artifacthub.io/containsSecurityUpdates: "true"
+ artifacthub.io/images: |
+ - name: auth-server
+ image: janssenproject/auth-server:1.0.8-1
+ - name: auth-server-key-rotation
+ image: janssenproject/certmanager:1.0.8-1
+ - name: configuration-manager
+ image: janssenproject/configurator:1.0.8-1
+ - name: config-api
+ image: janssenproject/config-api:1.0.8-1
+ - name: fido2
+ image: janssenproject/fido2:1.0.8-1
+ - name: opendj
+ image: gluufederation/opendj:5.0.0_dev
+ - name: persistence
+ image: janssenproject/persistence-loader:1.0.8-1
+ - name: scim
+ image: janssenproject/scim:1.0.8-1
+ - name: casa
+ image: gluufederation/casa:5.0.0_dev
+ - name: admin-ui
+ image: gluufederation/admin-ui:1.0.8-1
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/prerelease: "true"
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management
+ catalog.cattle.io/kube-version: '>=v1.21.0-0'
+ catalog.cattle.io/release-name: gluu
+ apiVersion: v2
+ appVersion: 5.0.0
+ created: "2023-03-10T23:04:34.134495246Z"
+ dependencies:
+ - condition: global.config.enabled
+ name: config
+ repository: file://./charts/config
+ version: 5.0.13
+ - condition: global.config-api.enabled
+ name: config-api
+ repository: file://./charts/config-api
+ version: 5.0.13
+ - condition: global.opendj.enabled
+ name: opendj
+ repository: file://./charts/opendj
+ version: 5.0.13
+ - condition: global.auth-server.enabled
+ name: auth-server
+ repository: file://./charts/auth-server
+ version: 5.0.13
+ - condition: global.admin-ui.enabled
+ name: admin-ui
+ repository: file://./charts/admin-ui
+ version: 5.0.13
+ - condition: global.fido2.enabled
+ name: fido2
+ repository: file://./charts/fido2
+ version: 5.0.13
+ - condition: global.scim.enabled
+ name: scim
+ repository: file://./charts/scim
+ version: 5.0.13
+ - condition: global.nginx-ingress.enabled
+ name: nginx-ingress
+ repository: file://./charts/nginx-ingress
+ version: 5.0.13
+ - condition: global.oxshibboleth.enabled
+ name: oxshibboleth
+ repository: file://./charts/oxshibboleth
+ version: 5.0.13
+ - condition: global.oxpassport.enabled
+ name: oxpassport
+ repository: file://./charts/oxpassport
+ version: 5.0.13
+ - condition: global.casa.enabled
+ name: casa
+ repository: file://./charts/casa
+ version: 5.0.13
+ - condition: global.auth-server-key-rotation.enabled
+ name: auth-server-key-rotation
+ repository: file://./charts/auth-server-key-rotation
+ version: 5.0.13
+ - condition: global.persistence.enabled
+ name: persistence
+ repository: file://./charts/persistence
+ version: 5.0.13
+ - condition: global.istio.ingress
+ name: cn-istio-ingress
+ repository: file://./charts/cn-istio-ingress
+ version: 5.0.13
+ description: Gluu Access and Identity Management
+ digest: 043e05e04d527fe6f7c48005bb281a5af4d4669fdc0e769e812afaabcee21748
+ home: https://www.gluu.org
+ icon: https://gluu.org/docs/gluu-server/favicon.ico
+ kubeVersion: '>=v1.21.0-0'
+ maintainers:
+ - email: support@gluu.org
+ name: moabu
+ name: gluu
+ sources:
+ - https://gluu.org/docs/gluu-server
+ - https://github.com/GluuFederation/flex/flex-cn-setup
+ urls:
+ - assets/gluu/gluu-5.0.13.tgz
+ version: 5.0.13
- annotations:
artifacthub.io/changes: |
- Chart 5.0.11 official release
@@ -10598,6 +11122,34 @@ entries:
- assets/gopaddle/gopaddle-4.2.5.tgz
version: 4.2.5
haproxy:
+ - annotations:
+ artifacthub.io/changes: |
+ - Use Ingress Controller 1.9.5 version for base image
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
+ catalog.cattle.io/kube-version: '>=1.19.0-0'
+ catalog.cattle.io/release-name: haproxy
+ apiVersion: v2
+ appVersion: 1.9.5
+ created: "2023-03-10T23:04:34.174681388Z"
+ description: A Helm chart for HAProxy Kubernetes Ingress Controller
+ digest: 5f9b82b81ced7c5917af92a00d9fda630d0b0fc6a0c6eab45ec5b09ef0de2994
+ home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
+ icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
+ keywords:
+ - ingress
+ - haproxy
+ kubeVersion: '>=1.19.0-0'
+ maintainers:
+ - email: dkorunic@haproxy.com
+ name: Dinko Korunic
+ name: haproxy
+ sources:
+ - https://github.com/haproxytech/kubernetes-ingress
+ type: application
+ urls:
+ - assets/haproxy/haproxy-1.29.1.tgz
+ version: 1.29.1
- annotations:
artifacthub.io/changes: |
- replace k8s.gcr.io registry for the default backend with registry.k8s.io
@@ -11090,6 +11642,43 @@ entries:
- assets/harbor/harbor-1.10.1.tgz
version: 1.10.1
hpe-csi-driver:
+ - annotations:
+ artifacthub.io/containsSecurityUpdates: "true"
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/links: |
+ - name: Documentation
+ url: https://scod.hpedev.io/csi_driver
+ artifacthub.io/prerelease: "false"
+ artifacthub.io/recommendations: |
+ - url: https://artifacthub.io/packages/olm/community-operators/hpe-csi-operator
+ - url: https://artifacthub.io/packages/helm/hpe-storage/hpe-csi-info-metrics
+ - url: https://artifacthub.io/packages/helm/hpe-storage/hpe-array-exporter
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: HPE CSI Driver
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/namespace: hpe-storage
+ catalog.cattle.io/release-name: hpe-csi-driver
+ apiVersion: v1
+ appVersion: 2.3.0
+ created: "2023-03-10T23:04:34.280571114Z"
+ description: A Helm chart for installing the HPE CSI Driver for Kubernetes
+ digest: f86edbfc36647fcdefa9ea698a318325779fa997e3435dee00c9e25d4b3ca3cc
+ home: https://hpe.com/storage/containers
+ icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png
+ keywords:
+ - HPE
+ - Storage
+ - CSI
+ maintainers:
+ - email: hpe-containers-dev@hpe.com
+ name: raunakkumar
+ name: hpe-csi-driver
+ sources:
+ - https://github.com/hpe-storage/co-deployments
+ - https://github.com/hpe-storage/csi-driver
+ urls:
+ - assets/hpe/hpe-csi-driver-2.3.0.tgz
+ version: 2.3.0
- annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
@@ -11323,6 +11912,36 @@ entries:
- assets/hpe/hpe-flexvolume-driver-3.1.000.tgz
version: 3.1.000
instana-agent:
+ - annotations:
+ artifacthub.io/links: |
+ - name: Instana website
+ url: https://www.instana.com
+ - name: Instana Helm charts
+ url: https://github.com/instana/helm-charts
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Instana Agent
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: instana-agent
+ apiVersion: v2
+ appVersion: 1.244.0
+ created: "2023-03-10T23:04:34.326400931Z"
+ description: Instana Agent for Kubernetes
+ digest: fc03e0c1399e328ea2e34c8ca9f7a456dcb192139626708436c4224935045b2f
+ home: https://www.instana.com/
+ icon: https://agents.instana.io/helm/stan-logo-2020.png
+ maintainers:
+ - email: felix.marx@ibm.com
+ name: FelixMarxIBM
+ - email: henning.treu@ibm.com
+ name: htreu
+ - email: torsten.kohn@ibm.com
+ name: tkohn
+ name: instana-agent
+ sources:
+ - https://github.com/instana/instana-agent-docker
+ urls:
+ - assets/instana/instana-agent-1.2.56.tgz
+ version: 1.2.56
- annotations:
artifacthub.io/links: |
- name: Instana website
@@ -11867,6 +12486,54 @@ entries:
- assets/jaeger/jaeger-operator-2.36.0.tgz
version: 2.36.0
jenkins:
+ - annotations:
+ artifacthub.io/images: |
+ - name: jenkins
+ image: jenkins/jenkins:2.375.3-jdk11
+ - name: k8s-sidecar
+ image: kiwigrid/k8s-sidecar:1.15.0
+ - name: inbound-agent
+ image: jenkins/inbound-agent:4.11.2-4
+ - name: backup
+ image: maorfr/kube-tasks:0.2.0
+ artifacthub.io/links: |
+ - name: Chart Source
+ url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins
+ - name: Jenkins
+ url: https://www.jenkins.io/
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Jenkins
+ catalog.cattle.io/kube-version: '>=1.14-0'
+ catalog.cattle.io/release-name: jenkins
+ apiVersion: v2
+ appVersion: 2.375.3
+ created: "2023-03-10T23:04:34.422274923Z"
+ description: Jenkins - Build great things at any scale! The leading open source
+ automation server, Jenkins provides hundreds of plugins to support building,
+ deploying and automating any project.
+ digest: c8d085b108af4aea2be8bcf795a6df7d10cc1a57b02381fa673b418208854fe6
+ home: https://jenkins.io/
+ icon: https://get.jenkins.io/art/jenkins-logo/logo.svg
+ maintainers:
+ - email: maor.friedman@redhat.com
+ name: maorfr
+ - email: mail@torstenwalter.de
+ name: torstenwalter
+ - email: garridomota@gmail.com
+ name: mogaal
+ - email: wmcdona89@gmail.com
+ name: wmcdona89
+ - email: timjacomb1@gmail.com
+ name: timja
+ name: jenkins
+ sources:
+ - https://github.com/jenkinsci/jenkins
+ - https://github.com/jenkinsci/docker-inbound-agent
+ - https://github.com/maorfr/kube-tasks
+ - https://github.com/jenkinsci/configuration-as-code-plugin
+ urls:
+ - assets/jenkins/jenkins-4.3.5.tgz
+ version: 4.3.5
- annotations:
artifacthub.io/images: |
- name: jenkins
@@ -13836,6 +14503,48 @@ entries:
- assets/kasten/k10-4.5.900.tgz
version: 4.5.900
kafka:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Kafka
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: kafka
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.4.0
+ created: "2023-03-10T23:04:31.919203706Z"
+ dependencies:
+ - condition: zookeeper.enabled
+ name: zookeeper
+ repository: file://./charts/zookeeper
+ version: 11.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Kafka is a distributed streaming platform designed to build
+ real-time pipelines and can be used as a message broker or as a replacement
+ for a log aggregation solution for big data applications.
+ digest: 8566f985ec3253f12fd36312e4422c8ece641d9c41d3bcd479b06d556877546a
+ home: https://github.com/bitnami/charts/tree/main/bitnami/kafka
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg
+ keywords:
+ - kafka
+ - zookeeper
+ - streaming
+ - producer
+ - consumer
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: kafka
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/kafka
+ - https://kafka.apache.org/
+ urls:
+ - assets/bitnami/kafka-21.3.1.tgz
+ version: 21.3.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Kafka
@@ -15504,6 +16213,41 @@ entries:
- assets/linkerd/linkerd2-2.11.0.tgz
version: 2.11.0
loft:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Loft
+ catalog.cattle.io/kube-version: '>=1.22-0'
+ catalog.cattle.io/release-name: loft
+ apiVersion: v2
+ created: "2023-03-10T23:04:45.8759967Z"
+ description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual
+ Clusters
+ digest: 8bce3c49aa827f1c645c26d11d80b5186e4135e638ea6056f46ef1a5246ab2ba
+ home: https://loft.sh
+ icon: https://static.loft.sh/loft/logo/loft-logo.svg
+ keywords:
+ - developer
+ - development
+ - sharing
+ - share
+ - multi-tenancy
+ - tenancy
+ - cluster
+ - space
+ - namespace
+ - vcluster
+ - vclusters
+ maintainers:
+ - email: info@loft.sh
+ name: Loft Labs, Inc.
+ url: https://twitter.com/loft_sh
+ name: loft
+ sources:
+ - https://github.com/loft-sh/loft
+ type: application
+ urls:
+ - assets/loft/loft-3.0.0.tgz
+ version: 3.0.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Loft
@@ -15653,6 +16397,45 @@ entries:
- assets/elastic/logstash-7.17.3.tgz
version: 7.17.3
mariadb:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: MariaDB
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: mariadb
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 10.6.12
+ created: "2023-03-10T23:04:31.974787055Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: MariaDB is an open source, community-developed SQL database server
+ that is widely in use around the world due to its enterprise features, flexibility,
+ and collaboration with leading tech firms.
+ digest: 1bb886a410bdae1040d20007d281b2749c9e70ef40f013fcd1ec51a41f701f85
+ home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
+ icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png
+ keywords:
+ - mariadb
+ - mysql
+ - database
+ - sql
+ - prometheus
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: mariadb
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/mariadb
+ - https://github.com/prometheus/mysqld_exporter
+ - https://mariadb.org
+ urls:
+ - assets/bitnami/mariadb-11.5.3.tgz
+ version: 11.5.3
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: MariaDB
@@ -16261,6 +17044,44 @@ entries:
- assets/minio/minio-operator-4.4.1700.tgz
version: 4.4.1700
mysql:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: MySQL
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: mysql
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 8.0.32
+ created: "2023-03-10T23:04:32.009012416Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: MySQL is a fast, reliable, scalable, and easy to use open source
+ relational database system. Designed to handle mission-critical, heavy-load
+ production applications.
+ digest: 5d74b71faa6172a462619bd29b7ebbca04e071fc43afb9302cb1263b42c4a48d
+ home: https://github.com/bitnami/charts/tree/main/bitnami/mysql
+ icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png
+ keywords:
+ - mysql
+ - database
+ - sql
+ - cluster
+ - high availability
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: mysql
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/mysql
+ - https://mysql.com
+ urls:
+ - assets/bitnami/mysql-9.6.0.tgz
+ version: 9.6.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: MySQL
@@ -18315,6 +19136,36 @@ entries:
- assets/nutanix/nutanix-csi-storage-2.3.100.tgz
version: 2.3.100
ondat-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Ondat Operator
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: ondat-operator
+ apiVersion: v2
+ appVersion: v2.10.0
+ created: "2023-03-10T23:04:46.042005219Z"
+ description: Cloud Native storage for containers
+ digest: d4a3a6b5880cc77248aa3495da445aa228f5cad4af7fac51dd81d21ca96893da
+ home: https://ondat.io
+ icon: https://docs.ondat.io/images/generic/Ondat_logo.svg
+ keywords:
+ - storage
+ - block-storage
+ - volume
+ - operator
+ maintainers:
+ - email: david@ondat.io
+ name: DavidMarchant
+ - email: richard.kovacs@ondat.io
+ name: mhmxs
+ - email: simon.flavell@ondat.io
+ name: scflavell
+ name: ondat-operator
+ sources:
+ - https://github.com/ondat
+ urls:
+ - assets/ondat/ondat-operator-0.7.4.tgz
+ version: 0.7.4
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ondat Operator
@@ -20206,6 +21057,41 @@ entries:
- assets/quobyte/quobyte-cluster-0.1.5.tgz
version: 0.1.5
redis:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Redis
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: redis
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 7.0.9
+ created: "2023-03-10T23:04:32.24690092Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Redis(R) is an open source, advanced key-value store. It is often
+ referred to as a data structure server since keys can contain strings, hashes,
+ lists, sets and sorted sets.
+ digest: 16164a3195a9e0b9c35a010e8cb1f30f88e7ff7ddb81dab44b5d935b617ba4a6
+ home: https://github.com/bitnami/charts/tree/main/bitnami/redis
+ icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png
+ keywords:
+ - redis
+ - keyvalue
+ - database
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: redis
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/redis
+ urls:
+ - assets/bitnami/redis-17.8.4.tgz
+ version: 17.8.4
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Redis
@@ -20894,6 +21780,44 @@ entries:
- assets/bitnami/redis-17.3.7.tgz
version: 17.3.7
redpanda:
+ - annotations:
+ artifacthub.io/images: |
+ - name: redpanda
+ image: vectorized/redpanda:v23.1.1
+ - name: busybox
+ image: busybox:latest
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/links: |
+ - name: Documentation
+ url: https://docs.redpanda.com
+ - name: "Helm (>= 3.6.0)"
+ url: https://helm.sh/docs/intro/install/
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Redpanda
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: redpanda
+ apiVersion: v2
+ appVersion: v23.1.1
+ created: "2023-03-10T23:04:46.345984Z"
+ dependencies:
+ - condition: console.enabled
+ name: console
+ repository: file://./charts/console
+ version: '>=0.5 <1.0'
+ description: Redpanda is the real-time engine for modern apps.
+ digest: e10a65b193a30c561c2e99cbf7219a5a754e74f92f03607a38d1cb116e64be50
+ icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
+ kubeVersion: '>=1.21-0'
+ maintainers:
+ - name: redpanda-data
+ url: https://github.com/orgs/redpanda-data/people
+ name: redpanda
+ sources:
+ - https://github.com/redpanda-data/helm-charts
+ type: application
+ urls:
+ - assets/redpanda/redpanda-3.0.2.tgz
+ version: 3.0.2
- annotations:
artifacthub.io/images: |
- name: redpanda
@@ -21996,6 +22920,39 @@ entries:
- assets/redpanda/redpanda-2.1.7.tgz
version: 2.1.7
s3gw:
+ - annotations:
+ app.aquarist-labs.io/name: s3gw
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: S3 Gateway
+ catalog.cattle.io/experimental: "true"
+ catalog.cattle.io/kube-version: '>=1.14'
+ catalog.cattle.io/namespace: s3gw
+ catalog.cattle.io/release-name: s3gw
+ apiVersion: v2
+ appVersion: latest
+ created: "2023-03-10T23:04:30.565070565Z"
+ description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s
+ Kubernetes. '
+ digest: 67f0dbca49f8d7d0155827b1481c4c3048011144e0c70bc3d7f1b9d42b65e1a2
+ home: https://github.com/aquarist-labs/s3gw
+ icon: https://raw.githubusercontent.com/aquarist-labs/aquarium-website/gh-pages/images/logo-xl.png
+ keywords:
+ - storage
+ - s3
+ kubeVersion: '>=1.14'
+ maintainers:
+ - email: s3gw@suse.com
+ name: s3gw maintainers
+ url: https://github.com/orgs/aquarist-labs/projects/5
+ name: s3gw
+ sources:
+ - https://github.com/aquarist-labs/s3gw-charts
+ - https://github.com/aquarist-labs/s3gw
+ - https://github.com/aquarist-labs/ceph
+ type: application
+ urls:
+ - assets/aquarist-labs/s3gw-0.13.0.tgz
+ version: 0.13.0
- annotations:
app.aquarist-labs.io/name: s3gw
catalog.cattle.io/certified: partner
@@ -22549,6 +23506,41 @@ entries:
- assets/shipa/shipa-1.4.0.tgz
version: 1.4.0
spark:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Spark
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: spark
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.3.2
+ created: "2023-03-10T23:04:32.295309172Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Spark is a high-performance engine for large-scale computing
+ tasks, such as data processing, machine learning and real-time data streaming.
+ It includes APIs for Java, Python, Scala and R.
+ digest: ffeb01e1939da27a924c45fee0d890761887a7f6f5863418a754b70d28791a03
+ home: https://github.com/bitnami/charts/tree/main/bitnami/spark
+ icon: https://www.apache.org/logos/res/spark/default.png
+ keywords:
+ - apache
+ - spark
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: spark
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/spark
+ - https://spark.apache.org/
+ urls:
+ - assets/bitnami/spark-6.4.0.tgz
+ version: 6.4.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Spark
@@ -22930,6 +23922,37 @@ entries:
- assets/bitnami/spark-6.3.8.tgz
version: 6.3.8
speedscale-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Speedscale Operator
+ catalog.cattle.io/kube-version: '>= 1.17.0-0'
+ catalog.cattle.io/release-name: speedscale-operator
+ apiVersion: v1
+ appVersion: 1.2.416
+ created: "2023-03-10T23:04:46.416933606Z"
+ description: Stress test your APIs with real world scenarios. Collect and replay
+ traffic without scripting.
+ digest: 71b1c4d14c2efec43ff1a01cd50490b552580587209c56ea31ee06fbdf4aaa33
+ home: https://speedscale.com
+ icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png
+ keywords:
+ - speedscale
+ - test
+ - testing
+ - regression
+ - reliability
+ - load
+ - replay
+ - network
+ - traffic
+ kubeVersion: '>= 1.17.0-0'
+ maintainers:
+ - email: support@speedscale.com
+ name: Speedscale Support
+ name: speedscale-operator
+ urls:
+ - assets/speedscale/speedscale-operator-1.2.26.tgz
+ version: 1.2.26
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
@@ -23726,6 +24749,42 @@ entries:
- assets/sumologic/sumologic-2.17.0.tgz
version: 2.17.0
sysdig:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Sysdig
+ catalog.cattle.io/release-name: sysdig
+ apiVersion: v1
+ appVersion: 12.12.1
+ created: "2023-03-10T23:04:46.678770149Z"
+ description: Sysdig Monitor and Secure agent
+ digest: e5870ea49b94a28ad85f95012cf169e9f15d2c783c702d9f05000d72a2196289
+ home: https://www.sysdig.com/
+ icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
+ keywords:
+ - monitoring
+ - security
+ - alerting
+ - metric
+ - troubleshooting
+ - run-time
+ maintainers:
+ - email: lachlan@deis.com
+ name: lachie83
+ - email: jorge.salamero@sysdig.com
+ name: bencer
+ - email: nestor.salceda@sysdig.com
+ name: nestorsalceda
+ - email: alvaro.iradier@sysdig.com
+ name: airadier
+ - email: carlos.arilla@sysdig.com
+ name: carillan81
+ name: sysdig
+ sources:
+ - https://app.sysdigcloud.com/#/settings/user
+ - https://github.com/draios/sysdig
+ urls:
+ - assets/sysdig/sysdig-1.15.78.tgz
+ version: 1.15.78
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Sysdig
@@ -24900,6 +25959,46 @@ entries:
- assets/bitnami/tomcat-10.4.9.tgz
version: 10.4.9
traefik:
+ - annotations:
+ artifacthub.io/changes: "- \"⬆️ Upgrade traefik Docker tag to v2.9.8\"\n- \"\U0001F6A8
+ Fail when enabling PSP on Kubernetes v1.25+ (#801)\"\n- \"Separate UDP hostPort
+ for HTTP/3\"\n- \"feat: Add volumeName to PersistentVolumeClaim (#792)\"\n-
+ \"Allow setting TLS options on dashboard IngressRoute\"\n"
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Traefik Proxy
+ catalog.cattle.io/kube-version: '>=1.16.0-0'
+ catalog.cattle.io/release-name: traefik
+ apiVersion: v2
+ appVersion: v2.9.8
+ created: "2023-03-10T23:04:46.722849311Z"
+ description: A Traefik based Kubernetes ingress controller
+ digest: 5056d0c03e5d75b8b3e1897f5673e644ca689116126ee6138c4c3345879a207e
+ home: https://traefik.io/
+ icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
+ keywords:
+ - traefik
+ - ingress
+ - networking
+ kubeVersion: '>=1.16.0-0'
+ maintainers:
+ - email: emile@vauge.com
+ name: emilevauge
+ - email: daniel.tomcej@gmail.com
+ name: dtomcej
+ - email: ldez@traefik.io
+ name: ldez
+ - email: michel.loiseleur@traefik.io
+ name: mloiseleur
+ - email: charlie.haley@traefik.io
+ name: charlie-haley
+ name: traefik
+ sources:
+ - https://github.com/traefik/traefik
+ - https://github.com/traefik/traefik-helm-chart
+ type: application
+ urls:
+ - assets/traefik/traefik-21.2.0.tgz
+ version: 21.2.0
- annotations:
artifacthub.io/changes: |
- "✨ release 21.1.0"
@@ -26025,6 +27124,54 @@ entries:
- assets/hashicorp/vault-0.22.0.tgz
version: 0.22.0
wordpress:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: WordPress
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: wordpress
+ category: CMS
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 6.1.1
+ created: "2023-03-10T23:04:32.638578296Z"
+ dependencies:
+ - condition: memcached.enabled
+ name: memcached
+ repository: file://./charts/memcached
+ version: 6.x.x
+ - condition: mariadb.enabled
+ name: mariadb
+ repository: file://./charts/mariadb
+ version: 11.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: WordPress is the world's most popular blogging and content management
+ platform. Powerful yet simple, everyone from students to global corporations
+ use it to build beautiful, functional websites.
+ digest: 99dcd86c17ef8f8e97cc6f79c728fdac722661289c74b0fca35661b64debfedd
+ home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress
+ icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png
+ keywords:
+ - application
+ - blog
+ - cms
+ - http
+ - php
+ - web
+ - wordpress
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: wordpress
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/wordpress
+ - https://wordpress.org/
+ urls:
+ - assets/bitnami/wordpress-15.2.51.tgz
+ version: 15.2.51
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: WordPress
@@ -27263,6 +28410,30 @@ entries:
- assets/bitnami/wordpress-15.2.6.tgz
version: 15.2.6
yugabyte:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: YugabyteDB
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: yugabyte
+ apiVersion: v1
+ appVersion: 2.16.2.0-b41
+ created: "2023-03-10T23:04:47.040413465Z"
+ description: YugabyteDB is the high-performance distributed SQL database for building
+ global, internet-scale apps.
+ digest: 62caa21f87640862b66071477e5de14a423f55945bba951153aa553f4b73688d
+ home: https://www.yugabyte.com
+ icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4
+ maintainers:
+ - email: sanketh@yugabyte.com
+ name: Sanketh Indarapu
+ - email: gjalla@yugabyte.com
+ name: Govardhan Reddy Jalla
+ name: yugabyte
+ sources:
+ - https://github.com/yugabyte/yugabyte-db
+ urls:
+ - assets/yugabyte/yugabyte-2.16.2.tgz
+ version: 2.16.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: YugabyteDB
@@ -27311,6 +28482,30 @@ entries:
urls:
- assets/yugabyte/yugabyte-2.16.0.tgz
version: 2.16.0
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: YugabyteDB
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: yugabyte
+ apiVersion: v1
+ appVersion: 2.14.7.0-b51
+ created: "2023-03-10T23:04:47.034401589Z"
+ description: YugabyteDB is the high-performance distributed SQL database for building
+ global, internet-scale apps.
+ digest: 59956700c77d11e48a24532bfc74729c4e9911c3f5e4670b559d6ca8b5593dfa
+ home: https://www.yugabyte.com
+ icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4
+ maintainers:
+ - email: ram@yugabyte.com
+ name: Ram Sri
+ - email: arnav@yugabyte.com
+ name: Arnav Agarwal
+ name: yugabyte
+ sources:
+ - https://github.com/yugabyte/yugabyte-db
+ urls:
+ - assets/yugabyte/yugabyte-2.14.7.tgz
+ version: 2.14.7
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: YugabyteDB
@@ -27408,6 +28603,30 @@ entries:
- assets/yugabyte/yugabyte-2.14.3.tgz
version: 2.14.3
yugaware:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: YugabyteDB Anywhere
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: yugaware
+ apiVersion: v1
+ appVersion: 2.16.2.0-b41
+ created: "2023-03-10T23:04:47.059383608Z"
+ description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring
+ for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB
+ cluster with multiple pods provided by Kubernetes or OpenShift and logically
+ grouped together to form one logical distributed database.
+ digest: 529570eb1225e271f8f0d57d43bbfe0b6142e7666927126515d84c913aae9469
+ home: https://www.yugabyte.com
+ icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4
+ maintainers:
+ - email: ram@yugabyte.com
+ name: Ram Sri
+ - email: arnav@yugabyte.com
+ name: Arnav Agarwal
+ name: yugaware
+ urls:
+ - assets/yugabyte/yugaware-2.16.2.tgz
+ version: 2.16.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: YugabyteDB Anywhere
@@ -27453,6 +28672,27 @@ entries:
urls:
- assets/yugabyte/yugaware-2.16.0.tgz
version: 2.16.0
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: YugabyteDB Anywhere
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: yugaware
+ apiVersion: v1
+ appVersion: 2.14.7.0-b51
+ created: "2023-03-10T23:04:47.053661535Z"
+ description: YugaWare is YugaByte Database's Orchestration and Management console.
+ digest: 9f0dabc3ce551b46d25c9e27f910381af1e3d8cf517ffc815337024b864f2d3b
+ home: https://www.yugabyte.com
+ icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4
+ maintainers:
+ - email: ram@yugabyte.com
+ name: Ram Sri
+ - email: arnav@yugabyte.com
+ name: Arnav Agarwal
+ name: yugaware
+ urls:
+ - assets/yugabyte/yugaware-2.14.7.tgz
+ version: 2.14.7
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: YugabyteDB Anywhere