andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #671 from nflondo/main-source 

Charts CI [modified charts]
pull/673/head
alex-isv 2023-02-16 09:44:52 -07:00 committed by GitHub
parent 3eda4422e8 5409fd28b0
commit a033738aa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
210 changed files with 3854 additions and 1342 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.21.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-12.2.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-17.7.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.5.15.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-15.2.42.tgz Normal file
View File

Binary file not shown.

BIN
assets/cockroach-labs/cockroachdb-10.0.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/codefresh/cf-runtime-1.9.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.10.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-0.16.1.tgz
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-0.16.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-service-mesh-0.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/gitlab/gitlab-6.8.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/gluu/gluu-5.0.10.tgz
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.28.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-4.3.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-5.5.401.tgz
View File

Binary file not shown.

BIN
assets/kasten/k10-5.5.501.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.16.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.100.1.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.100.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/kuma/kuma-2.1.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-2.10.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.2.22.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.15.72.tgz Normal file
View File

Binary file not shown.

BIN
assets/traefik/traefik-21.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/triggermesh/triggermesh-0.6.3.tgz Normal file
View File

Binary file not shown.

6
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: fixed
description: Fixed invalid ApplicationSet progressive sync parameter
- kind: added
description: Allow dnsConfig pod configuration
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.22.0-0'
@ -29,4 +29,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.20.4
version: 5.21.0

14
charts/argo/argo-cd/README.md
View File

@ -466,6 +466,7 @@ NAME: my-release
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| controller.dnsConfig | object | `{}` | [DNS configuration] |
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
| controller.env | list | `[]` | Environment variables to pass to application controller |
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
@ -547,6 +548,7 @@ NAME: my-release
| repoServer.containerPorts.server | int | `8081` | Repo server container port |
| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context |
| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment |
| repoServer.dnsConfig | object | `{}` | [DNS configuration] |
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
@ -649,6 +651,7 @@ NAME: my-release
| server.containerPorts.server | int | `8080` | Server container port |
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
| server.dnsConfig | object | `{}` | [DNS configuration] |
| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods |
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
@ -794,6 +797,8 @@ server:
| dex.containerPorts.metrics | int | `5558` | Metrics container port |
| dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context |
| dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment |
| dex.dnsConfig | object | `{}` | [DNS configuration] |
| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods |
| dex.enabled | bool | `true` | Enable dex |
| dex.env | list | `[]` | Environment variables to pass to the Dex server |
| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server |
@ -869,6 +874,8 @@ server:
| redis.containerPorts.redis | int | `6379` | Redis container port |
| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |
| redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment |
| redis.dnsConfig | object | `{}` | [DNS configuration] |
| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods |
| redis.enabled | bool | `true` | Enable redis |
| redis.env | list | `[]` | Environment variables to pass to the Redis server |
| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server |
@ -979,6 +986,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
| applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment |
| applicationSet.dnsConfig | object | `{}` | [DNS configuration] |
| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods |
| applicationSet.enabled | bool | `true` | Enable ApplicationSet controller |
| applicationSet.extraArgs | list | `[]` | List of extra cli args to add |
| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod |
@ -1058,6 +1067,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules |
| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context |
| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] |
| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods |
| notifications.bots.slack.enabled | bool | `false` | Enable slack bot |
| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot |
| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot |
@ -1085,6 +1096,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
| notifications.context | object | `{}` | Define user-defined context |
| notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment |
| notifications.dnsConfig | object | `{}` | [DNS configuration] |
| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods |
| notifications.enabled | bool | `true` | Enable notifications controller |
| notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller |
| notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod |
@ -1145,6 +1158,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup

4
charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml
View File

@ -313,4 +313,8 @@ spec:
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}

5
charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
View File

@ -230,4 +230,9 @@ spec:
emptyDir: {}
- name: tmp
emptyDir: {}
{{- with .Values.applicationSet.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}
{{- end }}

5
charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
View File

@ -65,4 +65,9 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.bots.slack.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }}
{{ end }}

5
charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml
View File

@ -121,4 +121,9 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
{{- with .Values.notifications.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.dnsPolicy }}
{{- end }}

4
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -357,4 +357,8 @@ spec:
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.repoServer.hostNetwork }}
{{- with .Values.repoServer.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.repoServer.dnsPolicy }}

4
charts/argo/argo-cd/templates/argocd-server/deployment.yaml
View File

@ -422,4 +422,8 @@ spec:
priorityClassName: {{ . }}
{{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- with .Values.server.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.server.dnsPolicy }}

2
charts/argo/argo-cd/templates/argocd-server/ingress.yaml
View File

@ -29,7 +29,7 @@ spec:
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
- host: {{ $host | quote }}
http:
paths:
{{- with $extraPaths }}

5
charts/argo/argo-cd/templates/dex/deployment.yaml
View File

@ -188,4 +188,9 @@ spec:
{{- with .Values.dex.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.dex.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.dex.dnsPolicy }}
{{- end }}

5
charts/argo/argo-cd/templates/redis/deployment.yaml
View File

@ -128,4 +128,9 @@ spec:
volumes:
{{- toYaml . | nindent 8}}
{{- end }}
{{- with .Values.redis.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.redis.dnsPolicy }}
{{- end }}

31
charts/argo/argo-cd/values.yaml
View File

@ -589,6 +589,8 @@ controller:
# -- Host Network for application controller pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for application controller pods
dnsPolicy: "ClusterFirst"
@ -890,6 +892,11 @@ dex:
# -- Metrics container port
metrics: 5558
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Dex server pods
dnsPolicy: "ClusterFirst"
# -- Dex container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -1106,6 +1113,11 @@ redis:
# -- Metrics container port
metrics: 9121
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Redis server pods
dnsPolicy: "ClusterFirst"
# -- Redis container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -1463,6 +1475,8 @@ server:
# -- Host Network for Server pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Server pods
dnsPolicy: "ClusterFirst"
@ -1952,6 +1966,8 @@ repoServer:
# -- Host Network for Repo server pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Repo server pods
dnsPolicy: "ClusterFirst"
@ -2279,6 +2295,11 @@ applicationSet:
# -- Webhook container port
webhook: 7000
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for ApplicationSet controller pods
dnsPolicy: "ClusterFirst"
# -- ApplicationSet controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
@ -2549,6 +2570,11 @@ notifications:
# -- Metrics container port
metrics: 9001
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for notifications controller Pods
dnsPolicy: "ClusterFirst"
# -- Notification controller container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:
@ -2930,6 +2956,11 @@ notifications:
# -- Annotations applied to created service account
annotations: {}
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Slack bot pods
dnsPolicy: "ClusterFirst"
# -- Slack bot container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:

2
charts/bitnami/postgresql/Chart.yaml
View File

@ -32,4 +32,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
version: 12.1.15
version: 12.2.0

31
charts/bitnami/postgresql/README.md
View File

@ -7,12 +7,12 @@ PostgreSQL (Postgres) is an open source object-relational database known for rel
[Overview of PostgreSQL](http://www.postgresql.org)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/postgresql
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/postgresql
```
## Introduction
@ -34,8 +34,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/postgresql
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/postgresql
```
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@ -47,7 +47,7 @@ The command deploys PostgreSQL on the Kubernetes cluster in the default configur
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
helm delete my-release
```
The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release.
@ -55,7 +55,7 @@ The command removes all the Kubernetes components but PVC's associated with the
To delete the PVC's associated with `my-release`:
```console
$ kubectl delete pvc -l release=my-release
kubectl delete pvc -l release=my-release
```
> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it.
@ -396,6 +396,7 @@ $ kubectl delete pvc -l release=my-release
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` |
@ -465,7 +466,6 @@ $ kubectl delete pvc -l release=my-release
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install my-release \
@ -476,13 +476,12 @@ $ helm install my-release \
The above command sets the PostgreSQL `postgres` account password to `secretpassword`.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
> **Warning** Setting a password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. Refer to [issue 2061](https://github.com/bitnami/charts/issues/2061) for more details
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml my-repo/postgresql
helm install my-release -f values.yaml my-repo/postgresql
```
> **Tip**: You can use the default [values.yaml](values.yaml)
@ -583,7 +582,7 @@ The exporter allows to create custom metrics from additional SQL queries. See th
In more complex scenarios, we may have the following tree of dependencies
```
```text
+--------------+
| |
+------------+ Chart 1 +-----------+
@ -603,7 +602,7 @@ In more complex scenarios, we may have the following tree of dependencies
The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters:
```
```text
postgresql.auth.username=testuser
subchart1.postgresql.auth.username=testuser
subchart2.postgresql.auth.username=testuser
@ -617,7 +616,7 @@ subchart2.postgresql.auth.database=testdb
If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows:
```
```text
global.postgresql.auth.username=testuser
global.postgresql.auth.password=testpass
global.postgresql.auth.database=testdb
@ -641,7 +640,7 @@ To enable network policy for PostgreSQL, install [a networking plugin that imple
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
```console
$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 5432.
@ -685,10 +684,10 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.

84
charts/bitnami/postgresql/templates/secrets.yaml
View File

@ -1,3 +1,23 @@
{{- $host := include "postgresql.primary.fullname" . }}
{{- $port := include "postgresql.service.port" . }}
{{- $postgresPassword := "" }}
{{- if .Values.auth.enablePostgresUser }}
{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }}
{{- end }}
{{- $replicationPassword := "" }}
{{- if eq .Values.architecture "replication" }}
{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
{{- end }}
{{- $ldapPassword := "" }}
{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
{{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }}
{{- end }}
{{- $customUser := include "postgresql.username" . }}
{{- $password := "" }}
{{- if not (empty (include "postgresql.username" .)) }}
{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
{{- end }}
{{- $database := include "postgresql.database" . }}
{{- if (include "postgresql.createSecret" .) }}
apiVersion: v1
kind: Secret
@ -14,16 +34,70 @@ metadata:
type: Opaque
data:
{{- if .Values.auth.enablePostgresUser }}
postgres-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) }}
postgres-password: {{ $postgresPassword | b64enc | quote }}
{{- end }}
{{- if not (empty (include "postgresql.username" .)) }}
password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) }}
password: {{ $password | b64enc | quote }}
{{- end }}
{{- if eq .Values.architecture "replication" }}
replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) }}
replication-password: {{ $replicationPassword | b64enc | quote }}
{{- end }}
# We don't auto-generate LDAP password when it's not provided as we do for other passwords
{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
ldap-password: {{ coalesce .Values.ldap.bind_password .Values.ldap.bindpw | b64enc | quote }}
ldap-password: {{ $ldapPassword | b64enc | quote }}
{{- end }}
{{- end -}}
{{- end }}
{{- if .Values.serviceBindings.enabled }}
{{- if .Values.auth.enablePostgresUser }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-svcbind-postgres
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: servicebinding.io/postgresql
data:
provider: {{ print "bitnami" | b64enc | quote }}
type: {{ print "postgresql" | b64enc | quote }}
host: {{ $host | b64enc | quote }}
port: {{ $port | b64enc | quote }}
user: {{ print "postgres" | b64enc | quote }}
database: {{ print "postgres" | b64enc | quote }}
password: {{ $postgresPassword | b64enc | quote }}
uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }}
{{- end }}
{{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}-svcbind-custom-user
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: servicebinding.io/postgresql
data:
provider: {{ print "bitnami" | b64enc | quote }}
type: {{ print "postgresql" | b64enc | quote }}
host: {{ $host | b64enc | quote }}
port: {{ $port | b64enc | quote }}
user: {{ $customUser | b64enc | quote }}
password: {{ $password | b64enc | quote }}
{{- if $database }}
database: {{ $database | b64enc | quote }}
{{- end }}
uri: {{ printf "postgresql://%s:%s@%s:%s/%s" $customUser $password $host $port $database | b64enc | quote }}
{{- end }}
{{- end }}

14
charts/bitnami/postgresql/values.yaml
View File

@ -231,6 +231,7 @@ ldap:
enabled: false
## @param ldap.uri LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored.
## Ref: https://www.postgresql.org/docs/current/auth-ldap.html
##
uri: ""
## @param postgresqlDataDir PostgreSQL data dir folder
##
@ -1020,6 +1021,7 @@ readReplicas:
dataSource: {}
## @section NetworkPolicy parameters
##
## Add networkpolicies
##
@ -1070,6 +1072,7 @@ networkPolicy:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin.
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s).
@ -1095,6 +1098,7 @@ networkPolicy:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules [object] Custom network policy rule
@ -1109,9 +1113,11 @@ networkPolicy:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
@ -1158,6 +1164,13 @@ volumePermissions:
runAsUser: 0
## @section Other Parameters
##
## @param serviceBindings.enabled Create secret for service binding (Experimental)
## Ref: https://servicebinding.io/service-provider/
##
serviceBindings:
enabled: false
## Service account for PostgreSQL to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
@ -1202,6 +1215,7 @@ psp:
create: false
## @section Metrics Parameters
##
metrics:
## @param metrics.enabled Start a prometheus exporter

6
charts/bitnami/redis/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.2
digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5
generated: "2022-12-12T19:34:26.826289322Z"
version: 2.2.3
digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
generated: "2023-02-14T22:31:24.380931903Z"

2
charts/bitnami/redis/Chart.yaml
View File

@ -28,4 +28,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis
version: 17.7.3
version: 17.7.4

127
charts/bitnami/redis/README.md
View File

@ -11,8 +11,8 @@ Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are
## TL;DR
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/redis
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/redis
```
## Introduction
@ -47,8 +47,8 @@ The main features of each chart are the following:
To install the chart with the release name `my-release`:
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/redis
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/redis
```
The command deploys Redis&reg; on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@ -60,7 +60,7 @@ The command deploys Redis&reg; on the Kubernetes cluster in the default configur
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
@ -97,15 +97,15 @@ The command removes all the Kubernetes components associated with the chart and
### Redis&reg; Image parameters
| Name | Description | Value |
| ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | Redis&reg; image registry | `docker.io` |
| `image.repository` | Redis&reg; image repository | `bitnami/redis` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.0.8-debian-11-r0` |
| `image.digest` | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Redis&reg; image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Redis&reg; image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` |
| Name | Description | Value |
| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Redis&reg; image registry | `docker.io` |
| `image.repository` | Redis&reg; image repository | `bitnami/redis` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.0.8-debian-11-r11` |
| `image.digest` | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Redis&reg; image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Redis&reg; image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` |
### Redis&reg; common configuration parameters
@ -337,7 +337,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.enabled` | Use Redis&reg; Sentinel on Redis&reg; pods. | `false` |
| `sentinel.image.registry` | Redis&reg; Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis&reg; Sentinel image repository | `bitnami/redis-sentinel` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.0.7-debian-11-r10` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.0.8-debian-11-r10` |
| `sentinel.image.digest` | Redis&reg; Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sentinel.image.pullPolicy` | Redis&reg; Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis&reg; Sentinel image pull secrets | `[]` |
@ -453,7 +453,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis&reg; metrics | `false` |
| `metrics.image.registry` | Redis&reg; Exporter image registry | `docker.io` |
| `metrics.image.repository` | Redis&reg; Exporter image repository | `bitnami/redis-exporter` |
| `metrics.image.tag` | Redis&reg; Exporter image tag (immutable tags are recommended) | `1.45.0-debian-11-r26` |
| `metrics.image.tag` | Redis&reg; Exporter image tag (immutable tags are recommended) | `1.46.0-debian-11-r5` |
| `metrics.image.digest` | Redis&reg; Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Redis&reg; Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Redis&reg; Exporter image pull secrets | `[]` |
@ -519,7 +519,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r72` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@ -529,7 +529,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` |
| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r72` |
| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` |
| `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@ -549,7 +549,6 @@ The command removes all the Kubernetes components associated with the chart and
| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install my-release \
@ -564,7 +563,7 @@ The above command sets the Redis&reg; server password to `secretpassword`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml my-repo/redis
helm install my-release -f values.yaml my-repo/redis
```
> **Tip**: You can use the default [values.yaml](values.yaml)
@ -617,10 +616,10 @@ useExternalDNS:
On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-redis-node-0.a-redis.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Redis/Sentinel configuration using this new FQDN:
* `replica-announce-ip`
* `known-sentinel`
* `known-replica`
* `announce-ip`
- `replica-announce-ip`
- `known-sentinel`
- `known-replica`
- `announce-ip`
:warning: This requires a working installation of `external-dns` to be fully functional. :warning:
@ -655,7 +654,7 @@ In addition to this, only one service is exposed:
For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis&reg; Sentinel cluster and query the current master using the command below (using redis-cli or similar):
```
```console
SENTINEL get-master-addr-by-name <name of your MasterSet. e.g: mymaster>
```
@ -670,6 +669,7 @@ In case the current master crashes, the Sentinel containers will elect a new mas
When `master.count` is greater than `1`, special care must be taken to create a consistent setup.
An example of use case is the creation of a redundant set of standalone masters or master-replicas per Kubernetes node where you must ensure:
- No more than `1` master can be deployed per Kubernetes node
- Replicas and writers can only see the single master of their own Kubernetes node
@ -727,7 +727,7 @@ By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/co
3. Install the chart
```console
$ helm install my-release --set master.persistence.existingClaim=PVC_NAME my-repo/redis
helm install my-release --set master.persistence.existingClaim=PVC_NAME my-repo/redis
```
## Backup and restore
@ -763,6 +763,7 @@ This major version updates the Redis&reg; docker image version used from `6.2` t
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
Affected values:
- `master.service.port` renamed as `master.service.ports.redis`.
- `master.service.nodePort` renamed as `master.service.nodePorts.redis`.
- `replica.service.port` renamed as `replica.service.ports.redis`.
@ -786,11 +787,11 @@ The Redis&reg; sentinel exporter was removed in this version because the upstrea
### To 14.0.0
- Several parameters were renamed or disappeared in favor of new ones on this major version:
- The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`.
- Credentials parameter are reorganized under the `auth` parameter.
- `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`.
- `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`.
- `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones.
- The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`.
- Credentials parameter are reorganized under the `auth` parameter.
- `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`.
- `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`.
- `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones.
- New parameters to add custom command, environment variables, sidecars, init containers, etc. were added.
- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels).
- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm).
@ -803,10 +804,10 @@ Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new
- Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`:
```console
$ helm install redis my-repo/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC]
helm install redis my-repo/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC]
```
| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[PASSWORD]_ with the password used in your previous release.
| Note: you need to substitute the placeholder *[EXISTING_PVC]* with the name of the PVC used on your previous release, and *[PASSWORD]* with the password used in your previous release.
### To 13.0.0
@ -820,41 +821,29 @@ This version also introduces `bitnami/common`, a [library chart](https://helm.sh
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
#### Useful links
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
### To 11.0.0
When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml`
### To 9.0.0
The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis&reg; exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter).
### To 7.0.0
In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all.
This version also allows enabling Redis&reg; Sentinel containers inside of the Redis&reg; Pods (feature disabled by default). In case the master crashes, a new Redis&reg; node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster.
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
### To 11.0.0
When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version.
When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml`
### To 10.0.0
For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases:
@ -864,6 +853,10 @@ For releases with `usePassword: true`, the value `sentinel.usePassword` controls
If using a master/slave topology, or with `usePassword: false`, no action is required.
### To 9.0.0
The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis&reg; exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter).
### To 8.0.18
For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details.
@ -874,16 +867,16 @@ This version causes a change in the Redis&reg; Master StatefulSet definition, so
- Recommended: Create a clone of the Redis&reg; Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC.
```
$ helm install my-release my-repo/redis --set persistence.existingClaim=<NEW PVC>
```
```console
helm install my-release my-repo/redis --set persistence.existingClaim=<NEW PVC>
```
- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis&reg; Master StatefulSet. As a consequence, the following commands can be done to upgrade the release
```
$ helm delete --purge <RELEASE>
$ helm install <RELEASE> my-repo/redis
```
```console
helm delete --purge <RELEASE>
helm install <RELEASE> my-repo/redis
```
Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters.
@ -914,23 +907,23 @@ must be specified.
This version removes the `chart` label from the `spec.selector.matchLabels`
which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently
added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726.
added, causing any subsequent upgrade to fail. See <https://github.com/helm/charts/issues/7726>.
It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set.
It also fixes <https://github.com/helm/charts/issues/7726> where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set.
Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable.
Finally, it fixes <https://github.com/helm/charts/issues/7803> by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable.
In order to upgrade, delete the Redis&reg; StatefulSet before upgrading:
```console
$ kubectl delete statefulsets.apps --cascade=false my-release-redis-master
kubectl delete statefulsets.apps --cascade=false my-release-redis-master
```
And edit the Redis&reg; slave (and metrics if enabled) deployment:
```console
$ kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
$ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
```
## License
@ -941,7 +934,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,

5
charts/bitnami/redis/charts/common/Chart.yaml
View File

@ -1,7 +1,8 @@
annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.2.2
appVersion: 2.2.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@ -20,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.2
version: 2.2.3

4
charts/bitnami/redis/charts/common/README.md
View File

@ -11,7 +11,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
```
```bash
```console
$ helm dependency update
```
@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
charts/bitnami/redis/charts/common/templates/_images.tpl
View File

@ -1,7 +1,7 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}

10
charts/bitnami/redis/values.yaml
View File

@ -82,7 +82,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
tag: 7.0.8-debian-11-r0
tag: 7.0.8-debian-11-r11
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -985,7 +985,7 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.0.7-debian-11-r10
tag: 7.0.8-debian-11-r10
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1407,7 +1407,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/redis-exporter
tag: 1.45.0-debian-11-r26
tag: 1.46.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1658,7 +1658,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r72
tag: 11-debian-11-r85
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1706,7 +1706,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r72
tag: 11-debian-11-r85
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

6
charts/bitnami/tomcat/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.2
digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5
generated: "2023-01-06T07:02:50.406204714Z"
version: 2.2.3
digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
generated: "2023-02-14T06:31:20.528750083Z"

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -32,4 +32,4 @@ name: tomcat
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org
version: 10.5.14
version: 10.5.15

6
charts/bitnami/tomcat/README.md
View File

@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
| `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r12` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r16` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -207,7 +207,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r79` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r85` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -223,7 +223,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r45` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r48` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

5
charts/bitnami/tomcat/charts/common/Chart.yaml
View File

@ -1,7 +1,8 @@
annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.2.2
appVersion: 2.2.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@ -20,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.2
version: 2.2.3

4
charts/bitnami/tomcat/charts/common/README.md
View File

@ -11,7 +11,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
```
```bash
```console
$ helm dependency update
```
@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
charts/bitnami/tomcat/charts/common/templates/_images.tpl
View File

@ -1,7 +1,7 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}

6
charts/bitnami/tomcat/values.yaml
View File

@ -58,7 +58,7 @@ extraDeploy: []
image:
registry: docker.io
repository: bitnami/tomcat
tag: 10.1.5-debian-11-r12
tag: 10.1.5-debian-11-r16
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -576,7 +576,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r79
tag: 11-debian-11-r85
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -636,7 +636,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/jmx-exporter
tag: 0.17.2-debian-11-r45
tag: 0.17.2-debian-11-r48
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

6
charts/bitnami/wordpress/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 6.3.5
version: 6.3.6
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 11.4.6
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.3
digest: sha256:9f9822d7b2d3da42ea081de9c548a5e6a31a977ef213e3607b9cbb686ed62ff7
generated: "2023-02-07T23:22:27.684602109Z"
digest: sha256:dd9ce6aae191fa08f71779f495cb3a178d53f7ac55a82733b75e4e2a7b8f4327
generated: "2023-02-14T02:26:17.02311077Z"

2
charts/bitnami/wordpress/Chart.yaml
View File

@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
version: 15.2.40
version: 15.2.42

47
charts/bitnami/wordpress/README.md
View File

@ -7,12 +7,12 @@ WordPress is the world's most popular blogging and content management platform.
[Overview of WordPress](http://www.wordpress.org)
## TL;DR
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/wordpress
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/wordpress
```
## Introduction
@ -35,8 +35,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
```console
$ helm repo add my-repo https://charts.bitnami.com/bitnami
$ helm install my-release my-repo/wordpress
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/wordpress
```
The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@ -48,7 +48,7 @@ The command deploys WordPress on the Kubernetes cluster in the default configura
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r43` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r46` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@ -257,7 +257,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r81` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r85` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@ -291,7 +291,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.11.0-debian-11-r91` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.11.0-debian-11-r93` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
@ -383,7 +383,6 @@ The command removes all the Kubernetes components associated with the chart and
| `externalCache.port` | External cache server port | `11211` |
The above parameters map to the env variables defined in [bitnami/wordpress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress). For more information please refer to the [bitnami/wordpress](https://github.com/bitnami/containers/tree/main/bitnami/wordpress) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@ -402,7 +401,7 @@ The above command sets the WordPress administrator account username and password
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml my-repo/wordpress
helm install my-release -f values.yaml my-repo/wordpress
```
> **Tip**: You can use the default [values.yaml](values.yaml)
@ -422,9 +421,9 @@ When performing admin operations that require activating the maintenance mode (s
To avoid that, you can manually activate/deactivate the maintenance mode on every replica using the WP CLI. For instance, if you installed WP with three replicas, you can run the commands below to activate the maintenance mode in all of them (assuming that the release name is `wordpress`):
```console
$ kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[0].metadata.name}') -c wordpress -- wp maintenance-mode activate
$ kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[1].metadata.name}') -c wordpress -- wp maintenance-mode activate
$ kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[2].metadata.name}') -c wordpress -- wp maintenance-mode activate
kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[0].metadata.name}') -c wordpress -- wp maintenance-mode activate
kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[1].metadata.name}') -c wordpress -- wp maintenance-mode activate
kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[2].metadata.name}') -c wordpress -- wp maintenance-mode activate
```
### External database support
@ -572,22 +571,22 @@ Compatibility is not guaranteed due to the amount of involved changes, however n
Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release:
```console
$ export WORDPRESS_PASSWORD=$(kubectl get secret --namespace default wordpress -o jsonpath="{.data.wordpress-password}" | base64 -d)
$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d)
$ export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}")
export WORDPRESS_PASSWORD=$(kubectl get secret --namespace default wordpress -o jsonpath="{.data.wordpress-password}" | base64 -d)
export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 -d)
export MARIADB_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-password}" | base64 -d)
export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}")
```
Upgrade your release (maintaining the version) disabling MariaDB and scaling WordPress replicas to 0:
```console
$ helm upgrade wordpress my-repo/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4
helm upgrade wordpress my-repo/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4
```
Finally, upgrade you release to `10.0.0` reusing the existing PVC, and enabling back MariaDB:
```console
$ helm upgrade wordpress my-repo/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD
helm upgrade wordpress my-repo/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD
```
You should see the lines below in MariaDB container logs:
@ -617,7 +616,7 @@ To upgrade to `9.0.0`, it's recommended to install a new WordPress chart, and mi
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
In https://github.com/helm/charts/pulls/12642 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the API's deprecated, resulting in compatibility breakage.
In <https://github.com/helm/charts/pulls/12642> the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the API's deprecated, resulting in compatibility breakage.
This major version signifies this change.
@ -627,8 +626,8 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t
Use the workaround below to upgrade from versions previous to `3.0.0`. The following example assumes that the release name is `wordpress`:
```console
$ kubectl patch deployment wordpress-wordpress --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
$ kubectl delete statefulset wordpress-mariadb --cascade=false
kubectl patch deployment wordpress-wordpress --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
kubectl delete statefulset wordpress-mariadb --cascade=false
```
## License
@ -639,7 +638,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,

6
charts/bitnami/wordpress/charts/memcached/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.2
digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5
generated: "2023-01-09T00:44:00.187048639Z"
version: 2.2.3
digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
generated: "2023-02-09T00:19:37.296847316Z"

3
charts/bitnami/wordpress/charts/memcached/Chart.yaml
View File

@ -1,5 +1,6 @@
annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 1.6.18
dependencies:
@ -23,4 +24,4 @@ name: memcached
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/memcached
- http://memcached.org/
version: 6.3.5
version: 6.3.6

44
charts/bitnami/wordpress/charts/memcached/README.md
View File

@ -78,25 +78,25 @@ The command removes all the Kubernetes components associated with the chart and
### Memcached parameters
| Name | Description | Value |
| ----------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Memcached image registry | `docker.io` |
| `image.repository` | Memcached image repository | `bitnami/memcached` |
| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.18-debian-11-r0` |
| `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
| `architecture` | Memcached architecture. Allowed values: standalone or high-availability | `standalone` |
| `auth.enabled` | Enable Memcached authentication | `false` |
| `auth.username` | Memcached admin user | `""` |
| `auth.password` | Memcached admin password | `""` |
| `auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `extraEnvVars` | Array with extra environment variables to add to Memcached nodes | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Memcached nodes | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Memcached nodes | `""` |
| Name | Description | Value |
| ----------------------------- | --------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | Memcached image registry | `docker.io` |
| `image.repository` | Memcached image repository | `bitnami/memcached` |
| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.18-debian-11-r11` |
| `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
| `architecture` | Memcached architecture. Allowed values: standalone or high-availability | `standalone` |
| `auth.enabled` | Enable Memcached authentication | `false` |
| `auth.username` | Memcached admin user | `""` |
| `auth.password` | Memcached admin password | `""` |
| `auth.existingPasswordSecret` | Existing secret with Memcached credentials (must contain a value for `memcached-password` key) | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `extraEnvVars` | Array with extra environment variables to add to Memcached nodes | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Memcached nodes | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Memcached nodes | `""` |
### Deployment/Statefulset parameters
@ -213,7 +213,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r70` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r81` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -223,7 +223,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Memcached exporter image registry | `docker.io` |
| `metrics.image.repository` | Memcached exporter image repository | `bitnami/memcached-exporter` |
| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.10.0-debian-11-r72` |
| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.10.0-debian-11-r83` |
| `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -376,7 +376,7 @@ $ kubectl patch deployment memcached --type=json -p='[{"op": "remove", "path": "
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

5
charts/bitnami/wordpress/charts/memcached/charts/common/Chart.yaml
View File

@ -1,7 +1,8 @@
annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.2.2
appVersion: 2.2.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@ -20,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.2
version: 2.2.3

4
charts/bitnami/wordpress/charts/memcached/charts/common/README.md
View File

@ -11,7 +11,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
```
```bash
```console
$ helm dependency update
```
@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
## License
Copyright &copy; 2022 Bitnami
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

2
charts/bitnami/wordpress/charts/memcached/charts/common/templates/_images.tpl
View File

@ -1,7 +1,7 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}

6
charts/bitnami/wordpress/charts/memcached/values.yaml
View File

@ -70,7 +70,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/memcached
tag: 1.6.18-debian-11-r0
tag: 1.6.18-debian-11-r11
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -509,7 +509,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r70
tag: 11-debian-11-r81
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -554,7 +554,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/memcached-exporter
tag: 0.10.0-debian-11-r72
tag: 0.10.0-debian-11-r83
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

6
charts/bitnami/wordpress/values.yaml
View File

@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.1.1-debian-11-r43
tag: 6.1.1-debian-11-r46
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -759,7 +759,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r81
tag: 11-debian-11-r85
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -853,7 +853,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.11.0-debian-11-r91
tag: 0.11.0-debian-11-r93
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

4
charts/cockroach-labs/cockroachdb/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.8-0'
catalog.cattle.io/release-name: cockroachdb
apiVersion: v1
appVersion: 22.2.3
appVersion: 22.2.4
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
home: https://www.cockroachlabs.com
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
@ -14,4 +14,4 @@ maintainers:
name: cockroachdb
sources:
- https://github.com/cockroachdb/cockroach
version: 10.0.3
version: 10.0.4

12
charts/cockroach-labs/cockroachdb/README.md
View File

@ -229,10 +229,10 @@ kubectl get pods \
```
```
my-release-cockroachdb-0 cockroachdb/cockroach:v22.2.3
my-release-cockroachdb-1 cockroachdb/cockroach:v22.2.3
my-release-cockroachdb-2 cockroachdb/cockroach:v22.2.3
my-release-cockroachdb-3 cockroachdb/cockroach:v22.2.3
my-release-cockroachdb-0 cockroachdb/cockroach:v22.2.4
my-release-cockroachdb-1 cockroachdb/cockroach:v22.2.4
my-release-cockroachdb-2 cockroachdb/cockroach:v22.2.4
my-release-cockroachdb-3 cockroachdb/cockroach:v22.2.4
```
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
@ -287,7 +287,7 @@ Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will
For more information about upgrading a cluster to the latest major release of CockroachDB, see [Upgrade to CockroachDB v21.1](https://www.cockroachlabs.com/docs/stable/upgrade-cockroach-version.html).
Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v22.2.3 release notes](https://www.cockroachlabs.com/docs/releases/v22.2.3.html#backward-incompatible-changes).
Note that there are some backward-incompatible changes to SQL features between versions 20.2 and 21.1. For details, see the [CockroachDB v22.2.4 release notes](https://www.cockroachlabs.com/docs/releases/v22.2.4.html#backward-incompatible-changes).
## Configuration
@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
| `conf.store.size` | CockroachDB storage size | `""` |
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
| `image.repository` | Container image name | `cockroachdb/cockroach` |
| `image.tag` | Container image tag | `v22.2.3` |
| `image.tag` | Container image tag | `v22.2.4` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
| `statefulset.replicas` | StatefulSet replicas number | `3` |

6
charts/cockroach-labs/cockroachdb/templates/serviceaccount-certRotateSelfSigner.yaml
View File

@ -13,4 +13,10 @@ metadata:
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.tls.certs.selfSigner.svcAccountAnnotations }}
annotations:
{{- with .Values.tls.certs.selfSigner.svcAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

3
charts/cockroach-labs/cockroachdb/templates/serviceaccount-certSelfSigner.yaml
View File

@ -11,6 +11,9 @@ metadata:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
{{- with .Values.tls.certs.selfSigner.svcAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
helm.sh/chart: {{ template "cockroachdb.chart" . }}
app.kubernetes.io/name: {{ template "cockroachdb.name" . }}

6
charts/cockroach-labs/cockroachdb/templates/serviceaccount.yaml
View File

@ -12,4 +12,10 @@ metadata:
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.tls.serviceAccount.annotations }}
annotations:
{{- with .Values.tls.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

2
charts/cockroach-labs/cockroachdb/values.yaml
View File

@ -1,7 +1,7 @@
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
image:
repository: cockroachdb/cockroach
tag: v22.2.3
tag: v22.2.4
pullPolicy: IfNotPresent
credentials: {}
# registry: docker.io

4
charts/codefresh/cf-runtime/Chart.yaml
View File

@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: cf-runtime
apiVersion: v2
appVersion: 1.9.6
appVersion: 1.9.7
description: A Helm chart for Codefresh Runner
icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
name: cf-runtime
type: application
version: 1.9.6
version: 1.9.7

2
charts/codefresh/cf-runtime/values.yaml
View File

@ -24,7 +24,7 @@ dockerRegistry: "quay.io" # Registry prefix for the runtime images (default quay
newRelicLicense: "" # NEWRELIC_LICENSE_KEY (for app-proxy and runner deployments)
runner: # Runner Deployment
image: "codefresh/venona:1.9.6"
image: "codefresh/venona:1.9.7"
env: {}
## e.g:
# env:

4
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Datadog changelog
## 3.10.7
* Default `Agent` and `Cluster-Agent` image tags to `7.42.1`.
## 3.10.6
* Includes the imagePullPolicy key for the seccomp-setup container template

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.10.6
version: 3.10.7

8
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.10.6](https://img.shields.io/badge/Version-3.10.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.10.7](https://img.shields.io/badge/Version-3.10.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -443,7 +443,7 @@ helm install <RELEASE_NAME> \
| agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
| agents.image.tag | string | `"7.42.0"` | Define the Agent version to use |
| agents.image.tag | string | `"7.42.1"` | Define the Agent version to use |
| agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
| agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@ -501,7 +501,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
| clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
| clusterAgent.image.tag | string | `"7.42.0"` | Cluster Agent image tag to use |
| clusterAgent.image.tag | string | `"7.42.1"` | Cluster Agent image tag to use |
| clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
| clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@ -547,7 +547,7 @@ helm install <RELEASE_NAME> \
| clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
| clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
| clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
| clusterChecksRunner.image.tag | string | `"7.42.0"` | Define the Agent version to use |
| clusterChecksRunner.image.tag | string | `"7.42.1"` | Define the Agent version to use |
| clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
| clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
| clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |

6
charts/datadog/datadog/values.yaml
View File

@ -794,7 +794,7 @@ clusterAgent:
name: cluster-agent
# clusterAgent.image.tag -- Cluster Agent image tag to use
tag: 7.42.0
tag: 7.42.1
# clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified
digest: ""
@ -1116,7 +1116,7 @@ agents:
name: agent
# agents.image.tag -- Define the Agent version to use
tag: 7.42.0
tag: 7.42.1
# agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
digest: ""
@ -1557,7 +1557,7 @@ clusterChecksRunner:
name: agent
# clusterChecksRunner.image.tag -- Define the Agent version to use
tag: 7.42.0
tag: 7.42.1
# clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
digest: ""

8
charts/f5/nginx-ingress/Chart.yaml
View File

@ -5,10 +5,10 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.21.0-0'
catalog.cattle.io/release-name: nginx-ingress
apiVersion: v2
appVersion: 3.0.1
appVersion: 3.0.2
description: NGINX Ingress Controller
home: https://github.com/nginxinc/kubernetes-ingress
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.0.1/deployments/helm-chart/chart-icon.png
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.0.2/deployments/helm-chart/chart-icon.png
keywords:
- ingress
- nginx
@ -18,6 +18,6 @@ maintainers:
name: nginxinc
name: nginx-ingress
sources:
- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.1/deployments/helm-chart
- https://github.com/nginxinc/kubernetes-ingress/tree/v3.0.2/deployments/helm-chart
type: application
version: 0.16.1
version: 0.16.2

6
charts/f5/nginx-ingress/README.md
View File

@ -23,7 +23,7 @@ This step is required if you're installing the chart using its sources. Addition
1. Clone the Ingress Controller repo:
```console
$ git clone https://github.com/nginxinc/kubernetes-ingress --branch v3.0.1
$ git clone https://github.com/nginxinc/kubernetes-ingress --branch v3.0.2
```
**Note**: If you want to use the experimental repository (`edge`), remove the `--branch` flag and value.
@ -159,7 +159,7 @@ Parameter | Description | Default
`controller.logLevel` | The log level of the Ingress Controller. | 1
`controller.image.digest ` | The image digest of the Ingress Controller. | None
`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress
`controller.image.tag` | The tag of the Ingress Controller image. | 3.0.1
`controller.image.tag` | The tag of the Ingress Controller image. | 3.0.2
`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent
`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {}
`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | ""
@ -255,7 +255,7 @@ Parameter | Description | Default
`controller.autoscaling.maxReplicas` | Maximum number of replicas for the HPA. | 3
`controller.autoscaling.targetCPUUtilizationPercentage` | The target CPU utilization percentage. | 50
`controller.autoscaling.targetMemoryUtilizationPercentage` | The target memory utilization percentage. | 50
`controller.strategy` | Specifies the strategy used to replace old Pods by new ones. [docs](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | {}
`controller.strategy` | Specifies the strategy used to replace old Pods with new ones. Docs for [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) and [Daemonset update strategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) | {}
`controller.disableIPV6` | Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. | false
`rbac.create` | Configures RBAC. | true
`prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false

2
charts/f5/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: dosprotectedresources.appprotectdos.f5.com
spec:

2
charts/f5/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: dnsendpoints.externaldns.nginx.org
spec:

2
charts/f5/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: globalconfigurations.k8s.nginx.org
spec:

2
charts/f5/nginx-ingress/crds/k8s.nginx.org_policies.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: policies.k8s.nginx.org
spec:

2
charts/f5/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: transportservers.k8s.nginx.org
spec:

2
charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: virtualserverroutes.k8s.nginx.org
spec:

2
charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: virtualservers.k8s.nginx.org
spec:

2
charts/f5/nginx-ingress/values-icp.yaml
View File

@ -3,7 +3,7 @@ controller:
nginxplus: true
image:
repository: mycluster.icp:8500/kube-system/nginx-plus-ingress
tag: "3.0.1"
tag: "3.0.2"
nodeSelector:
beta.kubernetes.io/arch: "amd64"
proxy: true

2
charts/f5/nginx-ingress/values-plus.yaml
View File

@ -2,4 +2,4 @@ controller:
nginxplus: true
image:
repository: nginx-plus-ingress
tag: "3.0.1"
tag: "3.0.2"

73
charts/f5/nginx-ingress/values.schema.json
View File

@ -45,7 +45,7 @@
"type": "object",
"default": {},
"title": "The annotations Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"nginxplus": {
"type": "boolean",
@ -184,7 +184,7 @@
"type": "string",
"allOf": [
{
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/dnsPolicy"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/dnsPolicy"
},
{
"enum": [
@ -225,7 +225,7 @@
"title": "The customPorts to expose on the NGINX Ingress Controller pod",
"items": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort"
},
"examples": [
[
@ -281,7 +281,7 @@
"title": "The pullPolicy for the Ingress Controller image",
"allOf": [
{
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/imagePullPolicy"
},
{
"enum": [
@ -310,7 +310,7 @@
"type": "object",
"default": {},
"title": "The lifecycle Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Lifecycle"
},
"customConfigMap": {
"type": "string",
@ -338,7 +338,7 @@
"type": "object",
"default": {},
"title": "The annotations Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"entries": {
"type": "object",
@ -425,19 +425,19 @@
"type": "object",
"default": {},
"title": "The nodeSelector Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/nodeSelector"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/nodeSelector"
},
"terminationGracePeriodSeconds": {
"type": "integer",
"default": 30,
"title": "The terminationGracePeriodSeconds Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/terminationGracePeriodSeconds"
},
"resources": {
"type": "object",
"default": {},
"title": "The resources Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
},
"tolerations": {
"type": "array",
@ -445,20 +445,20 @@
"title": "The tolerations Schema",
"items": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration"
}
},
"affinity": {
"type": "object",
"default": {},
"title": "The affinity Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Affinity"
},
"topologySpreadConstraints": {
"type": "object",
"default": {},
"title": "The topologySpreadConstraints Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/topologySpreadConstraints"
},
"volumes": {
"type": "array",
@ -466,7 +466,7 @@
"title": "The volumes Schema",
"items": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Volume"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Volume"
}
},
"volumeMounts": {
@ -475,7 +475,7 @@
"title": "The volumeMounts Schema",
"items": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount"
}
},
"initContainers": {
@ -484,14 +484,14 @@
"title": "The initContainers Schema",
"items": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
}
},
"minReadySeconds": {
"type": "integer",
"default": 0,
"title": "The minReadySeconds Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentSpec/properties/minReadySeconds"
},
"strategy": {
"type": "object",
@ -499,7 +499,7 @@
"title": "The strategy Schema",
"allOf": [
{
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.apps.v1.DeploymentStrategy"
},
{
"properties": {
@ -507,7 +507,8 @@
"type": "string",
"enum": [
"Recreate",
"RollingUpdate"
"RollingUpdate",
"OnDelete"
]
}
}
@ -520,7 +521,7 @@
"title": "The extraContainers Schema",
"items": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
}
},
"replicaCount": {
@ -772,19 +773,19 @@
"type": "string",
"default": "",
"title": "The type",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/type"
},
"externalTrafficPolicy": {
"type": "string",
"default": "",
"title": "The externalTrafficPolicy",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy"
},
"annotations": {
"type": "object",
"default": {},
"title": "The annotations",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"extraLabels": {
"type": "object",
@ -800,13 +801,13 @@
"type": "string",
"default": "",
"title": "The loadBalancerIP",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/loadBalancerIP"
},
"externalIPs": {
"type": "array",
"default": [],
"title": "The externalIPs",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalIPs"
},
"loadBalancerSourceRanges": {
"type": "array",
@ -829,13 +830,13 @@
"type": "boolean",
"default": false,
"title": "The allocateLoadBalancerNodePorts Schema",
"ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts"
"ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/allocateLoadBalancerNodePorts"
},
"ipFamilyPolicy": {
"type": "string",
"default": "",
"title": "The ipFamilyPolicy Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy",
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilyPolicy",
"examples": [
""
]
@ -844,7 +845,7 @@
"type": "array",
"default": [],
"title": "The ipFamilies Schema",
"ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies"
"ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServiceSpec/properties/ipFamilies"
},
"httpPort": {
"type": "object",
@ -948,7 +949,7 @@
"title": "The customPorts",
"items": {
"type": "object",
"ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort"
"ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.ServicePort"
}
}
},
@ -990,7 +991,7 @@
"type": "object",
"default": {},
"title": "The annotations Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"name": {
"type": "string",
@ -1042,13 +1043,13 @@
"type": "object",
"default": {},
"title": "The labels Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels"
},
"selectorMatchLabels": {
"type": "object",
"default": {},
"title": "The selectorMatchLabels Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector/properties/matchLabels"
},
"endpoints": {
"type": "array",
@ -1120,7 +1121,7 @@
"type": "object",
"default": {},
"title": "The annotations Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
}
},
"examples": [
@ -1144,13 +1145,13 @@
"type": "object",
"default": {},
"title": "The annotations Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"extraLabels": {
"type": "object",
"default": {},
"title": "The extraLabels Schema",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/labels"
}
},
"examples": [
@ -1164,7 +1165,7 @@
"type": "string",
"default": "",
"title": "The priorityClassName",
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/priorityClassName"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.PodSpec/properties/priorityClassName"
},
"readyStatus": {
"type": "object",
@ -1191,7 +1192,7 @@
"initialDelaySeconds": {
"type": "integer",
"default": 0,
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.25.4/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds"
"$ref": "https://raw.githubusercontent.com/nginxinc/kubernetes-json-schema/master/v1.26.1/_definitions.json#/definitions/io.k8s.api.core.v1.Probe/properties/initialDelaySeconds"
}
},
"examples": [

4
charts/f5/nginx-ingress/values.yaml
View File

@ -55,7 +55,7 @@ controller:
repository: nginx/nginx-ingress
## The tag of the Ingress Controller image.
tag: "3.0.1"
tag: "3.0.2"
## The digest of the Ingress Controller image.
## If digest is specified it has precedence over tag and will be used instead
@ -174,7 +174,7 @@ controller:
## The minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available.
minReadySeconds: 0
## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
## Strategy used to replace old Pods by new ones. .spec.strategy.type can be "Recreate" or "RollingUpdate" for Deployments, and "OnDelete" or "RollingUpdate" for Daemonsets. "RollingUpdate" is the default value.
strategy: {}
## Extra containers for the Ingress Controller pods.

10
charts/f5/nginx-service-mesh/Chart.yaml
View File

@ -1,12 +1,12 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Service Mesh
catalog.cattle.io/kube-version: '>= 1.18-0'
catalog.cattle.io/kube-version: '>= 1.22-0'
catalog.cattle.io/release-name: nginx-service-mesh
apiVersion: v2
appVersion: 1.6.0
appVersion: 1.7.0
description: NGINX Service Mesh
icon: https://raw.githubusercontent.com/nginxinc/nginx-service-mesh/master/helm-chart/chart-icon.png
kubeVersion: '>= 1.18-0'
icon: https://raw.githubusercontent.com/nginxinc/nginx-service-mesh/main/helm-chart/chart-icon.png
kubeVersion: '>= 1.22-0'
name: nginx-service-mesh
version: 0.6.0
version: 0.7.0

72
charts/f5/nginx-service-mesh/configs/prometheus-config.yaml
View File

@ -1,72 +0,0 @@
global:
scrape_interval: 10s
scrape_configs:
- job_name: 'nginx-mesh-sidecars'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_container_name]
action: keep
regex: nginx-mesh-sidecar
- action: labelmap
regex: __meta_kubernetes_pod_label_nsm_nginx_com_(.+)
- action: labeldrop
regex: __meta_kubernetes_pod_label_nsm_nginx_com_(.+)
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod
- job_name: 'nginx-plus-ingress'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_container_name]
action: keep
regex: nginx-plus-ingress
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: (.+)(?::\d+);(\d+)
replacement: $1:$2
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod
- action: labelmap
regex: __meta_kubernetes_pod_label_nsm_nginx_com_(.+)
- action: labeldrop
regex: __meta_kubernetes_pod_label_nsm_nginx_com_(.+)
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: labelmap
regex: __meta_kubernetes_pod_annotation_nsm_nginx_com_enable_(.+)
metric_relabel_configs:
- source_labels: [__name__]
regex: 'nginx_ingress_controller_upstream_server_response_latency_ms(.+)'
target_label: __name__
replacement: 'nginxplus_upstream_server_response_latency_ms$1'
- source_labels: [__name__]
regex: 'nginx_ingress_nginxplus(.+)'
target_label: __name__
replacement: 'nginxplus$1'
- source_labels: [service]
target_label: dst_service
- source_labels: [resource_namespace]
target_label: dst_namespace
- source_labels: [pod_owner]
regex: '(.+)\/(.+)'
target_label: dst_$1
replacement: $2
- action: labeldrop
regex: pod_owner
- source_labels: [pod_name]
target_label: dst_pod

8
charts/f5/nginx-service-mesh/configs/spire-agent.conf
View File

@ -31,3 +31,11 @@ plugins {
}
}
}
health_checks {
listener_enabled = true
bind_address = "0.0.0.0"
bind_port = "8080"
live_path = "/live"
ready_path = "/ready"
}

2
charts/f5/nginx-service-mesh/configs/spire-server.conf
View File

@ -6,7 +6,7 @@ server {
data_dir = "/run/spire/data"
log_level = "DEBUG"
socket_path = "/run/spire/sockets/spire-registration.sock"
default_svid_ttl = {{ quote .Values.mtls.svidTTL }}
default_x509_svid_ttl = {{ quote .Values.mtls.svidTTL }}
trust_domain = {{ quote .Values.mtls.trustDomain }}
ca_subject = {
country = ["US"],

13
charts/f5/nginx-service-mesh/embed.go Normal file
View File

@ -0,0 +1,13 @@
// Package chart contains the helm charts embedded into a Go filesystem struct.
package chart
import "embed"
//go:embed *
//go:embed templates/_helpers.tpl
var helmFiles embed.FS
// HelmFiles returns the embedded helm files.
func HelmFiles() embed.FS {
return helmFiles
}

26
charts/f5/nginx-service-mesh/questions.yaml
View File

@ -8,7 +8,6 @@ questions:
group: "Image Registry"
subquestions:
- variable: registry.server
default: "docker-registry.nginx.com/nsm"
description: "Hostname:port (if needed) for registry and path to images."
label: Image registry server
type: string
@ -17,27 +16,22 @@ questions:
label: Image tag
type: string
- variable: registry.key
default: ""
description: "Contents of your Google Cloud JSON key file. Cannot be used with username or password."
label: Image registry key
type: string
- variable: registry.username
default: ""
description: "Username for accessing private registry."
label: Image registry username
type: string
- variable: registry.password
default: ""
description: "Password for accessing private registry."
label: Image registry password
type: string
- variable: registry.disablePublicImages
default: false
description: "Do not pull third party images from public repositories. If true, registry.server is used for all images."
label: Disable public images
type: boolean
- variable: registry.imagePullPolicy
default: "IfNotPresent"
description: "Image pull policy."
label: Image pull policy
type: string
@ -50,7 +44,6 @@ questions:
group: "Mutual TLS"
subquestions:
- variable: mtls.mode
default: "permissive"
description: "mTLS mode for pod-to-pod communication."
label: mTLS mode
type: enum
@ -59,22 +52,18 @@ questions:
- "permissive"
- "strict"
- variable: mtls.caTTL
default: "720h"
description: "The CA/signing key TTL in hours(h) or minutes(m)."
label: mTLS caTTL
type: string
- variable: mtls.svidTTL
default: "1h"
description: "The TTL of certificates issued to workloads in hours(h) or minutes(m)."
label: mTLS svidTTL
type: string
- variable: mtls.trustDomain
default: "example.org"
description: "The trust domain of the NGINX Service Mesh."
label: mTLS trust domain
type: string
- variable: mtls.persistentStorage
default: "on"
description: "Use persistent storage; 'on' assumes that a StorageClass exists."
label: mTLS persistent storage
type: enum
@ -82,7 +71,6 @@ questions:
- "on"
- "off"
- variable: mtls.spireServerKeyManager
default: "disk"
description: "Storage logic for SPIRE Server's private keys."
label: mTLS spire server key manager
type: enum
@ -90,7 +78,6 @@ questions:
- "disk"
- "memory"
- variable: mtls.caKeyType
default: "ec-p256"
description: "The key type used for the SPIRE Server CA."
label: mTLS ca key type
type: enum
@ -100,13 +87,11 @@ questions:
- "rsa-2048"
- "rsa-4096"
- variable: disableAutoInjection
default: false
description: "Disable automatic sidecar injection upon resource creation."
label: Disable auto injection
type: boolean
group: "General Settings"
- variable: accessControlMode
default: "allow"
description: "Default access control mode for service-to-service communication."
label: Access control mode
type: enum
@ -115,7 +100,6 @@ questions:
- "deny"
group: "General Settings"
- variable: nginxErrorLogLevel
default: "warn"
description: "NGINX error log level."
label: NGINX error log level.
type: enum
@ -130,7 +114,6 @@ questions:
- "emerg"
group: "General Settings"
- variable: nginxLogFormat
default: "default"
description: "NGINX log format."
label: NGINX log format.
type: enum
@ -139,7 +122,6 @@ questions:
- "json"
group: "General Settings"
- variable: nginxLBMethod
default: "least_time"
description: "NGINX load balancing method."
label: NGINX load balancing method.
type: enum
@ -156,7 +138,6 @@ questions:
- "round_robin"
group: "General Settings"
- variable: clientMaxBodySize
default: "1m"
description: "NGINX client max body size."
label: NGINX client max body size.
type: string
@ -171,11 +152,4 @@ questions:
description: "Enable UDP traffic proxying (beta). Linux kernel 4.18 or greater is required."
label: Enable UDP
type: boolean
default: false
group: "General Settings"
- variable: rancher
default: true
description: "Enables Rancher for NGINX Service Mesh (do not disable)."
label: Rancher
type: boolean
group: "General Settings"

51
charts/f5/nginx-service-mesh/rancher-files/app-readme.md Normal file
View File

@ -0,0 +1,51 @@
# NGINX Service Mesh
[NGINX Service Mesh](https://docs.nginx.com/nginx-service-mesh/) is a fully integrated lightweight service mesh that leverages a data plane powered by NGINX Plus to manage container traffic in Kubernetes environments.
NGINX Service Mesh is supported in Rancher 2.5+ when deploying from the Apps and Marketplace. NGINX Service Mesh is not currently supported on k3s.
## Observability
NGINX Service Mesh can integrate with a number of tracing services using OpenTelemetry or OpenTracing.
### Using OpenTelemetry
Telemetry can only be enabled by editing the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option. To enable telemetry, set the `tracing` object to `{}` and fill out the `telemetry` object.
The telemetry object expects a `samplerRatio`, and the `host` and `port` of your OTLP gRPC collector.
For example:
```yaml
tracing: {}
telemetry:
samplerRatio: 0.01
exporters:
otlp:
host: "my-otlp-collector-host"
port: 4317
```
### Using OpenTracing
Note: OpenTracing is deprecated in favor of OpenTelemetry.
Tracing can only be enabled if telemetry is not enabled. In order to enable tracing, edit the configuration YAML directly in the Rancher UI. When installing NGINX Service Mesh, select the `Edit YAML` option, set the `telemetry` object to `{}`, and fill out the `tracing` object.
The tracing object expects a `sampleRate`, an `address` and a `backend`. The three options for backend are "jaeger", "zipkin", and "datadog".
For example:
```yaml
telemetry: {}
tracing:
sampleRate: 1
backend: "jaeger"
address: "jaeger.my-namespace:6831"
```
### Automatic Sidecar Injection
We recommend deploying the mesh with auto-injection disabled globally. You can then opt-in the namespaces where you would like auto-injection enabled. This ensures that Pods are not automatically injected without your consent, especially in system namespaces.
To opt-in a namespace you can label it with `injector.nsm.nginx.com/auto-inject=enabled` or provide a list of `enabledNamespaces` in YAML. For example:
```yaml
enabledNamespaces:
- namespace1
- namespace2
```

155
charts/f5/nginx-service-mesh/rancher-files/questions.yaml Normal file
View File

@ -0,0 +1,155 @@
questions:
- variable: useDefaultImages
default: true
description: "Use default image settings."
label: Use default images
type: boolean
show_subquestion_if: false
group: "Image Registry"
subquestions:
- variable: registry.server
description: "Hostname:port (if needed) for registry and path to images."
label: Image registry server
type: string
- variable: registry.imageTag
description: "Tag used for pulling images from registry."
label: Image tag
type: string
- variable: registry.key
description: "Contents of your Google Cloud JSON key file. Cannot be used with username or password."
label: Image registry key
type: string
- variable: registry.username
description: "Username for accessing private registry."
label: Image registry username
type: string
- variable: registry.password
description: "Password for accessing private registry."
label: Image registry password
type: string
- variable: registry.disablePublicImages
description: "Do not pull third party images from public repositories. If true, registry.server is used for all images."
label: Disable public images
type: boolean
- variable: registry.imagePullPolicy
description: "Image pull policy."
label: Image pull policy
type: string
- variable: useMtlsDefaults
default: true
description: "Use default mTLS settings."
label: Use default mTLS settings
type: boolean
show_subquestion_if: false
group: "Mutual TLS"
subquestions:
- variable: mtls.mode
description: "mTLS mode for pod-to-pod communication."
label: mTLS mode
type: enum
options:
- "off"
- "permissive"
- "strict"
- variable: mtls.caTTL
description: "The CA/signing key TTL in hours(h) or minutes(m)."
label: mTLS caTTL
type: string
- variable: mtls.svidTTL
description: "The TTL of certificates issued to workloads in hours(h) or minutes(m)."
label: mTLS svidTTL
type: string
- variable: mtls.trustDomain
description: "The trust domain of the NGINX Service Mesh."
label: mTLS trust domain
type: string
- variable: mtls.persistentStorage
description: "Use persistent storage; 'on' assumes that a StorageClass exists."
label: mTLS persistent storage
type: enum
options:
- "on"
- "off"
- variable: mtls.spireServerKeyManager
description: "Storage logic for SPIRE Server's private keys."
label: mTLS spire server key manager
type: enum
options:
- "disk"
- "memory"
- variable: mtls.caKeyType
description: "The key type used for the SPIRE Server CA."
label: mTLS ca key type
type: enum
options:
- "ec-p256"
- "ec-p384"
- "rsa-2048"
- "rsa-4096"
- variable: disableAutoInjection
description: "Disable automatic sidecar injection upon resource creation."
label: Disable auto injection
type: boolean
group: "General Settings"
- variable: accessControlMode
description: "Default access control mode for service-to-service communication."
label: Access control mode
type: enum
options:
- "allow"
- "deny"
group: "General Settings"
- variable: nginxErrorLogLevel
description: "NGINX error log level."
label: NGINX error log level.
type: enum
options:
- "debug"
- "info"
- "notice"
- "warn"
- "error"
- "crit"
- "alert"
- "emerg"
group: "General Settings"
- variable: nginxLogFormat
description: "NGINX log format."
label: NGINX log format.
type: enum
options:
- "default"
- "json"
group: "General Settings"
- variable: nginxLBMethod
description: "NGINX load balancing method."
label: NGINX load balancing method.
type: enum
options:
- "least_conn"
- "least_time"
- "least_time last_byte"
- "least_time last_byte inflight"
- "random"
- "random two"
- "random two least_conn"
- "random two least_time"
- "random two least_time=last_byte"
- "round_robin"
group: "General Settings"
- variable: clientMaxBodySize
description: "NGINX client max body size."
label: NGINX client max body size.
type: string
valid_chars: "^\\d+[kKmMgG]?$"
group: "General Settings"
- variable: prometheusAddress
description: "The address of a Prometheus server deployed in your Kubernetes cluster."
label: Prometheus address.
type: string
group: "General Settings"
- variable: enableUDP
description: "Enable UDP traffic proxying (beta). Linux kernel 4.18 or greater is required."
label: Enable UDP
type: boolean
group: "General Settings"

Some files were not shown because too many files have changed in this diff Show More