diff --git a/assets/bitnami/cassandra-10.6.5.tgz b/assets/bitnami/cassandra-10.6.5.tgz new file mode 100644 index 000000000..4066a75f6 Binary files /dev/null and b/assets/bitnami/cassandra-10.6.5.tgz differ diff --git a/assets/bitnami/redis-18.4.0.tgz b/assets/bitnami/redis-18.4.0.tgz new file mode 100644 index 000000000..885f0fcf9 Binary files /dev/null and b/assets/bitnami/redis-18.4.0.tgz differ diff --git a/assets/bitnami/spark-8.1.5.tgz b/assets/bitnami/spark-8.1.5.tgz new file mode 100644 index 000000000..e80fe20a0 Binary files /dev/null and b/assets/bitnami/spark-8.1.5.tgz differ diff --git a/assets/datadog/datadog-3.49.0.tgz b/assets/datadog/datadog-3.49.0.tgz new file mode 100644 index 000000000..563037714 Binary files /dev/null and b/assets/datadog/datadog-3.49.0.tgz differ diff --git a/assets/haproxy/haproxy-1.35.0.tgz b/assets/haproxy/haproxy-1.35.0.tgz new file mode 100644 index 000000000..1cae45445 Binary files /dev/null and b/assets/haproxy/haproxy-1.35.0.tgz differ diff --git a/assets/hashicorp/vault-0.26.1.tgz b/assets/hashicorp/vault-0.26.1.tgz index f0e580147..6d0e3da15 100644 Binary files a/assets/hashicorp/vault-0.26.1.tgz and b/assets/hashicorp/vault-0.26.1.tgz differ diff --git a/assets/hashicorp/vault-0.27.0.tgz b/assets/hashicorp/vault-0.27.0.tgz new file mode 100644 index 000000000..ebd9531ea Binary files /dev/null and b/assets/hashicorp/vault-0.27.0.tgz differ diff --git a/assets/jenkins/jenkins-4.8.3.tgz b/assets/jenkins/jenkins-4.8.3.tgz new file mode 100644 index 000000000..1d878244e Binary files /dev/null and b/assets/jenkins/jenkins-4.8.3.tgz differ diff --git a/assets/kong/kong-2.32.0.tgz b/assets/kong/kong-2.32.0.tgz new file mode 100644 index 000000000..b3053b328 Binary files /dev/null and b/assets/kong/kong-2.32.0.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.107.0.tgz b/assets/kubecost/cost-analyzer-1.107.0.tgz index 928796d3f..cbd9ef14e 100644 Binary files a/assets/kubecost/cost-analyzer-1.107.0.tgz and b/assets/kubecost/cost-analyzer-1.107.0.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.107.1.tgz b/assets/kubecost/cost-analyzer-1.107.1.tgz new file mode 100644 index 000000000..9dd167d8c Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.107.1.tgz differ diff --git a/assets/kuma/kuma-2.5.0.tgz b/assets/kuma/kuma-2.5.0.tgz new file mode 100644 index 000000000..74d5b491c Binary files /dev/null and b/assets/kuma/kuma-2.5.0.tgz differ diff --git a/assets/linkerd/linkerd-control-plane-1.16.4.tgz b/assets/linkerd/linkerd-control-plane-1.16.4.tgz index 327a7c477..194f5e100 100644 Binary files a/assets/linkerd/linkerd-control-plane-1.16.4.tgz and b/assets/linkerd/linkerd-control-plane-1.16.4.tgz differ diff --git a/assets/linkerd/linkerd-control-plane-1.16.5.tgz b/assets/linkerd/linkerd-control-plane-1.16.5.tgz new file mode 100644 index 000000000..fe110e430 Binary files /dev/null and b/assets/linkerd/linkerd-control-plane-1.16.5.tgz differ diff --git a/assets/minio/minio-operator-5.0.11.tgz b/assets/minio/minio-operator-5.0.11.tgz new file mode 100644 index 000000000..03ef2e583 Binary files /dev/null and b/assets/minio/minio-operator-5.0.11.tgz differ diff --git a/assets/redpanda/redpanda-5.6.48.tgz b/assets/redpanda/redpanda-5.6.48.tgz new file mode 100644 index 000000000..e9f610dfb Binary files /dev/null and b/assets/redpanda/redpanda-5.6.48.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.4.5.tgz b/assets/speedscale/speedscale-operator-1.4.5.tgz new file mode 100644 index 000000000..d251af3de Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.4.5.tgz differ diff --git a/assets/sysdig/sysdig-1.16.21.tgz b/assets/sysdig/sysdig-1.16.21.tgz new file mode 100644 index 000000000..6e0a35708 Binary files /dev/null and b/assets/sysdig/sysdig-1.16.21.tgz differ diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index 4f39c69aa..2dd5f0f70 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: Database images: | - name: cassandra-exporter - image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r429 + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r430 - name: cassandra - image: docker.io/bitnami/cassandra:4.1.3-debian-11-r73 + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r75 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r90 + image: docker.io/bitnami/os-shell:11-debian-11-r91 licenses: Apache-2.0 apiVersion: v2 appVersion: 4.1.3 @@ -35,4 +35,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.6.2 +version: 10.6.5 diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 95a2274ce..6e4d81ead 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.3-debian-11-r73 + tag: 4.1.3-debian-11-r75 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -628,7 +628,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r90 + tag: 11-debian-11-r91 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -696,7 +696,7 @@ metrics: image: registry: docker.io repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r429 + tag: 2.3.8-debian-11-r430 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index 03e1d3bb2..af2b1359e 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -37,4 +37,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.3.3 +version: 18.4.0 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index b921aa078..6305aaf82 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -172,7 +172,7 @@ The command removes all the Kubernetes components associated with the chart and | `master.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Redis® pod(s) privileges | `false` | | `master.containerSecurityContext.seccompProfile.type` | Set Redis® master containers' Security Context seccompProfile | `RuntimeDefault` | | `master.containerSecurityContext.capabilities.drop` | Set Redis® master containers' Security Context capabilities to drop | `["ALL"]` | -| `master.kind` | Use either Deployment or StatefulSet (default) | `StatefulSet` | +| `master.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` | | `master.schedulerName` | Alternate scheduler for Redis® master pods | `""` | | `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` | | `master.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | diff --git a/charts/bitnami/redis/templates/master/application.yaml b/charts/bitnami/redis/templates/master/application.yaml index 2f5f1a3f6..8fdaec125 100644 --- a/charts/bitnami/redis/templates/master/application.yaml +++ b/charts/bitnami/redis/templates/master/application.yaml @@ -16,7 +16,9 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: + {{- if not (eq .Values.master.kind "DaemonSet") }} replicas: {{ .Values.master.count }} + {{- end }} {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} @@ -472,7 +474,7 @@ spec: {{- if .Values.metrics.extraVolumes }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} {{- end }} - {{- if not .Values.master.persistence.enabled }} + {{- if or (not .Values.master.persistence.enabled) (eq .Values.master.kind "DaemonSet") }} - name: redis-data {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} emptyDir: diff --git a/charts/bitnami/redis/templates/replicas/application.yaml b/charts/bitnami/redis/templates/replicas/application.yaml index 692695fa4..821bf8d1a 100644 --- a/charts/bitnami/redis/templates/replicas/application.yaml +++ b/charts/bitnami/redis/templates/replicas/application.yaml @@ -135,7 +135,7 @@ spec: - name: REDIS_MASTER_HOST {{- if .Values.replica.externalMaster.enabled }} value: {{ .Values.replica.externalMaster.host | quote }} - {{- else if and (eq (int64 .Values.master.count) 1) (ne .Values.master.kind "Deployment") }} + {{- else if and (eq (int64 .Values.master.count) 1) (eq .Values.master.kind "StatefulSet") }} value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{- else }} value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} diff --git a/charts/bitnami/redis/values.schema.json b/charts/bitnami/redis/values.schema.json index 2cfd8489d..e9feba6ad 100644 --- a/charts/bitnami/redis/values.schema.json +++ b/charts/bitnami/redis/values.schema.json @@ -40,8 +40,8 @@ "type": "string", "title": "Workload Kind", "form": true, - "description": "Allowed values: `Deployment` or `StatefulSet`", - "enum": ["Deployment", "StatefulSet"] + "description": "Allowed values: `Deployment`, `StatefulSet` or `DaemonSet`", + "enum": ["Deployment", "StatefulSet", "DaemonSet"] }, "persistence": { "type": "object", diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index 0c60d5b4f..f2d53313b 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -299,7 +299,7 @@ master: capabilities: drop: - ALL - ## @param master.kind Use either Deployment or StatefulSet (default) + ## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ ## kind: StatefulSet diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index 40efcd87a..3ce0a9cc8 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure images: | - name: spark - image: docker.io/bitnami/spark:3.5.0-debian-11-r12 + image: docker.io/bitnami/spark:3.5.0-debian-11-r15 licenses: Apache-2.0 apiVersion: v2 appVersion: 3.5.0 @@ -30,4 +30,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 8.1.1 +version: 8.1.5 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index 77ea1646d..a227e5298 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -11,10 +11,10 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR ```console -helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/spark +helm install my-release oci://registry-1.docker.io/bitnamicharts/spark ``` -> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +Looking to use Apache Spark in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. ## Introduction @@ -24,8 +24,6 @@ Apache Spark includes APIs for Java, Python, Scala and R. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. -Looking to use Apache Spark in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## Prerequisites - Kubernetes 1.23+ @@ -354,7 +352,7 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/spark ``` > Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. -> **Tip**: You can use the default [values.yaml](values.yaml) +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/spark/values.yaml) ## Configuration and installation details diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index bb87b6229..852b3aa8b 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.5.0-debian-11-r12 + tag: 3.5.0-debian-11-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index f548dc583..416e682d7 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,29 @@ # Datadog changelog +## 3.49.0 + +* Beta: Add `datadog.apm.instrumentation` section to configure APM Single Step Instrumentation + +## 3.48.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.49.1`. + +## 3.47.2 + +* Fix CI following enabling container image collection by default. + +## 3.47.1 + +* Fix `registry` being ignored even if set. + +## 3.47.0 + +* `registry` is now set automatically adapted based on `datadog.site` value. Still default to `gcr.io/datadoghq` if not set. + +## 3.46.0 + +* Enable container image collection by default. + ## 3.45.0 * Separate values for `DD_CONTAINER_INCLUDE` and `DD_CONTAINER_EXCLUDE` in `Agent` and `Cluster-Agent` diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index d49d31e0d..74abd4287 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.45.0 +version: 3.49.0 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index dd23e77de..36c9af943 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.45.0](https://img.shields.io/badge/Version-3.45.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.49.0](https://img.shields.io/badge/Version-3.49.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -228,6 +228,64 @@ datadog: socketEnabled: false ``` +### Enabling APM Single Step Instrumentation (beta) + +APM tracing libraries and configurations can be automatically injected in your application pods in the whole cluster or specific namespaces using Single Step Instrumentation. + +Update your `datadog-values.yaml` file with the following configration to enable Single Step Instrumentation in the whole cluster: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true +``` + +Single Step Instrumentation can be disabled in specific namespaces using configuration option `disabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + disabledNamespaces: + - namespaceA + - namespaceB +``` + +Single Step Instrumentation can be enabled in specific namespaces using configuration option `enabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: false + enabledNamespaces: + - namespaceC +``` + +To confiure the version of Tracing library that Single Step Instrumentation will instrument applications with, set the configuration `libVersions`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: false + libVersions: + java: v1.18.0 + python: v1.20.0 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + ### Enabling Log Collection Update your `datadog-values.yaml` file with the following log collection configuration: @@ -450,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.49.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.49.1"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -516,7 +574,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.49.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.49.1"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -567,7 +625,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.49.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.49.1"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | @@ -596,6 +654,10 @@ helm install \ | datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | | datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | | datadog.apm.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the trace-agent socket | +| datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | +| datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | | datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | @@ -614,7 +676,7 @@ helm install \ | datadog.containerExclude | string | `nil` | Exclude containers from Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeLogs | string | `nil` | Exclude logs from Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from Agent Autodiscovery, as a space-separated list | -| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata | +| datadog.containerImageCollection.enabled | bool | `true` | Enable collection of container image metadata | | datadog.containerInclude | string | `nil` | Include containers in Agent Autodiscovery, as a space-separated list. If a container matches an include rule, it’s always included in Autodiscovery | | datadog.containerIncludeLogs | string | `nil` | Include logs in Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeMetrics | string | `nil` | Include metrics in Agent Autodiscovery, as a space-separated list | @@ -772,7 +834,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | -| registry | string | `"gcr.io/datadoghq"` | Registry to use for all Agent images (default gcr.io) | +| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/datadog/README.md.gotmpl b/charts/datadog/datadog/README.md.gotmpl index a9f20b2ba..e0d78c0ec 100644 --- a/charts/datadog/datadog/README.md.gotmpl +++ b/charts/datadog/datadog/README.md.gotmpl @@ -224,6 +224,64 @@ datadog: socketEnabled: false ``` +### Enabling APM Single Step Instrumentation (beta) + +APM tracing libraries and configurations can be automatically injected in your application pods in the whole cluster or specific namespaces using Single Step Instrumentation. + +Update your `datadog-values.yaml` file with the following configration to enable Single Step Instrumentation in the whole cluster: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true +``` + +Single Step Instrumentation can be disabled in specific namespaces using configuration option `disabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: true + disabledNamespaces: + - namespaceA + - namespaceB +``` + +Single Step Instrumentation can be enabled in specific namespaces using configuration option `enabledNamespaces`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: false + enabledNamespaces: + - namespaceC +``` + +To confiure the version of Tracing library that Single Step Instrumentation will instrument applications with, set the configuration `libVersions`: + +```yaml +datadog: + # (...) + apm: + instrumentation: + enabled: false + libVersions: + java: v1.18.0 + python: v1.20.0 +``` + +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml datadog/datadog +``` + ### Enabling Log Collection Update your `datadog-values.yaml` file with the following log collection configuration: diff --git a/charts/datadog/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml b/charts/datadog/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml new file mode 100644 index 000000000..e16325d78 --- /dev/null +++ b/charts/datadog/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml @@ -0,0 +1,10 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + apm: + instrumentation: + enabled: true +clusterAgent: + enabled: true + admissionController: + enabled: true diff --git a/charts/datadog/datadog/ci/gke-autopilot-cri-less-values.yaml b/charts/datadog/datadog/ci/gke-autopilot-cri-less-values.yaml index df11474a0..be7beadf1 100644 --- a/charts/datadog/datadog/ci/gke-autopilot-cri-less-values.yaml +++ b/charts/datadog/datadog/ci/gke-autopilot-cri-less-values.yaml @@ -13,7 +13,7 @@ datadog: enabled: true containerRuntimeSupport: - enabled: false + enabled: true providers: gke: diff --git a/charts/datadog/datadog/templates/NOTES.txt b/charts/datadog/datadog/templates/NOTES.txt index a828afea8..9c61833f3 100644 --- a/charts/datadog/datadog/templates/NOTES.txt +++ b/charts/datadog/datadog/templates/NOTES.txt @@ -125,6 +125,68 @@ Trace Agent liveness probe port ({{ $liveness.port }}) is different from the con The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} +{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces .Values.datadog.apm.instrumentation.disabled_namespaces }} + +################################################################################### +#### ERROR: APM Single Step Instrumentation misconfiguration #### +################################################################################### + +{{- fail "The options `datadog.apm.instrumentation.enabled_namespaces` and `datadog.apm.instrumentation.disabled_namespaces` cannot be set together." }} + +{{- end }} + +{{- if and .Values.datadog.apm.instrumentation.enabled (eq (include "cluster-agent-enabled" .) "false")}} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'." }} + +{{- end }} + +{{- if and .Values.datadog.apm.instrumentation.enabled (not .Values.clusterAgent.admissionController.enabled)}} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the admission controller. This configuration is unsupported. To enable it please set clusterAgent.admissionController.enabled to 'true'." }} + +{{- end }} + +{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces (eq (include "cluster-agent-enabled" .) "false")}} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +You are using datadog.apm.instrumentation.enabled_namespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. +To enable it please set clusterAgent.enabled to 'true'. +{{- end }} + +{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabled_namespaces }} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabled_namespaces` are set together. +APM Single Step Instrumentation will be enabled in the whole cluster. + +{{- end }} + +{{- if and .Values.datadog.apm.instrumentation.disabled_namespaces (eq .Values.datadog.apm.instrumentation.enabled "false") }} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +The option `datadog.apm.instrumentation.enabled_namespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. +APM Single Step Instrumentation will be disabled in the whole cluster. + +{{- end }} + {{- if .Values.datadog.apm.enabled }} ################################################################# diff --git a/charts/datadog/datadog/templates/_helpers.tpl b/charts/datadog/datadog/templates/_helpers.tpl index 789bf0b6d..c4ff5b076 100644 --- a/charts/datadog/datadog/templates/_helpers.tpl +++ b/charts/datadog/datadog/templates/_helpers.tpl @@ -261,6 +261,23 @@ Accepts a map with `port` (default port) and `settings` (probe settings). {{- end -}} {{- end -}} +{{/* +Return the proper registry based on datadog.site (requires .Values to be passed as .) +*/}} +{{- define "registry" -}} +{{- if .registry -}} +{{- .registry -}} +{{- else if eq .datadog.site "datadoghq.eu" -}} +eu.gcr.io/datadoghq +{{- else if eq .datadog.site "ddog-gov.com" -}} +public.ecr.aws/datadog +{{- else if eq .datadog.site "ap1.datadoghq.com" -}} +asia.gcr.io/datadoghq +{{- else -}} +gcr.io/datadoghq +{{- end -}} +{{- end -}} + {{/* Return a remote image path based on `.Values` (passed as root) and `.` (any `.image` from `.Values` passed as parameter) */}} @@ -269,7 +286,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im {{- if .image.repository -}} {{- .image.repository -}}@{{ .image.digest }} {{- else -}} -{{ .root.registry }}/{{ .image.name }}@{{ .image.digest }} +{{ include "registry" .root }}/{{ .image.name }}@{{ .image.digest }} {{- end -}} {{- else -}} {{- $tagSuffix := "" -}} @@ -279,10 +296,11 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im {{- if .image.repository -}} {{- .image.repository -}}:{{ .image.tag }}{{ $tagSuffix }} {{- else -}} -{{ .root.registry }}/{{ .image.name }}:{{ .image.tag }}{{ $tagSuffix }} +{{ include "registry" .root }}/{{ .image.name }}:{{ .image.tag }}{{ $tagSuffix }} {{- end -}} {{- end -}} {{- end -}} + {{/* Return true if a system-probe feature is enabled. */}} diff --git a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml index b3eda489a..78364db0b 100644 --- a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml @@ -236,6 +236,22 @@ spec: {{- end }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} + {{- if .Values.datadog.apm.instrumentation.enabled }} + - name: DD_APM_INSTRUMENTATION_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.apm.instrumentation.enabledNamespaces }} + - name: DD_APM_INSTRUMENTATION_ENABLED_NAMESPACES + value: {{ .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote }} + {{- end }} + {{- if .Values.datadog.apm.instrumentation.disabledNamespaces }} + - name: DD_APM_INSTRUMENTATION_DISABLED_NAMESPACES + value: {{ .Values.datadog.apm.instrumentation.disabledNamespaces | toJson | quote }} + {{- end }} + {{- if .Values.datadog.apm.instrumentation.libVersions }} + - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS + value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} + {{- end }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index bd1d438f8..540ca7c87 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -18,13 +18,15 @@ targetSystem: "linux" commonLabels: {} # team_name: dev -# registry -- Registry to use for all Agent images (default gcr.io) +# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) ## Currently we offer Datadog Agent images on: -## GCR - use gcr.io/datadoghq (default) -## DockerHub - use docker.io/datadog +## GCR US - use gcr.io/datadoghq +## GCR Europe - use eu.gcr.io/datadoghq +## GCR Asia - use asia.gcr.io/datadoghq ## AWS - use public.ecr.aws/datadog -registry: gcr.io/datadoghq +## DockerHub - use docker.io/datadog +registry: # gcr.io/datadoghq datadog: # datadog.apiKey -- Your Datadog API key @@ -463,6 +465,20 @@ datadog: # datadog.apm.hostSocketPath -- Host path to the trace-agent socket hostSocketPath: /var/run/datadog/ + # APM Single Step Instrumentation + # This feature is in beta. It requires Cluster Agent 7.49+. + instrumentation: + # datadog.apm.instrumentation.enabled -- Enable injecting the Datadog APM libraries into all pods in the cluster (beta). + enabled: false + + # datadog.apm.instrumentation.enabledNamespaces -- Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). + enabledNamespaces: [] + + # datadog.apm.instrumentation.disabledNamespaces -- Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). + disabledNamespaces: [] + + # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). + libVersions: {} ## OTLP ingest related configuration otlp: receiver: @@ -634,7 +650,9 @@ datadog: containerImageCollection: # datadog.containerImageCollection.enabled -- Enable collection of container image metadata - enabled: false + + # This parameter requires Agent version 7.46+ + enabled: true orchestratorExplorer: # datadog.orchestratorExplorer.enabled -- Set this to false to disable the orchestrator explorer @@ -856,7 +874,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.49.0 + tag: 7.49.1 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1284,7 +1302,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.49.0 + tag: 7.49.1 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1752,7 +1770,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.49.0 + tag: 7.49.1 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/charts/haproxy/haproxy/Chart.yaml b/charts/haproxy/haproxy/Chart.yaml index eb7ec6bfc..3bb32a46a 100644 --- a/charts/haproxy/haproxy/Chart.yaml +++ b/charts/haproxy/haproxy/Chart.yaml @@ -1,13 +1,14 @@ annotations: artifacthub.io/changes: | - - Fixes for .Capabilities.APIVersions issues (issues #202 and #211) - - semverCompare fixes for appProtocol + - Use Ingress Controller 1.10.10 version for base image + - Add CRD install/upgrade job for automated CRD management + - Remove default CRDs provided by Chart catalog.cattle.io/certified: partner catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: haproxy apiVersion: v2 -appVersion: 1.10.9 +appVersion: 1.10.10 description: A Helm chart for HAProxy Kubernetes Ingress Controller home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png @@ -22,4 +23,4 @@ name: haproxy sources: - https://github.com/haproxytech/kubernetes-ingress type: application -version: 1.34.1 +version: 1.35.0 diff --git a/charts/haproxy/haproxy/README.md b/charts/haproxy/haproxy/README.md index 19d1e3f6d..e5fcd1fb1 100644 --- a/charts/haproxy/haproxy/README.md +++ b/charts/haproxy/haproxy/README.md @@ -262,6 +262,9 @@ kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/ kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_backends.yaml ``` +Note: from Helm Chart 1.35.0, Helm Chart contains CRD install/upgrade job that will take care of both installing and +upgrading CRDs accordingly. + ## Uninstalling the chart To uninstall/delete the _my-release_ deployment: diff --git a/charts/haproxy/haproxy/crds/core.haproxy.org_backends.yaml b/charts/haproxy/haproxy/crds/core.haproxy.org_backends.yaml deleted file mode 100644 index 2947a7084..000000000 --- a/charts/haproxy/haproxy/crds/core.haproxy.org_backends.yaml +++ /dev/null @@ -1,903 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: backends.core.haproxy.org -spec: - group: core.haproxy.org - names: - kind: Backend - plural: backends - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - config: - title: Backend - description: HAProxy backend configuration - type: object - properties: - abortonclose: - type: string - enum: - - enabled - - disabled - accept_invalid_http_response: - type: string - enum: - - enabled - - disabled - adv_check: - type: string - enum: - - ssl-hello-chk - - smtpchk - - ldap-check - - mysql-check - - pgsql-check - - tcp-check - - redis-check - - httpchk - allbackups: - type: string - enum: - - enabled - - disabled - balance: - type: object - required: - - algorithm - properties: - algorithm: - type: string - enum: - - roundrobin - - static-rr - - leastconn - - first - - source - - uri - - url_param - - hdr - - random - - rdp-cookie - hdr_name: - type: string - hdr_use_domain_only: - type: boolean - random_draws: - type: integer - rdp_cookie_name: - type: string - pattern: ^[^\s]+$ - uri_depth: - type: integer - uri_len: - type: integer - uri_path_only: - type: boolean - uri_whole: - type: boolean - url_param: - type: string - pattern: ^[^\s]+$ - url_param_check_post: - type: integer - url_param_max_wait: - type: integer - bind_process: - type: string - pattern: ^[^\s]+$ - check_timeout: - type: integer - nullable: true - compression: - type: object - properties: - algorithms: - type: array - items: - type: string - enum: - - identity - - gzip - - deflate - - raw-deflate - offload: - type: boolean - types: - type: array - items: - type: string - connect_timeout: - type: integer - nullable: true - cookie: - type: object - required: - - name - properties: - domain: - type: array - items: - type: object - properties: - value: - type: string - pattern: ^[^\s]+$ - dynamic: - type: boolean - httponly: - type: boolean - indirect: - type: boolean - maxidle: - type: integer - maxlife: - type: integer - name: - type: string - pattern: ^[^\s]+$ - nocache: - type: boolean - postonly: - type: boolean - preserve: - type: boolean - secure: - type: boolean - type: - type: string - enum: - - rewrite - - insert - - prefix - default_server: - type: object - title: Default Server - properties: - address: - type: string - pattern: ^[^\s]+$ - agent-addr: - type: string - pattern: ^[^\s]+$ - agent-check: - type: string - enum: - - enabled - - disabled - agent-inter: - type: integer - nullable: true - agent-port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - agent-send: - type: string - allow_0rtt: - type: boolean - alpn: - type: string - pattern: ^[^\s]+$ - backup: - type: string - enum: - - enabled - - disabled - ca_file: - type: string - check: - type: string - enum: - - enabled - - disabled - check-send-proxy: - type: string - enum: - - enabled - - disabled - check-sni: - type: string - pattern: ^[^\s]+$ - check-ssl: - type: string - enum: - - enabled - - disabled - check_alpn: - type: string - pattern: ^[^\s]+$ - check_proto: - type: string - pattern: ^[^\s]+$ - check_via_socks4: - type: string - enum: - - enabled - - disabled - ciphers: - type: string - ciphersuites: - type: string - cookie: - type: string - pattern: ^[^\s]+$ - crl_file: - type: string - disabled: - type: string - enum: - - enabled - - disabled - downinter: - type: integer - nullable: true - enabled: - type: string - enum: - - enabled - - disabled - error_limit: - type: integer - fall: - type: integer - nullable: true - fastinter: - type: integer - nullable: true - force_sslv3: - type: string - enum: - - enabled - - disabled - force_tlsv10: - type: string - enum: - - enabled - - disabled - force_tlsv11: - type: string - enum: - - enabled - - disabled - force_tlsv12: - type: string - enum: - - enabled - - disabled - force_tlsv13: - type: string - enum: - - enabled - - disabled - health_check_port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - init-addr: - type: string - pattern: ^[^\s]+$ - inter: - type: integer - nullable: true - log_proto: - type: string - enum: - - legacy - - octet-count - max_reuse: - type: integer - nullable: true - maxconn: - type: integer - nullable: true - maxqueue: - type: integer - nullable: true - minconn: - type: integer - nullable: true - name: - type: string - pattern: ^[^\s]+$ - namespace: - type: string - no_sslv3: - type: string - enum: - - enabled - - disabled - no_tlsv10: - type: string - enum: - - enabled - - disabled - no_tlsv11: - type: string - enum: - - enabled - - disabled - no_tlsv12: - type: string - enum: - - enabled - - disabled - no_tlsv13: - type: string - enum: - - enabled - - disabled - no_verifyhost: - type: string - enum: - - enabled - - disabled - npn: - type: string - observe: - type: string - enum: - - layer4 - - layer7 - on-error: - type: string - enum: - - fastinter - - fail-check - - sudden-death - - mark-down - on-marked-down: - type: string - enum: - - shutdown-sessions - on-marked-up: - type: string - enum: - - shutdown-backup-sessions - pool_low_conn: - type: integer - nullable: true - pool_max_conn: - type: integer - nullable: true - pool_purge_delay: - type: integer - nullable: true - port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - proto: - type: string - pattern: ^[^\s]+$ - proxy-v2-options: - type: array - items: - type: string - enum: - - ssl - - cert-cn - - ssl-cipher - - cert-sig - - cert-key - - authority - - crc32c - - unique-id - redir: - type: string - resolve-net: - type: string - pattern: ^[^\s]+$ - resolve-prefer: - type: string - pattern: ^[^\s]+$ - enum: - - ipv4 - - ipv6 - resolve_opts: - type: string - pattern: ^[^,\s][^\,]*[^,\s]*$ - resolvers: - type: string - pattern: ^[^\s]+$ - rise: - type: integer - nullable: true - send-proxy: - type: string - enum: - - enabled - - disabled - send-proxy-v2: - type: string - enum: - - enabled - - disabled - send_proxy_v2_ssl: - type: string - enum: - - enabled - - disabled - send_proxy_v2_ssl_cn: - type: string - enum: - - enabled - - disabled - slowstart: - type: integer - nullable: true - sni: - type: string - pattern: ^[^\s]+$ - socks4: - type: string - pattern: ^[^\s]+$ - source: - type: string - ssl: - type: string - enum: - - enabled - - disabled - ssl_certificate: - type: string - pattern: ^[^\s]+$ - ssl_max_ver: - type: string - enum: - - SSLv3 - - TLSv1.0 - - TLSv1.1 - - TLSv1.2 - - TLSv1.3 - ssl_min_ver: - type: string - enum: - - SSLv3 - - TLSv1.0 - - TLSv1.1 - - TLSv1.2 - - TLSv1.3 - ssl_reuse: - type: string - enum: - - enabled - - disabled - stick: - type: string - enum: - - enabled - - disabled - tcp_ut: - type: integer - tfo: - type: string - enum: - - enabled - - disabled - tls_tickets: - type: string - enum: - - enabled - - disabled - track: - type: string - verify: - type: string - enum: - - none - - required - verifyhost: - type: string - weight: - type: integer - nullable: true - dynamic_cookie_key: - type: string - pattern: ^[^\s]+$ - external_check: - type: string - enum: - - enabled - - disabled - external_check_command: - type: string - pattern: ^[^\s]+$ - external_check_path: - type: string - pattern: ^[^\s]+$ - forwardfor: - type: object - required: - - enabled - properties: - enabled: - type: string - enum: - - enabled - except: - type: string - pattern: ^[^\s]+$ - header: - type: string - pattern: ^[^\s]+$ - ifnone: - type: boolean - h1_case_adjust_bogus_server: - type: string - enum: - - enabled - - disabled - hash_type: - type: object - properties: - function: - type: string - enum: - - sdbm - - djb2 - - wt6 - - crc32 - method: - type: string - enum: - - map-based - - consistent - modifier: - type: string - enum: - - avalanche - http-buffer-request: - type: string - enum: - - enabled - - disabled - http-check: - type: object - title: HTTP Check - required: - - index - - type - properties: - addr: - type: string - pattern: ^[^\s]+$ - alpn: - type: string - pattern: ^[^\s]+$ - body: - type: string - body_log_format: - type: string - check_comment: - type: string - default: - type: boolean - error_status: - type: string - enum: - - L7OKC - - L7RSP - - L7STS - - L6RSP - - L4CON - exclamation_mark: - type: boolean - headers: - type: array - items: - type: object - required: - - name - - fmt - properties: - fmt: - type: string - name: - type: string - index: - type: integer - nullable: true - linger: - type: boolean - match: - type: string - pattern: ^[^\s]+$ - enum: - - status - - rstatus - - hdr - - fhdr - - string - - rstring - method: - type: string - min_recv: - type: integer - nullable: true - ok_status: - type: string - enum: - - L7OK - - L7OKC - - L6OK - - L4OK - on_error: - type: string - on_success: - type: string - pattern: - type: string - port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - port_string: - type: string - proto: - type: string - send_proxy: - type: boolean - sni: - type: string - ssl: - type: boolean - status-code: - type: string - tout_status: - type: string - enum: - - L7TOUT - - L6TOUT - - L4TOUT - type: - type: string - enum: - - comment - - connect - - disable-on-404 - - expect - - send - - send-state - - set-var - - set-var-fmt - - unset-var - uri: - type: string - uri_log_format: - type: string - var_expr: - type: string - var_format: - type: string - var_name: - type: string - pattern: ^[^\s]+$ - var_scope: - type: string - pattern: ^[^\s]+$ - version: - type: string - via_socks4: - type: boolean - http-keep-alive: - type: string - enum: - - enabled - - disabled - http-no-delay: - type: string - enum: - - enabled - - disabled - http-server-close: - type: string - enum: - - enabled - - disabled - http-use-htx: - type: string - pattern: ^[^\s]+$ - enum: - - enabled - - disabled - http_connection_mode: - type: string - enum: - - httpclose - - http-server-close - - http-keep-alive - http_keep_alive_timeout: - type: integer - nullable: true - http_pretend_keepalive: - type: string - enum: - - enabled - - disabled - http_proxy: - type: string - enum: - - enabled - - disabled - http_request_timeout: - type: integer - nullable: true - http_reuse: - type: string - enum: - - aggressive - - always - - never - - safe - httpchk_params: - type: object - properties: - method: - type: string - enum: - - HEAD - - PUT - - POST - - GET - - TRACE - - PATCH - uri: - type: string - pattern: ^[^ ]*$ - version: - type: string - httpclose: - type: string - enum: - - enabled - - disabled - log_health_checks: - type: string - enum: - - enabled - - disabled - log_tag: - type: string - pattern: ^[^\s]+$ - mode: - type: string - enum: - - http - - tcp - mysql_check_params: - type: object - properties: - client_version: - type: string - enum: - - pre-41 - - post-41 - username: - type: string - name: - type: string - pattern: ^[A-Za-z0-9-_.:]+$ - pgsql_check_params: - type: object - properties: - username: - type: string - queue_timeout: - type: integer - nullable: true - redispatch: - type: object - required: - - enabled - properties: - enabled: - type: string - enum: - - enabled - - disabled - interval: - type: integer - retries: - type: integer - nullable: true - server_timeout: - type: integer - nullable: true - smtpchk_params: - type: object - properties: - domain: - type: string - hello: - type: string - srvtcpka: - type: string - enum: - - enabled - - disabled - stats_options: - type: object - properties: - stats_admin: - type: boolean - stats_admin_cond: - type: string - enum: - - if - - unless - stats_admin_cond_test: - type: string - stats_enable: - type: boolean - stats_hide_version: - type: boolean - stats_maxconn: - type: integer - minimum: 1 - stats_refresh_delay: - type: integer - nullable: true - stats_show_desc: - type: string - nullable: true - stats_show_legends: - type: boolean - stats_show_node_name: - type: string - pattern: ^[^\s]+$ - nullable: true - stats_uri_prefix: - type: string - pattern: ^[^\s]+$ - stick_table: - type: object - properties: - expire: - type: integer - nullable: true - keylen: - type: integer - nullable: true - nopurge: - type: boolean - peers: - type: string - pattern: ^[^\s]+$ - size: - type: integer - nullable: true - store: - type: string - pattern: ^[^\s]+$ - type: - type: string - enum: - - ip - - ipv6 - - integer - - string - - binary - tcpka: - type: string - enum: - - enabled - - disabled - tunnel_timeout: - type: integer - nullable: true - diff --git a/charts/haproxy/haproxy/crds/core.haproxy.org_defaults.yaml b/charts/haproxy/haproxy/crds/core.haproxy.org_defaults.yaml deleted file mode 100644 index 03323b323..000000000 --- a/charts/haproxy/haproxy/crds/core.haproxy.org_defaults.yaml +++ /dev/null @@ -1,929 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: defaults.core.haproxy.org -spec: - group: core.haproxy.org - names: - kind: Defaults - plural: defaults - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - required: - - config - properties: - config: - title: Defaults - description: HAProxy defaults configuration - type: object - properties: - abortonclose: - type: string - enum: - - enabled - - disabled - accept_invalid_http_request: - type: string - enum: - - enabled - - disabled - accept_invalid_http_response: - type: string - enum: - - enabled - - disabled - adv_check: - type: string - enum: - - ssl-hello-chk - - smtpchk - - ldap-check - - mysql-check - - pgsql-check - - tcp-check - - redis-check - - httpchk - allbackups: - type: string - enum: - - enabled - - disabled - backlog: - type: integer - nullable: true - balance: - type: object - required: - - algorithm - properties: - algorithm: - type: string - enum: - - roundrobin - - static-rr - - leastconn - - first - - source - - uri - - url_param - - hdr - - random - - rdp-cookie - hdr_name: - type: string - hdr_use_domain_only: - type: boolean - random_draws: - type: integer - rdp_cookie_name: - type: string - pattern: ^[^\s]+$ - uri_depth: - type: integer - uri_len: - type: integer - uri_path_only: - type: boolean - uri_whole: - type: boolean - url_param: - type: string - pattern: ^[^\s]+$ - url_param_check_post: - type: integer - url_param_max_wait: - type: integer - bind_process: - type: string - pattern: ^[^\s]+$ - check_timeout: - type: integer - nullable: true - clflog: - type: boolean - client_fin_timeout: - type: integer - nullable: true - client_timeout: - type: integer - nullable: true - clitcpka: - type: string - enum: - - enabled - - disabled - compression: - type: object - properties: - algorithms: - type: array - items: - type: string - enum: - - identity - - gzip - - deflate - - raw-deflate - offload: - type: boolean - types: - type: array - items: - type: string - connect_timeout: - type: integer - nullable: true - contstats: - type: string - enum: - - enabled - cookie: - type: object - required: - - name - properties: - domain: - type: array - items: - type: object - properties: - value: - type: string - pattern: ^[^\s]+$ - dynamic: - type: boolean - httponly: - type: boolean - indirect: - type: boolean - maxidle: - type: integer - maxlife: - type: integer - name: - type: string - pattern: ^[^\s]+$ - nocache: - type: boolean - postonly: - type: boolean - preserve: - type: boolean - secure: - type: boolean - type: - type: string - enum: - - rewrite - - insert - - prefix - default_backend: - type: string - pattern: ^[A-Za-z0-9-_.:]+$ - default_server: - type: object - title: Default Server - properties: - address: - type: string - pattern: ^[^\s]+$ - agent-addr: - type: string - pattern: ^[^\s]+$ - agent-check: - type: string - enum: - - enabled - - disabled - agent-inter: - type: integer - nullable: true - agent-port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - agent-send: - type: string - allow_0rtt: - type: boolean - alpn: - type: string - pattern: ^[^\s]+$ - backup: - type: string - enum: - - enabled - - disabled - ca_file: - type: string - check: - type: string - enum: - - enabled - - disabled - check-send-proxy: - type: string - enum: - - enabled - - disabled - check-sni: - type: string - pattern: ^[^\s]+$ - check-ssl: - type: string - enum: - - enabled - - disabled - check_alpn: - type: string - pattern: ^[^\s]+$ - check_proto: - type: string - pattern: ^[^\s]+$ - check_via_socks4: - type: string - enum: - - enabled - - disabled - ciphers: - type: string - ciphersuites: - type: string - cookie: - type: string - pattern: ^[^\s]+$ - crl_file: - type: string - disabled: - type: string - enum: - - enabled - - disabled - downinter: - type: integer - nullable: true - enabled: - type: string - enum: - - enabled - - disabled - error_limit: - type: integer - fall: - type: integer - nullable: true - fastinter: - type: integer - nullable: true - force_sslv3: - type: string - enum: - - enabled - - disabled - force_tlsv10: - type: string - enum: - - enabled - - disabled - force_tlsv11: - type: string - enum: - - enabled - - disabled - force_tlsv12: - type: string - enum: - - enabled - - disabled - force_tlsv13: - type: string - enum: - - enabled - - disabled - health_check_port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - init-addr: - type: string - pattern: ^[^\s]+$ - inter: - type: integer - nullable: true - log_proto: - type: string - enum: - - legacy - - octet-count - max_reuse: - type: integer - nullable: true - maxconn: - type: integer - nullable: true - maxqueue: - type: integer - nullable: true - minconn: - type: integer - nullable: true - name: - type: string - pattern: ^[^\s]+$ - namespace: - type: string - no_sslv3: - type: string - enum: - - enabled - - disabled - no_tlsv10: - type: string - enum: - - enabled - - disabled - no_tlsv11: - type: string - enum: - - enabled - - disabled - no_tlsv12: - type: string - enum: - - enabled - - disabled - no_tlsv13: - type: string - enum: - - enabled - - disabled - no_verifyhost: - type: string - enum: - - enabled - - disabled - npn: - type: string - observe: - type: string - enum: - - layer4 - - layer7 - on-error: - type: string - enum: - - fastinter - - fail-check - - sudden-death - - mark-down - on-marked-down: - type: string - enum: - - shutdown-sessions - on-marked-up: - type: string - enum: - - shutdown-backup-sessions - pool_low_conn: - type: integer - nullable: true - pool_max_conn: - type: integer - nullable: true - pool_purge_delay: - type: integer - nullable: true - port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - proto: - type: string - pattern: ^[^\s]+$ - proxy-v2-options: - type: array - items: - type: string - enum: - - ssl - - cert-cn - - ssl-cipher - - cert-sig - - cert-key - - authority - - crc32c - - unique-id - redir: - type: string - resolve-net: - type: string - pattern: ^[^\s]+$ - resolve-prefer: - type: string - pattern: ^[^\s]+$ - enum: - - ipv4 - - ipv6 - resolve_opts: - type: string - pattern: ^[^,\s][^\,]*[^,\s]*$ - resolvers: - type: string - pattern: ^[^\s]+$ - rise: - type: integer - nullable: true - send-proxy: - type: string - enum: - - enabled - - disabled - send-proxy-v2: - type: string - enum: - - enabled - - disabled - send_proxy_v2_ssl: - type: string - enum: - - enabled - - disabled - send_proxy_v2_ssl_cn: - type: string - enum: - - enabled - - disabled - slowstart: - type: integer - nullable: true - sni: - type: string - pattern: ^[^\s]+$ - socks4: - type: string - pattern: ^[^\s]+$ - source: - type: string - ssl: - type: string - enum: - - enabled - - disabled - ssl_certificate: - type: string - pattern: ^[^\s]+$ - ssl_max_ver: - type: string - enum: - - SSLv3 - - TLSv1.0 - - TLSv1.1 - - TLSv1.2 - - TLSv1.3 - ssl_min_ver: - type: string - enum: - - SSLv3 - - TLSv1.0 - - TLSv1.1 - - TLSv1.2 - - TLSv1.3 - ssl_reuse: - type: string - enum: - - enabled - - disabled - stick: - type: string - enum: - - enabled - - disabled - tcp_ut: - type: integer - tfo: - type: string - enum: - - enabled - - disabled - tls_tickets: - type: string - enum: - - enabled - - disabled - track: - type: string - verify: - type: string - enum: - - none - - required - verifyhost: - type: string - weight: - type: integer - nullable: true - disable_h2_upgrade: - type: string - enum: - - enabled - - disabled - dontlognull: - type: string - enum: - - enabled - - disabled - dynamic_cookie_key: - type: string - pattern: ^[^\s]+$ - error_files: - type: array - items: - type: object - properties: - code: - type: integer - enum: - - 200 - - 400 - - 403 - - 405 - - 408 - - 425 - - 429 - - 500 - - 502 - - 503 - - 504 - file: - type: string - external_check: - type: string - enum: - - enabled - - disabled - external_check_command: - type: string - pattern: ^[^\s]+$ - external_check_path: - type: string - pattern: ^[^\s]+$ - forwardfor: - type: object - required: - - enabled - properties: - enabled: - type: string - enum: - - enabled - except: - type: string - pattern: ^[^\s]+$ - header: - type: string - pattern: ^[^\s]+$ - ifnone: - type: boolean - h1_case_adjust_bogus_client: - type: string - enum: - - enabled - - disabled - h1_case_adjust_bogus_server: - type: string - enum: - - enabled - - disabled - http-buffer-request: - type: string - enum: - - enabled - - disabled - http-check: - type: object - title: HTTP Check - required: - - index - - type - properties: - addr: - type: string - pattern: ^[^\s]+$ - alpn: - type: string - pattern: ^[^\s]+$ - body: - type: string - body_log_format: - type: string - check_comment: - type: string - default: - type: boolean - error_status: - type: string - enum: - - L7OKC - - L7RSP - - L7STS - - L6RSP - - L4CON - exclamation_mark: - type: boolean - headers: - type: array - items: - type: object - required: - - name - - fmt - properties: - fmt: - type: string - name: - type: string - index: - type: integer - nullable: true - linger: - type: boolean - match: - type: string - pattern: ^[^\s]+$ - enum: - - status - - rstatus - - hdr - - fhdr - - string - - rstring - method: - type: string - min_recv: - type: integer - nullable: true - ok_status: - type: string - enum: - - L7OK - - L7OKC - - L6OK - - L4OK - on_error: - type: string - on_success: - type: string - pattern: - type: string - port: - type: integer - maximum: 65535 - minimum: 1 - nullable: true - port_string: - type: string - proto: - type: string - send_proxy: - type: boolean - sni: - type: string - ssl: - type: boolean - status-code: - type: string - tout_status: - type: string - enum: - - L7TOUT - - L6TOUT - - L4TOUT - type: - type: string - enum: - - comment - - connect - - disable-on-404 - - expect - - send - - send-state - - set-var - - set-var-fmt - - unset-var - uri: - type: string - uri_log_format: - type: string - var_expr: - type: string - var_format: - type: string - var_name: - type: string - pattern: ^[^\s]+$ - var_scope: - type: string - pattern: ^[^\s]+$ - version: - type: string - via_socks4: - type: boolean - http-use-htx: - type: string - enum: - - enabled - - disabled - http_connection_mode: - type: string - enum: - - httpclose - - http-server-close - - http-keep-alive - http_keep_alive_timeout: - type: integer - nullable: true - http_pretend_keepalive: - type: string - enum: - - enabled - - disabled - http_request_timeout: - type: integer - nullable: true - http_reuse: - type: string - enum: - - aggressive - - always - - never - - safe - httpchk_params: - type: object - properties: - method: - type: string - enum: - - HEAD - - PUT - - POST - - GET - - TRACE - - PATCH - uri: - type: string - pattern: ^[^ ]*$ - version: - type: string - httplog: - type: boolean - load_server_state_from_file: - type: string - enum: - - global - - local - - none - log_format: - type: string - log_format_sd: - type: string - log_health_checks: - type: string - enum: - - enabled - - disabled - log_separate_errors: - type: string - enum: - - enabled - - disabled - log_tag: - type: string - pattern: ^[^\s]+$ - logasap: - type: string - enum: - - enabled - - disabled - maxconn: - type: integer - nullable: true - mode: - type: string - enum: - - tcp - - http - monitor_uri: - type: string - mysql_check_params: - type: object - properties: - client_version: - type: string - enum: - - pre-41 - - post-41 - username: - type: string - pgsql_check_params: - type: object - properties: - username: - type: string - queue_timeout: - type: integer - nullable: true - redispatch: - type: object - required: - - enabled - properties: - enabled: - type: string - enum: - - enabled - - disabled - interval: - type: integer - retries: - type: integer - nullable: true - server_fin_timeout: - type: integer - nullable: true - server_timeout: - type: integer - nullable: true - smtpchk_params: - type: object - properties: - domain: - type: string - hello: - type: string - srvtcpka: - type: string - enum: - - enabled - - disabled - stats_options: - type: object - properties: - stats_admin: - type: boolean - stats_admin_cond: - type: string - enum: - - if - - unless - stats_admin_cond_test: - type: string - stats_enable: - type: boolean - stats_hide_version: - type: boolean - stats_maxconn: - type: integer - minimum: 1 - stats_refresh_delay: - type: integer - nullable: true - stats_show_desc: - type: string - nullable: true - stats_show_legends: - type: boolean - stats_show_node_name: - type: string - pattern: ^[^\s]+$ - nullable: true - stats_uri_prefix: - type: string - pattern: ^[^\s]+$ - tcpka: - type: string - enum: - - enabled - - disabled - tcplog: - type: boolean - tunnel_timeout: - type: integer - nullable: true - unique_id_format: - type: string - unique_id_header: - type: string - diff --git a/charts/haproxy/haproxy/crds/core.haproxy.org_globals.yaml b/charts/haproxy/haproxy/crds/core.haproxy.org_globals.yaml deleted file mode 100644 index c6554900e..000000000 --- a/charts/haproxy/haproxy/crds/core.haproxy.org_globals.yaml +++ /dev/null @@ -1,438 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globals.core.haproxy.org -spec: - group: core.haproxy.org - names: - kind: Global - plural: globals - scope: Namespaced - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - config: - description: HAProxy global configuration - type: object - title: Global - properties: - busy_polling: - type: boolean - ca_base: - type: string - chroot: - type: string - pattern: ^[^\s]+$ - cpu_maps: - type: array - items: - type: object - required: - - process - - cpu_set - properties: - cpu_set: - type: string - process: - type: string - crt_base: - type: string - daemon: - type: string - enum: - - enabled - - disabled - external_check: - type: boolean - gid: - type: integer - group: - type: string - pattern: ^[^\s]+$ - h1_case_adjust: - type: array - items: - type: object - required: - - from - - to - properties: - from: - type: string - to: - type: string - h1_case_adjust_file: - type: string - hard_stop_after: - type: integer - nullable: true - localpeer: - type: string - pattern: ^[^\s]+$ - log_send_hostname: - type: object - required: - - enabled - properties: - enabled: - type: string - enum: - - enabled - - disabled - param: - type: string - pattern: ^[^\s]+$ - lua_loads: - type: array - items: - type: object - required: - - file - properties: - file: - type: string - pattern: ^[^\s]+$ - lua_prepend_path: - type: array - items: - type: object - required: - - path - properties: - path: - type: string - pattern: ^[^\s]+$ - type: - type: string - enum: - - path - - cpath - master-worker: - type: boolean - max_spread_checks: - type: integer - maxcompcpuusage: - type: integer - maxcomprate: - type: integer - maxconn: - type: integer - maxconnrate: - type: integer - maxpipes: - type: integer - maxsessrate: - type: integer - maxsslconn: - type: integer - maxsslrate: - type: integer - maxzlibmem: - type: integer - nbproc: - type: integer - nbthread: - type: integer - noepoll: - type: boolean - noevports: - type: boolean - nogetaddrinfo: - type: boolean - nokqueue: - type: boolean - nopoll: - type: boolean - noreuseport: - type: boolean - nosplice: - type: boolean - pidfile: - type: string - profiling_tasks: - type: string - enum: - - auto - - on - - off - runtime_apis: - type: array - items: - type: object - required: - - address - properties: - address: - type: string - pattern: '^[^\s]+$' - mode: - type: string - pattern: '^[^\s]+$' - level: - type: string - enum: [user, operator, admin] - process: - type: string - pattern: '^[^\s]+$' - exposeFdListeners: - type: boolean - server_state_base: - type: string - pattern: ^[^\s]+$ - server_state_file: - type: string - pattern: ^[^\s]+$ - spread_checks: - type: integer - ssl_default_bind_ciphers: - type: string - ssl_default_bind_ciphersuites: - type: string - ssl_default_bind_options: - type: string - ssl_default_server_ciphers: - type: string - ssl_default_server_ciphersuites: - type: string - ssl_default_server_options: - type: string - ssl_mode_async: - type: string - enum: - - enabled - - disabled - stats_timeout: - type: integer - nullable: true - tune_options: - type: object - properties: - buffers_limit: - type: integer - nullable: true - buffers_reserve: - type: integer - minimum: 2 - bufsize: - type: integer - comp_maxlevel: - type: integer - fail_alloc: - type: boolean - h2_header_table_size: - type: integer - maximum: 65535 - h2_initial_window_size: - type: integer - nullable: true - h2_max_concurrent_streams: - type: integer - h2_max_frame_size: - type: integer - http_cookielen: - type: integer - http_logurilen: - type: integer - http_maxhdr: - type: integer - maximum: 32767 - minimum: 1 - idle_pool_shared: - type: string - enum: - - enabled - - disabled - idletimer: - type: integer - maximum: 65535 - minimum: 0 - nullable: true - listener_multi_queue: - type: string - enum: - - enabled - - disabled - lua_forced_yield: - type: integer - lua_maxmem: - type: boolean - lua_service_timeout: - type: integer - nullable: true - lua_session_timeout: - type: integer - nullable: true - lua_task_timeout: - type: integer - nullable: true - maxaccept: - type: integer - maxpollevents: - type: integer - maxrewrite: - type: integer - pattern_cache_size: - type: integer - nullable: true - pipesize: - type: integer - pool_high_fd_ratio: - type: integer - pool_low_fd_ratio: - type: integer - rcvbuf_client: - type: integer - nullable: true - rcvbuf_server: - type: integer - nullable: true - recv_enough: - type: integer - runqueue_depth: - type: integer - sched_low_latency: - type: string - enum: - - enabled - - disabled - sndbuf_client: - type: integer - nullable: true - sndbuf_server: - type: integer - nullable: true - ssl_cachesize: - type: integer - nullable: true - ssl_capture_buffer_size: - type: integer - nullable: true - ssl_ctx_cache_size: - type: integer - ssl_default_dh_param: - type: integer - ssl_force_private_cache: - type: boolean - ssl_keylog: - type: string - enum: - - enabled - - disabled - ssl_lifetime: - type: integer - nullable: true - ssl_maxrecord: - type: integer - nullable: true - vars_global_max_size: - type: integer - nullable: true - vars_proc_max_size: - type: integer - nullable: true - vars_reqres_max_size: - type: integer - nullable: true - vars_sess_max_size: - type: integer - nullable: true - vars_txn_max_size: - type: integer - nullable: true - zlib_memlevel: - type: integer - maximum: 9 - minimum: 1 - zlib_windowsize: - type: integer - maximum: 15 - minimum: 8 - tune_ssl_default_dh_param: - type: integer - uid: - type: integer - user: - type: string - pattern: ^[^\s]+$ - log_targets: - type: array - items: - type: object - required: - - address - - facility - properties: - index: - type: integer - nullable: true - address: - type: string - pattern: ^[^\s]+$ - length: - type: integer - format: - type: string - enum: - - rfc3164 - - rfc5424 - - short - - raw - facility: - type: string - enum: - - kern - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - auth2 - - ftp - - ntp - - audit - - alert - - cron2 - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - level: - type: string - enum: - - emerg - - alert - - crit - - err - - warning - - notice - - info - - debug - minlevel: - type: string - enum: - - emerg - - alert - - crit - - err - - warning - - notice - - info - - debug - diff --git a/charts/haproxy/haproxy/templates/_helpers.tpl b/charts/haproxy/haproxy/templates/_helpers.tpl index 556b32e23..94079183a 100644 --- a/charts/haproxy/haproxy/templates/_helpers.tpl +++ b/charts/haproxy/haproxy/templates/_helpers.tpl @@ -152,4 +152,11 @@ Create a FQDN for the Service metrics. {{- printf "%s-%s" (include "kubernetes-ingress.fullname" . | trunc 56 | trimSuffix "-") "metrics" }} {{- end -}} +{{/* +Create a default fully qualified default CRD job name. +*/}} +{{- define "kubernetes-ingress.crdjob.fullname" -}} +{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "crdjob" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* vim: set filetype=mustache: */}} diff --git a/charts/haproxy/haproxy/templates/clusterrole.yaml b/charts/haproxy/haproxy/templates/clusterrole.yaml index 12de84d5b..e343832f9 100644 --- a/charts/haproxy/haproxy/templates/clusterrole.yaml +++ b/charts/haproxy/haproxy/templates/clusterrole.yaml @@ -95,7 +95,10 @@ rules: - get - list - watch + - create - update + - patch + - delete {{- if .Values.controller.kubernetesGateway.enabled }} - apiGroups: - "gateway.networking.k8s.io" @@ -117,4 +120,15 @@ rules: verbs: - update {{- end }} +{{- if .Values.controller.techdump.enabled }} +- apiGroups: + - "apps" + resources: + - replicasets + - deployments + - daemonsets + verbs: + - get + - list +{{- end }} {{- end -}} diff --git a/charts/haproxy/haproxy/templates/controller-crdjob.yaml b/charts/haproxy/haproxy/templates/controller-crdjob.yaml new file mode 100644 index 000000000..7165dc397 --- /dev/null +++ b/charts/haproxy/haproxy/templates/controller-crdjob.yaml @@ -0,0 +1,51 @@ +{{/* +Copyright 2023 HAProxy Technologies LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "kubernetes-ingress.crdjob.fullname" . }} + namespace: {{ include "kubernetes-ingress.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "kubernetes-ingress.name" . }} + helm.sh/chart: {{ include "kubernetes-ingress.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "kubernetes-ingress.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.controller.podLabels }} +{{ toYaml .Values.controller.podLabels | indent 8 }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + annotations: +{{ toYaml .Values.controller.podAnnotations | indent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kubernetes-ingress.serviceAccountName" . }} + containers: + - name: {{ include "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} + image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + command: + - /haproxy-ingress-controller + - --job-check-crd + restartPolicy: Never + backoffLimit: 0 diff --git a/charts/haproxy/haproxy/values.yaml b/charts/haproxy/haproxy/values.yaml index d474af085..5c95ccb70 100644 --- a/charts/haproxy/haproxy/values.yaml +++ b/charts/haproxy/haproxy/values.yaml @@ -533,3 +533,8 @@ controller: path: /metrics scheme: http interval: 30s + + ## Techdump + ## Toggle to add the RBAC permissions needed for the techdump tool. + techdump: + enabled: false diff --git a/charts/hashicorp/vault/CHANGELOG.md b/charts/hashicorp/vault/CHANGELOG.md index 87ffb2099..0e0cb0af8 100644 --- a/charts/hashicorp/vault/CHANGELOG.md +++ b/charts/hashicorp/vault/CHANGELOG.md @@ -1,5 +1,21 @@ ## Unreleased +## 0.27.0 (November 16, 2023) + +Changes: + +* Default `vault` version updated to 1.15.2 + +Features: + +* server: Support setting `persistentVolumeClaimRetentionPolicy` on the StatefulSet [GH-965](https://github.com/hashicorp/vault-helm/pull/965) +* server: Support setting labels on PVCs [GH-969](https://github.com/hashicorp/vault-helm/pull/969) +* server: Support setting ingress rules for networkPolicy [GH-877](https://github.com/hashicorp/vault-helm/pull/877) + +Improvements: + +* Support exec in the server liveness probe [GH-971](https://github.com/hashicorp/vault-helm/pull/971) + ## 0.26.1 (October 30, 2023) Bugs: diff --git a/charts/hashicorp/vault/Chart.yaml b/charts/hashicorp/vault/Chart.yaml index d34ec94e5..027270126 100644 --- a/charts/hashicorp/vault/Chart.yaml +++ b/charts/hashicorp/vault/Chart.yaml @@ -6,7 +6,7 @@ annotations: catalog.cattle.io/release-name: vault charts.openshift.io/name: HashiCorp Vault apiVersion: v2 -appVersion: 1.15.1 +appVersion: 1.15.2 description: Official HashiCorp Vault Chart home: https://www.vaultproject.io icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png @@ -25,4 +25,4 @@ sources: - https://github.com/hashicorp/vault-helm - https://github.com/hashicorp/vault-k8s - https://github.com/hashicorp/vault-csi-provider -version: 0.26.1 +version: 0.27.0 diff --git a/charts/hashicorp/vault/templates/_helpers.tpl b/charts/hashicorp/vault/templates/_helpers.tpl index 965c7f64d..8f77f9220 100644 --- a/charts/hashicorp/vault/templates/_helpers.tpl +++ b/charts/hashicorp/vault/templates/_helpers.tpl @@ -289,6 +289,7 @@ storage might be desired by the user. - metadata: name: data {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} + {{- include "vault.dataVolumeClaim.labels" . | nindent 6 }} spec: accessModes: - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} @@ -303,6 +304,7 @@ storage might be desired by the user. - metadata: name: audit {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} + {{- include "vault.auditVolumeClaim.labels" . | nindent 6 }} spec: accessModes: - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} @@ -782,6 +784,21 @@ Sets VolumeClaim annotations for data volume {{- end }} {{- end -}} +{{/* +Sets VolumeClaim labels for data volume +*/}} +{{- define "vault.dataVolumeClaim.labels" -}} + {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.labels) }} + labels: + {{- $tp := typeOf .Values.server.dataStorage.labels }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.dataStorage.labels . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.dataStorage.labels | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Sets VolumeClaim annotations for audit volume */}} @@ -797,6 +814,21 @@ Sets VolumeClaim annotations for audit volume {{- end }} {{- end -}} +{{/* +Sets VolumeClaim labels for audit volume +*/}} +{{- define "vault.auditVolumeClaim.labels" -}} + {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.labels) }} + labels: + {{- $tp := typeOf .Values.server.auditStorage.labels }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.auditStorage.labels . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.auditStorage.labels | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Set's the container resources if the user has set any. */}} diff --git a/charts/hashicorp/vault/templates/server-network-policy.yaml b/charts/hashicorp/vault/templates/server-network-policy.yaml index 62d4ae1ac..43dcdb16f 100644 --- a/charts/hashicorp/vault/templates/server-network-policy.yaml +++ b/charts/hashicorp/vault/templates/server-network-policy.yaml @@ -16,14 +16,7 @@ spec: matchLabels: app.kubernetes.io/name: {{ template "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP + ingress: {{- toYaml .Values.server.networkPolicy.ingress | nindent 4 }} {{- if .Values.server.networkPolicy.egress }} egress: {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} diff --git a/charts/hashicorp/vault/templates/server-statefulset.yaml b/charts/hashicorp/vault/templates/server-statefulset.yaml index f330927d6..0d8e604d0 100644 --- a/charts/hashicorp/vault/templates/server-statefulset.yaml +++ b/charts/hashicorp/vault/templates/server-statefulset.yaml @@ -24,6 +24,9 @@ spec: replicas: {{ template "vault.replicas" . }} updateStrategy: type: {{ .Values.server.updateStrategyType }} + {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.server.persistentVolumeClaimRetentionPolicy) }} + persistentVolumeClaimRetentionPolicy: {{ toYaml .Values.server.persistentVolumeClaimRetentionPolicy | nindent 4 }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ template "vault.name" . }} @@ -179,10 +182,18 @@ spec: {{- end }} {{- if .Values.server.livenessProbe.enabled }} livenessProbe: + {{- if .Values.server.livenessProbe.execCommand }} + exec: + command: + {{- range (.Values.server.livenessProbe.execCommand) }} + - {{ . | quote }} + {{- end }} + {{- else }} httpGet: path: {{ .Values.server.livenessProbe.path | quote }} port: {{ .Values.server.livenessProbe.port }} scheme: {{ include "vault.scheme" . | upper }} + {{- end }} failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} diff --git a/charts/hashicorp/vault/values.openshift.yaml b/charts/hashicorp/vault/values.openshift.yaml index 2dbe4df17..bafc5e699 100644 --- a/charts/hashicorp/vault/values.openshift.yaml +++ b/charts/hashicorp/vault/values.openshift.yaml @@ -13,12 +13,12 @@ injector: agentImage: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.15.1-ubi" + tag: "1.15.2-ubi" server: image: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.15.1-ubi" + tag: "1.15.2-ubi" readinessProbe: path: "/v1/sys/health?uninitcode=204" diff --git a/charts/hashicorp/vault/values.schema.json b/charts/hashicorp/vault/values.schema.json index 6a8b350ce..976065733 100644 --- a/charts/hashicorp/vault/values.schema.json +++ b/charts/hashicorp/vault/values.schema.json @@ -559,6 +559,12 @@ "string" ] }, + "labels": { + "type": [ + "object", + "string" + ] + }, "enabled": { "type": [ "boolean", @@ -599,6 +605,12 @@ "string" ] }, + "labels": { + "type": [ + "object", + "string" + ] + }, "enabled": { "type": [ "boolean", @@ -619,6 +631,17 @@ } } }, + "persistentVolumeClaimRetentionPolicy": { + "type": "object", + "properties": { + "whenDeleted": { + "type": "string" + }, + "whenScaled": { + "type": "string" + } + } + }, "dev": { "type": "object", "properties": { @@ -818,6 +841,12 @@ "path": { "type": "string" }, + "port": { + "type": "integer" + }, + "execCommand": { + "type": "array" + }, "periodSeconds": { "type": "integer" }, @@ -843,6 +872,9 @@ }, "enabled": { "type": "boolean" + }, + "ingress": { + "type": "array" } } }, diff --git a/charts/hashicorp/vault/values.yaml b/charts/hashicorp/vault/values.yaml index 781b930af..17f5ca572 100644 --- a/charts/hashicorp/vault/values.yaml +++ b/charts/hashicorp/vault/values.yaml @@ -76,7 +76,7 @@ injector: # required. agentImage: repository: "hashicorp/vault" - tag: "1.15.1" + tag: "1.15.2" # The default values for the injected Vault Agent containers. agentDefaults: @@ -377,7 +377,7 @@ server: image: repository: "hashicorp/vault" - tag: "1.15.1" + tag: "1.15.2" # Overrides the default Image Pull Policy pullPolicy: IfNotPresent @@ -531,8 +531,14 @@ server: # Used to enable a livenessProbe for the pods livenessProbe: enabled: false + # Used to define a liveness exec command. If provided, exec is preferred to httpGet (path) as the livenessProbe handler. + execCommand: [] + # - /bin/sh + # - -c + # - /vault/userconfig/mylivenessscript/run.sh + # Path for the livenessProbe to use httpGet as the livenessProbe handler path: "/v1/sys/health?standbyok=true" - # Port number on which livenessProbe will be checked. + # Port number on which livenessProbe will be checked if httpGet is used as the livenessProbe handler port: 8200 # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 2 @@ -641,6 +647,14 @@ server: # ports: # - protocol: TCP # port: 443 + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8200 + protocol: TCP + - port: 8201 + protocol: TCP # Priority class for server pods priorityClassName: "" @@ -755,6 +769,16 @@ server: accessMode: ReadWriteOnce # Annotations to apply to the PVC annotations: {} + # Labels to apply to the PVC + labels: {} + + # Persistent Volume Claim (PVC) retention policy + # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + # Example: + # persistentVolumeClaimRetentionPolicy: + # whenDeleted: Retain + # whenScaled: Retain + persistentVolumeClaimRetentionPolicy: {} # This configures the Vault Statefulset to create a PVC for audit # logs. Once Vault is deployed, initialized, and unsealed, Vault must @@ -774,6 +798,8 @@ server: accessMode: ReadWriteOnce # Annotations to apply to the PVC annotations: {} + # Labels to apply to the PVC + labels: {} # Run Vault in "dev" mode. This requires no further setup, no state management, # and no initialization. This is useful for experimenting with Vault without @@ -1139,7 +1165,7 @@ csi: image: repository: "hashicorp/vault" - tag: "1.15.1" + tag: "1.15.2" pullPolicy: IfNotPresent logFormat: standard diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index 79fcfdf93..b62add3e7 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,11 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 4.8.3 + +Update Jenkins image and appVersion to jenkins lts release version 2.426.1 + + ## 4.8.2 Add the ability to modify `retentionTimeout` and `waitForPodSec` default value in JCasC diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index 7692fc4c2..8a62e8fe0 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -2,7 +2,7 @@ annotations: artifacthub.io/category: integration-delivery artifacthub.io/images: | - name: jenkins - image: jenkins/jenkins:2.414.3-jdk11 + image: jenkins/jenkins:2.426.1-jdk11 - name: k8s-sidecar image: kiwigrid/k8s-sidecar:1.24.4 - name: inbound-agent @@ -22,7 +22,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.14-0' catalog.cattle.io/release-name: jenkins apiVersion: v2 -appVersion: 2.414.3 +appVersion: 2.426.1 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides over 1800 plugins to support building, deploying and automating any project. @@ -49,4 +49,4 @@ sources: - https://github.com/jenkinsci/docker-inbound-agent - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin -version: 4.8.2 +version: 4.8.3 diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml index 5d9a538b3..bde5056ae 100644 --- a/charts/jenkins/jenkins/values.yaml +++ b/charts/jenkins/jenkins/values.yaml @@ -22,7 +22,7 @@ controller: # Used for label app.kubernetes.io/component componentName: "jenkins-controller" image: "jenkins/jenkins" - # tag: "2.414.3-jdk11" + # tag: "2.426.1-jdk11" tagLabel: jdk11 imagePullPolicy: "Always" imagePullSecretName: diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 47ff4b7db..37b8a0a82 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## Unreleased + +Nothing yet. + +## 2.32.0 + +### Improvements + +* Add new `deployment.hostname` value to make identifying instances in + controlplane/dataplane configurations easier. + [#943](https://github.com/Kong/charts/pull/943) + ## 2.31.0 ### Improvements diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 41842d221..a246edc9b 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -18,4 +18,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.31.0 +version: 2.32.0 diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md index 5840c0a96..11bc89d7c 100644 --- a/charts/kong/kong/README.md +++ b/charts/kong/kong/README.md @@ -451,6 +451,11 @@ documentation on Service DNS](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) for more detail. +If you use multiple Helm releases to manage different data plane configurations +attached to the same control plane, setting the `deployment.hostname` field +will help you keep track of which is which in the `/clustering/data-plane` +endpoint. + ### Cert Manager Integration By default, Kong will create self-signed certificates on start for its TLS @@ -508,9 +513,9 @@ event you need to recover from unintended CRD deletion. ### InitContainers -The chart is able to deploy initcontainers along with Kong. This can be very +The chart is able to deploy initContainers along with Kong. This can be very useful when there's a requirement for custom initialization. The -`deployment.initcontainers` field in values.yaml takes an array of objects that +`deployment.initContainers` field in values.yaml takes an array of objects that get appended as-is to the existing `spec.template.initContainers` array in the kong deployment resource. @@ -853,6 +858,7 @@ On the Gateway release side, set either `admin.tls.client.secretName` to the nam | deployment.minReadySeconds | Minimum number of seconds for which newly created pods should be ready without any of its container crashing, for it to be considered available. | | | deployment.initContainers | Create initContainers. Please go to Kubernetes doc for the spec of the initContainers | | | deployment.daemonset | Use a DaemonSet instead of a Deployment | `false` | +| deployment.hostname | Set the Deployment's `.spec.template.hostname`. Kong reports this as its hostname. | | | deployment.hostNetwork | Enable hostNetwork, which binds to the ports to the host | `false` | | deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | | | deployment.userDefinedVolumeMounts | Create volumeMounts. Please go to Kubernetes doc for the spec of the volumeMounts | | diff --git a/charts/kong/kong/templates/deployment.yaml b/charts/kong/kong/templates/deployment.yaml index 0aa46ceea..28f9b0680 100644 --- a/charts/kong/kong/templates/deployment.yaml +++ b/charts/kong/kong/templates/deployment.yaml @@ -63,6 +63,9 @@ spec: {{ include "kong.renderTpl" (dict "value" .Values.podLabels "context" $) | nindent 8 }} {{- end }} spec: + {{- if .Values.deployment.hostname }} + hostname: {{ .Values.deployment.hostname }} + {{- end }} {{- if .Values.deployment.hostNetwork }} hostNetwork: true {{- end }} diff --git a/charts/kong/kong/values.yaml b/charts/kong/kong/values.yaml index 20bf519d0..a3a73015b 100644 --- a/charts/kong/kong/values.yaml +++ b/charts/kong/kong/values.yaml @@ -60,6 +60,11 @@ deployment: # Use a DaemonSet controller instead of a Deployment controller daemonset: false hostNetwork: false + # Set the Deployment's spec.template.hostname field. + # This propagates to Kong API endpoints that report + # the hostname, such as the admin API root and hybrid mode + # /clustering/data-planes endpoint + hostname: "" # kong_prefix empty dir size prefixDir: sizeLimit: 256Mi @@ -976,7 +981,7 @@ serviceMonitor: # If you wish to gather metrics from a Kong instance with the proxy disabled (such as a hybrid control plane), see: # https://github.com/Kong/charts/blob/main/charts/kong/README.md#prometheus-operator-integration enabled: false - # interval: 10s + # interval: 30s # Specifies namespace, where ServiceMonitor should be installed # namespace: monitoring # labels: diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml index 8fcdffb9f..5eb7688ce 100644 --- a/charts/kubecost/cost-analyzer/Chart.yaml +++ b/charts/kubecost/cost-analyzer/Chart.yaml @@ -7,7 +7,7 @@ annotations: catalog.cattle.io/featured: "1" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 -appVersion: 1.107.0 +appVersion: 1.107.1 dependencies: - condition: global.grafana.enabled name: grafana @@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni cloud costs. icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer -version: 1.107.0 +version: 1.107.1 diff --git a/charts/kubecost/cost-analyzer/README.md b/charts/kubecost/cost-analyzer/README.md index 3121c8eab..feedbbf3e 100644 --- a/charts/kubecost/cost-analyzer/README.md +++ b/charts/kubecost/cost-analyzer/README.md @@ -99,3 +99,57 @@ Adjusting the log format changes the format in which the logs are output making |--------|----------------------------------------------------------------------------------------------------------------------------| | `JSON` | `{"level":"info","time":"2006-01-02T15:04:05.999999999Z07:00","message":"Starting cost-model (git commit \"1.91.0-rc.0\")"}` | | `pretty` | `2006-01-02T15:04:05.999999999Z07:00 INF Starting cost-model (git commit "1.91.0-rc.0")` | + +## Testing +To perform local testing do next: +- install locally [kind](https://github.com/kubernetes-sigs/kind) according to documentation. +- install locally [ct](https://github.com/helm/chart-testing) according to documentation. +- create local cluster using `kind` \ +use image version from https://github.com/kubernetes-sigs/kind/releases e.g. `kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8` +```shell +kind create cluster --image kindest/node:v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 +``` +- perform ct execution +```shell +ct install --chart-dirs="." --charts="." +``` + +- perform ct StatefulSet execution + +```shell +# create multiple nodes kind config +cat > kind-config.yaml < etlBucketConfigSecret.yaml <- - svc=$(kubectl -n {{ .Release.Namespace }} get svc -l app.kubernetes.io/name=cost-analyzer -o json | jq -r .items[0].metadata.name); + svc="{{ .Release.Name }}-cost-analyzer"; echo Getting current Kubecost state.; response=$(curl -sL http://${svc}:9090/model/getConfigs); code=$(echo ${response} | jq .code); diff --git a/charts/kubecost/cost-analyzer/values.yaml b/charts/kubecost/cost-analyzer/values.yaml index f7e6d35f6..cb2d57d82 100644 --- a/charts/kubecost/cost-analyzer/values.yaml +++ b/charts/kubecost/cost-analyzer/values.yaml @@ -783,7 +783,7 @@ networkCosts: enabled: false podSecurityPolicy: enabled: false - image: gcr.io/kubecost1/kubecost-network-costs:v0.17.0 + image: gcr.io/kubecost1/kubecost-network-costs:v0.17.1 imagePullPolicy: Always updateStrategy: type: RollingUpdate @@ -896,9 +896,7 @@ networkCosts: enabled: false additionalLabels: {} # match the default extraScrapeConfig - additionalLabels: - app.kubernetes.io/instance: kubecost - app.kubernetes.io/name: network-costs + additionalLabels: {} nodeSelector: {} annotations: {} healthCheckProbes: {} @@ -921,6 +919,9 @@ networkCosts: ## Used for HA mode in Business & Enterprise tier ## kubecostDeployment: + # Instead of a kubecost-analyzer Deployment, you can set it to be a StatefulSet as for volumeClaimTemplates usage and real stateful behaviour + statefulSet: + enabled: false replicas: 1 leaderFollower: enabled: false diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml index 3e4d3fd9b..b9c4cef34 100644 --- a/charts/kuma/kuma/Chart.yaml +++ b/charts/kuma/kuma/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/namespace: kuma-system catalog.cattle.io/release-name: kuma apiVersion: v2 -appVersion: 2.4.4 +appVersion: 2.5.0 description: A Helm chart for the Kuma Control Plane home: https://github.com/kumahq/kuma icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg @@ -20,4 +20,4 @@ maintainers: name: nickolaev name: kuma type: application -version: 2.4.4 +version: 2.5.0 diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md index 62f75b6fe..6f3b28233 100644 --- a/charts/kuma/kuma/README.md +++ b/charts/kuma/kuma/README.md @@ -2,7 +2,7 @@ A Helm chart for the Kuma Control Plane -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.4.4](https://img.shields.io/badge/Version-2.4.4-informational?style=flat-square) ![AppVersion: 2.4.4](https://img.shields.io/badge/AppVersion-2.4.4-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) **Homepage:** @@ -17,6 +17,7 @@ A Helm chart for the Kuma Control Plane | installCrdsOnUpgrade.enabled | bool | `true` | Whether install new CRDs before upgrade (if any were introduced with the new version of Kuma) | | installCrdsOnUpgrade.imagePullSecrets | list | `[]` | The `imagePullSecrets` to attach to the Service Account running CRD installation. This field will be deprecated in a future release, please use .global.imagePullSecrets | | noHelmHooks | bool | `false` | Whether to disable all helm hooks | +| restartOnSecretChange | bool | `true` | Whether to restart control-plane by calculating a new checksum for the secret | | controlPlane.environment | string | `"kubernetes"` | Environment that control plane is run in, useful when running universal global control plane on k8s | | controlPlane.extraLabels | object | `{}` | Labels to add to resources in addition to default labels | | controlPlane.logLevel | string | `"info"` | Kuma CP log level: one of off,info,debug | @@ -25,7 +26,9 @@ A Helm chart for the Kuma Control Plane | controlPlane.zone | string | `nil` | Kuma CP zone, if running multizone | | controlPlane.kdsGlobalAddress | string | `""` | Only used in `zone` mode | | controlPlane.replicas | int | `1` | Number of replicas of the Kuma CP. Ignored when autoscaling is enabled | -| controlPlane.podAnnotations | object | `{}` | Control Plane Pod Annotations | +| controlPlane.minReadySeconds | int | `0` | Minimum number of seconds for which a newly created pod should be ready for it to be considered available. | +| controlPlane.deploymentAnnotations | object | `{}` | Annotations applied only to the `Deployment` resource | +| controlPlane.podAnnotations | object | `{}` | Annotations applied only to the `Pod` resource | | controlPlane.autoscaling.enabled | bool | `false` | Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster | | controlPlane.autoscaling.minReplicas | int | `2` | The minimum CP pods to allow | | controlPlane.autoscaling.maxReplicas | int | `5` | The max CP pods to scale to | @@ -50,9 +53,11 @@ A Helm chart for the Kuma Control Plane | controlPlane.ingress.annotations | object | `{}` | Map of ingress annotations. | | controlPlane.ingress.path | string | `"/"` | Ingress path. | | controlPlane.ingress.pathType | string | `"ImplementationSpecific"` | Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) | +| controlPlane.ingress.servicePort | int | `5681` | Port from kuma-cp to use to expose API and GUI. Switch to 5682 to expose TLS port | | controlPlane.globalZoneSyncService.enabled | bool | `true` | Whether to create a k8s service for the global zone sync service. It will only be created when enabled and deploying the global control plane. | | controlPlane.globalZoneSyncService.type | string | `"LoadBalancer"` | Service type of the Global-zone sync | | controlPlane.globalZoneSyncService.loadBalancerIP | string | `nil` | Optionally specify IP to be used by cloud provider when configuring load balancer | +| controlPlane.globalZoneSyncService.loadBalancerSourceRanges | list | `[]` | Optionally specify allowed source ranges that can access the load balancer | | controlPlane.globalZoneSyncService.annotations | object | `{}` | Additional annotations to put on the Global Zone Sync Service | | controlPlane.globalZoneSyncService.nodePort | int | `30685` | Port on which Global Zone Sync Service is exposed on Node for service of type NodePort | | controlPlane.globalZoneSyncService.port | int | `5685` | Port on which Global Zone Sync Service is exposed | @@ -75,6 +80,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.tls.kdsZoneClient.create | bool | `false` | Whether to create the TLS secret in helm. | | controlPlane.tls.kdsZoneClient.cert | string | `""` | CA bundle that was used to sign the certificate of KDS Global Server. | | controlPlane.tls.kdsZoneClient.skipVerify | bool | `false` | If true, TLS cert of the server is not verified. | +| controlPlane.serviceAccountAnnotations | object | `{}` | Annotations to add for Control Plane's Service Account | | controlPlane.image.pullPolicy | string | `"IfNotPresent"` | Kuma CP ImagePullPolicy | | controlPlane.image.repository | string | `"kuma-cp"` | Kuma CP image repository | | controlPlane.image.tag | string | `nil` | Kuma CP Image tag. When not specified, the value is copied from global.tag | @@ -120,6 +126,7 @@ A Helm chart for the Kuma Control Plane | ingress.extraLabels | object | `{}` | Labels to add to resources, in addition to default labels | | ingress.drainTime | string | `"30s"` | Time for which old listener will still be active as draining | | ingress.replicas | int | `1` | Number of replicas of the Ingress. Ignored when autoscaling is enabled. | +| ingress.logLevel | string | `"info"` | Log level for ingress (available values: off|info|debug) | | ingress.resources | object | `{"limits":{"cpu":"1000m","memory":"512Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | Define the resources to allocate to mesh ingress | | ingress.lifecycle | object | `{}` | Pod lifecycle settings (useful for adding a preStop hook, when using AWS ALB or NLB) | | ingress.terminationGracePeriodSeconds | int | `40` | Number of seconds to wait before force killing the pod. Make sure to update this if you add a preStop hook. | @@ -144,10 +151,13 @@ A Helm chart for the Kuma Control Plane | ingress.topologySpreadConstraints | string | `nil` | Topology spread constraints rule for the Kuma Mesh Ingress pods. This is rendered as a template, so you can use variables to generate match labels. | | ingress.podSecurityContext | object | `{"runAsGroup":5678,"runAsNonRoot":true,"runAsUser":5678}` | Security context at the pod level for ingress | | ingress.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | Security context at the container level for ingress | +| ingress.serviceAccountAnnotations | object | `{}` | Annotations to add for Control Plane's Service Account | +| ingress.automountServiceAccountToken | bool | `true` | Whether to automountServiceAccountToken for cp. Optionally set to false | | egress.enabled | bool | `false` | If true, it deploys Egress for cross cluster communication | | egress.extraLabels | object | `{}` | Labels to add to resources, in addition to the default labels. | | egress.drainTime | string | `"30s"` | Time for which old listener will still be active as draining | | egress.replicas | int | `1` | Number of replicas of the Egress. Ignored when autoscaling is enabled. | +| egress.logLevel | string | `"info"` | Log level for egress (available values: off|info|debug) | | egress.autoscaling.enabled | bool | `false` | Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster | | egress.autoscaling.minReplicas | int | `2` | The minimum CP pods to allow | | egress.autoscaling.maxReplicas | int | `5` | The max CP pods to scale to | @@ -173,11 +183,13 @@ A Helm chart for the Kuma Control Plane | egress.topologySpreadConstraints | string | `nil` | Topology spread constraints rule for the Kuma Egress pods. This is rendered as a template, so you can use variables to generate match labels. | | egress.podSecurityContext | object | `{"runAsGroup":5678,"runAsNonRoot":true,"runAsUser":5678}` | Security context at the pod level for egress | | egress.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | Security context at the container level for egress | +| egress.serviceAccountAnnotations | object | `{}` | Annotations to add for Control Plane's Service Account | +| egress.automountServiceAccountToken | bool | `true` | Whether to automountServiceAccountToken for cp. Optionally set to false | | kumactl.image.repository | string | `"kumactl"` | The kumactl image repository | | kumactl.image.tag | string | `nil` | The kumactl image tag. When not specified, the value is copied from global.tag | -| kubectl.image.registry | string | `"kumahq"` | The kubectl image registry | -| kubectl.image.repository | string | `"kubectl"` | The kubectl image repository | -| kubectl.image.tag | string | `"v1.20.15"` | The kubectl image tag | +| kubectl.image.registry | string | `"docker.io"` | The kubectl image registry | +| kubectl.image.repository | string | `"bitnami/kubectl"` | The kubectl image repository | +| kubectl.image.tag | string | `"1.27.5"` | The kubectl image tag | | hooks.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for the HELM hooks | | hooks.tolerations | list | `[]` | Tolerations for the HELM hooks | | hooks.podSecurityContext | object | `{"runAsNonRoot":true}` | Security context at the pod level for crd/webhook/ns | @@ -192,12 +204,7 @@ A Helm chart for the Kuma Control Plane | experimental.ebpf.cgroupPath | string | `"/sys/fs/cgroup"` | Host's cgroup2 path | | experimental.ebpf.tcAttachIface | string | `""` | Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty | | experimental.ebpf.programsSourcePath | string | `"/kuma/ebpf"` | Path where compiled eBPF programs which will be installed can be found | -| experimental.deltaKds | bool | `false` | If true, it uses new API for resource synchronization | -| legacy.transparentProxy | bool | `false` | If true, use the legacy transparent proxy engine | -| legacy.cni.enabled | bool | `false` | If true, it installs legacy version of the CNI | -| legacy.cni.image.registry | string | `"docker.io/kumahq"` | CNI v1 image registry | -| legacy.cni.image.repository | string | `"install-cni"` | CNI v1 image repository | -| legacy.cni.image.tag | string | `"0.0.10"` | CNI v1 image tag | +| experimental.deltaKds | bool | `true` | If false, it uses legacy API for resource synchronization | | postgres.port | string | `"5432"` | Postgres port, password should be provided as a secret reference in "controlPlane.secrets" with the Env value "KUMA_STORE_POSTGRES_PASSWORD". Example: controlPlane: secrets: - Secret: postgres-postgresql Key: postgresql-password Env: KUMA_STORE_POSTGRES_PASSWORD | | postgres.tls.mode | string | `"disable"` | Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull" | | postgres.tls.disableSSLSNI | bool | `false` | Whether to disable SNI the postgres `sslsni` option. | diff --git a/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml b/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml index 0edd941bc..83d193e81 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -374,11 +374,112 @@ spec: description: LocalityAwareness contains configuration for locality aware load balancing. properties: + crossZone: + description: CrossZone defines locality aware load balancing + priorities when dataplane proxies inside local zone + are unavailable + properties: + failover: + description: Failover defines list of load balancing + rules in order of priority + items: + properties: + from: + description: From defines the list of zones + to which the rule applies + properties: + zones: + items: + type: string + type: array + required: + - zones + type: object + to: + description: To defines to which zones the + traffic should be load balanced + properties: + type: + description: Type defines how target zones + will be picked from available zones + enum: + - None + - Only + - Any + - AnyExcept + type: string + zones: + items: + type: string + type: array + required: + - type + type: object + required: + - to + type: object + type: array + failoverThreshold: + description: 'FailoverThreshold defines the percentage + of live destination dataplane proxies below which + load balancing to the next priority starts. Example: + If you configure failoverThreshold to 70, and + you have deployed 10 destination dataplane proxies. + Load balancing to next priority will start when + number of live destination dataplane proxies drops + below 7. Default 50' + properties: + percentage: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - percentage + type: object + type: object disabled: description: Disabled allows to disable locality-aware load balancing. When disabled requests are distributed across all endpoints regardless of locality. type: boolean + localZone: + description: LocalZone defines locality aware load balancing + priorities between dataplane proxies inside a zone + properties: + affinityTags: + description: AffinityTags list of tags for local + zone load balancing. + items: + properties: + key: + description: Key defines tag for which affinity + is configured + type: string + weight: + description: 'Weight of the tag used for load + balancing. The bigger the weight the bigger + the priority. Percentage of local traffic + load balanced to tag is computed by dividing + weight by sum of weights from all tags. + For example with two affinity tags first + with weight 80 and second with weight 20, + then 80% of traffic will be redirected to + the first tag, and 20% of traffic will be + redirected to second one. Setting weights + is not mandatory. When weights are not set + control plane will compute default weight + based on list order. Default: If you do + not specify weight we will adjust them so + that 90% traffic goes to first tag, 9% to + next, and 1% to third and so on.' + format: int32 + type: integer + required: + - key + type: object + type: array + type: object type: object type: object targetRef: diff --git a/charts/kuma/kuma/templates/NOTES.txt b/charts/kuma/kuma/templates/NOTES.txt index a0ef32c38..63c58d5d0 100644 --- a/charts/kuma/kuma/templates/NOTES.txt +++ b/charts/kuma/kuma/templates/NOTES.txt @@ -1,4 +1,6 @@ -The Kuma Control Plane has been installed! +{{ .Chart.Name }} has been installed! + +Your release is named '{{ .Release.Name }}'. You can access the control-plane via either the GUI, kubectl, the HTTP API, or the kumactl CLI. {{- if .Values.noHelmHooks }} diff --git a/charts/kuma/kuma/templates/_helpers.tpl b/charts/kuma/kuma/templates/_helpers.tpl index 9b40b01dd..b209a99bd 100644 --- a/charts/kuma/kuma/templates/_helpers.tpl +++ b/charts/kuma/kuma/templates/_helpers.tpl @@ -111,6 +111,15 @@ app: {{ include "kuma.name" . }}-control-plane {{ include "kuma.labels" . }} {{- end }} +{{/* +control plane deployment annotations +*/}} +{{- define "kuma.cpDeploymentAnnotations" -}} +{{- range $key, $value := $.Values.controlPlane.deploymentAnnotations }} +{{ $key | quote }}: {{ $value | quote }} +{{- end }} +{{- end }} + {{/* ingress labels */}} @@ -176,42 +185,6 @@ returns: formatted image string {{- end -}} {{- define "kuma.defaultEnv" -}} -{{ if (and (eq .Values.controlPlane.environment "universal") (not (eq .Values.controlPlane.mode "global"))) }} - {{ fail "Currently you can only run universal mode on kubernetes in a global mode, this limitation might be lifted in the future" }} -{{ end }} -{{ if not (or (eq .Values.controlPlane.mode "zone") (eq .Values.controlPlane.mode "global") (eq .Values.controlPlane.mode "standalone")) }} - {{ $msg := printf "controlPlane.mode invalid got:'%s' supported values: global,zone,standalone" .Values.controlPlane.mode }} - {{ fail $msg }} -{{ end }} -{{ if eq .Values.controlPlane.mode "zone" }} - {{ if empty .Values.controlPlane.zone }} - {{ fail "Can't have controlPlane.zone to be empty when controlPlane.mode=='zone'" }} - {{ else }} - {{ if gt (len .Values.controlPlane.zone) 253 }} - {{ fail "controlPlane.zone must be no more than 253 characters" }} - {{ else }} - {{ if not (regexMatch "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" .Values.controlPlane.zone) }} - {{ fail "controlPlane.zone must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" }} - {{ end }} - {{ end }} - {{ end }} - {{ if empty .Values.controlPlane.kdsGlobalAddress }} - {{ fail "controlPlane.kdsGlobalAddress can't be empty when controlPlane.mode=='zone', needs to be the global control-plane address" }} - {{ else }} - {{ $url := urlParse .Values.controlPlane.kdsGlobalAddress }} - {{ if not (or (eq $url.scheme "grpcs") (eq $url.scheme "grpc")) }} - {{ $msg := printf "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// or grpc:// got:'%s'" .Values.controlPlane.kdsGlobalAddress }} - {{ fail $msg }} - {{ end }} - {{ end }} -{{ else }} - {{ if not (empty .Values.controlPlane.zone) }} - {{ fail "Can't specify a controlPlane.zone when controlPlane.mode!='zone'" }} - {{ end }} - {{ if not (empty .Values.controlPlane.kdsGlobalAddress) }} - {{ fail "Can't specify a controlPlane.kdsGlobalAddress when controlPlane.mode!='zone'" }} - {{ end }} -{{ end }} env: {{ include "kuma.parentEnv" . }} - name: KUMA_ENVIRONMENT @@ -282,16 +255,12 @@ env: - name: KUMA_EXPERIMENTAL_GATEWAY_API value: "true" {{- end }} -{{- if and .Values.cni.enabled (not .Values.legacy.cni.enabled) }} +{{- if .Values.cni.enabled }} - name: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED value: "true" - name: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP value: "{{ include "kuma.name" . }}-cni" {{- end }} -{{- if .Values.legacy.transparentProxy }} -- name: KUMA_RUNTIME_KUBERNETES_INJECTOR_TRANSPARENT_PROXY_V1 - value: "true" -{{- end }} {{- if .Values.experimental.ebpf.enabled }} - name: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_ENABLED value: "true" @@ -306,9 +275,9 @@ env: - name: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH value: {{ .Values.experimental.ebpf.programsSourcePath }} {{- end }} -{{- if .Values.experimental.deltaKds }} +{{- if not .Values.experimental.deltaKds }} - name: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED - value: "true" + value: "false" {{- end }} {{- if .Values.controlPlane.tls.kdsZoneClient.skipVerify }} - name: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY @@ -321,6 +290,15 @@ env: {{- end }} {{- define "kuma.universal.defaultEnv" -}} +{{ if eq .Values.controlPlane.mode "zone" }} + {{ if .Values.ingress.enabled }} + {{ fail "Can't have ingress.enabled when running controlPlane.mode=='universal'" }} + {{ end }} + {{ if .Values.egress.enabled }} + {{ fail "Can't have egress.enabled when running controlPlane.mode=='universal'" }} + {{ end }} +{{ end }} + env: - name: KUMA_GENERAL_WORK_DIR value: "/tmp/kuma" @@ -332,8 +310,34 @@ env: value: "{{ .Values.postgres.port }}" - name: KUMA_DEFAULTS_SKIP_MESH_CREATION value: {{ .Values.controlPlane.defaults.skipMeshCreation | quote }} +{{ if and (eq .Values.controlPlane.mode "zone") .Values.controlPlane.tls.general.secretName }} +- name: KUMA_GENERAL_TLS_CERT_FILE + value: /var/run/secrets/kuma.io/tls-cert/tls.crt +- name: KUMA_GENERAL_TLS_KEY_FILE + value: /var/run/secrets/kuma.io/tls-cert/tls.key +{{ end }} - name: KUMA_MODE - value: "global" + value: {{ .Values.controlPlane.mode | quote }} +{{- if eq .Values.controlPlane.mode "zone" }} +- name: KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS + value: {{ .Values.controlPlane.kdsGlobalAddress }} +{{- end }} +{{- if .Values.controlPlane.zone }} +- name: KUMA_MULTIZONE_ZONE_NAME + value: {{ .Values.controlPlane.zone | quote }} +{{- end }} +{{- if and (eq .Values.controlPlane.mode "zone") (or .Values.controlPlane.tls.kdsZoneClient.secretName .Values.controlPlane.tls.kdsZoneClient.create) }} +- name: KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE + value: /var/run/secrets/kuma.io/kds-client-tls-cert/ca.crt +{{- end }} +{{- if not .Values.experimental.deltaKds }} +- name: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED + value: "false" +{{- end }} +{{- if .Values.controlPlane.tls.kdsZoneClient.skipVerify }} +- name: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY + value: "true" +{{- end }} {{- if .Values.controlPlane.tls.apiServer.secretName }} - name: KUMA_API_SERVER_HTTPS_TLS_CERT_FILE value: /var/run/secrets/kuma.io/api-server-tls-cert/tls.crt @@ -372,17 +376,3 @@ env: {{- end }} {{- end }} {{- end }} - -{{/* -params: { image: { registry?, repository, tag? }, root: $ } -returns: formatted image string -*/}} -{{- define "kubectl.formatImage" -}} -{{- $img := .image }} -{{- $tag := .tag }} -{{- $root := .root }} -{{- $registry := ($img.registry | default $root.Values.kubectl.image.registry) -}} -{{- $repo := ($img.repository | default $root.Values.kubectl.image.repository) -}} -{{- $imageTag := ($tag | default $root.Values.kubectl.image.tag) -}} -{{- printf "%s/%s:%s" $registry $repo $imageTag -}} -{{- end -}} diff --git a/charts/kuma/kuma/templates/cni-configmap.yaml b/charts/kuma/kuma/templates/cni-configmap.yaml index 26364b30a..8d27de9ef 100644 --- a/charts/kuma/kuma/templates/cni-configmap.yaml +++ b/charts/kuma/kuma/templates/cni-configmap.yaml @@ -3,7 +3,7 @@ kind: ConfigMap apiVersion: v1 metadata: name: {{ include "kuma.name" . }}-cni-config - namespace: kube-system + namespace: {{ .Values.cni.namespace }} labels: {{ include "kuma.cniLabels" . | nindent 4 }} data: # The CNI network configuration to add to the plugin chain on each node. diff --git a/charts/kuma/kuma/templates/cni-daemonset.yaml b/charts/kuma/kuma/templates/cni-daemonset.yaml index db50240fd..b5d8db761 100644 --- a/charts/kuma/kuma/templates/cni-daemonset.yaml +++ b/charts/kuma/kuma/templates/cni-daemonset.yaml @@ -55,9 +55,9 @@ spec: {{- toYaml .Values.cni.podSecurityContext | trim | nindent 8 }} containers: - name: install-cni - {{- if not .Values.legacy.cni.enabled }} - image: {{ include "kuma.formatImage" (dict "image" .Values.cni.image "root" $) | quote }} imagePullPolicy: {{ .Values.cni.image.imagePullPolicy }} + {{- if not .Values.experimental.ebpf.enabled }} + image: {{ include "kuma.formatImage" (dict "image" .Values.cni.image "root" $) | quote }} readinessProbe: initialDelaySeconds: {{ .Values.cni.delayStartupSeconds }} exec: @@ -66,11 +66,10 @@ spec: - /tmp/ready command: [ "sh", "-c", "--" ] args: [ "sleep {{.Values.cni.delayStartupSeconds}} && exec /install-cni" ] - {{- else if .Values.experimental.ebpf.enabled }} + {{- else }} {{- with .Values.cni.experimental.imageEbpf }} image: {{ printf "%s/%s:%s" .registry .repository .tag | quote }} {{- end }} - imagePullPolicy: {{ .Values.cni.image.imagePullPolicy }} args: - /app/mbctl - --mode=kuma @@ -86,11 +85,6 @@ spec: - make - --keep-going - clean - {{- else }} - image: {{ include "kuma.formatImage" (dict "image" .Values.legacy.cni.image "root" $) | quote }} - imagePullPolicy: {{ .Values.cni.image.imagePullPolicy }} - command: [ "/bin/sh", "-c", "--" ] - args: [ "sleep {{.Values.cni.delayStartupSeconds}} && exec /install-cni.sh" ] {{- end }} securityContext: {{- toYaml .Values.cni.containerSecurityContext | trim | nindent 12 }} diff --git a/charts/kuma/kuma/templates/cni-rbac.yaml b/charts/kuma/kuma/templates/cni-rbac.yaml index 4ffe17afa..4f17534c2 100644 --- a/charts/kuma/kuma/templates/cni-rbac.yaml +++ b/charts/kuma/kuma/templates/cni-rbac.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "kuma.name" . }}-cni - namespace: kube-system + namespace: {{ .Values.cni.namespace }} labels: {{ include "kuma.cniLabels" . | nindent 4 }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/charts/kuma/kuma/templates/cp-deployment.yaml b/charts/kuma/kuma/templates/cp-deployment.yaml index d927c595f..5bf073105 100644 --- a/charts/kuma/kuma/templates/cp-deployment.yaml +++ b/charts/kuma/kuma/templates/cp-deployment.yaml @@ -14,6 +14,40 @@ {{ end }} {{ end }} +{{ if not (or (eq .Values.controlPlane.mode "zone") (eq .Values.controlPlane.mode "global") (eq .Values.controlPlane.mode "standalone")) }} + {{ $msg := printf "controlPlane.mode invalid got:'%s' supported values: global,zone,standalone" .Values.controlPlane.mode }} + {{ fail $msg }} +{{ end }} +{{ if eq .Values.controlPlane.mode "zone" }} + {{ if empty .Values.controlPlane.zone }} + {{ fail "Can't have controlPlane.zone to be empty when controlPlane.mode=='zone'" }} + {{ else }} + {{ if gt (len .Values.controlPlane.zone) 253 }} + {{ fail "controlPlane.zone must be no more than 253 characters" }} + {{ else }} + {{ if not (regexMatch "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" .Values.controlPlane.zone) }} + {{ fail "controlPlane.zone must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" }} + {{ end }} + {{ end }} + {{ end }} + {{ if empty .Values.controlPlane.kdsGlobalAddress }} + {{ fail "controlPlane.kdsGlobalAddress can't be empty when controlPlane.mode=='zone', needs to be the global control-plane address" }} + {{ else }} + {{ $url := urlParse .Values.controlPlane.kdsGlobalAddress }} + {{ if not (or (eq $url.scheme "grpcs") (eq $url.scheme "grpc")) }} + {{ $msg := printf "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// or grpc:// got:'%s'" .Values.controlPlane.kdsGlobalAddress }} + {{ fail $msg }} + {{ end }} + {{ end }} +{{ else }} + {{ if not (empty .Values.controlPlane.zone) }} + {{ fail "Can't specify a controlPlane.zone when controlPlane.mode!='zone'" }} + {{ end }} + {{ if not (empty .Values.controlPlane.kdsGlobalAddress) }} + {{ fail "Can't specify a controlPlane.kdsGlobalAddress when controlPlane.mode!='zone'" }} + {{ end }} +{{ end }} + {{- $defaultEnv := include "kuma.defaultEnv" . | fromYaml | pluck "env" | first }} {{- if eq .Values.controlPlane.environment "universal" }} {{- $defaultEnv = include "kuma.universal.defaultEnv" . | fromYaml | pluck "env" | first }} @@ -35,10 +69,12 @@ metadata: name: {{ include "kuma.name" . }}-control-plane namespace: {{ .Release.Namespace }} labels: {{ include "kuma.cpLabels" . | nindent 4 }} + annotations: {{ include "kuma.cpDeploymentAnnotations" . | nindent 4 }} spec: {{- if not .Values.controlPlane.autoscaling.enabled }} replicas: {{ .Values.controlPlane.replicas }} {{- end }} + minReadySeconds: {{ .Values.controlPlane.minReadySeconds }} strategy: rollingUpdate: maxSurge: 1 @@ -51,7 +87,9 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/cp-configmap.yaml") . | sha256sum }} + {{- if .Values.restartOnSecretChange }} checksum/tls-secrets: {{ include (print $.Template.BasePath "/cp-webhooks-and-secrets.yaml") . | sha256sum }} + {{- end }} {{- range $key, $value := $.Values.controlPlane.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} @@ -199,6 +237,22 @@ spec: mountPath: /var/run/secrets/kuma.io/tls-cert/ca.crt subPath: ca.crt readOnly: true + {{- end }} + {{- if and (eq .Values.controlPlane.environment "universal") (eq .Values.controlPlane.mode "zone") }} + {{- if .Values.controlPlane.tls.general.secretName }} + - name: general-tls-cert + mountPath: /var/run/secrets/kuma.io/tls-cert/tls.crt + subPath: tls.crt + readOnly: true + - name: general-tls-cert + mountPath: /var/run/secrets/kuma.io/tls-cert/tls.key + subPath: tls.key + readOnly: true + - name: general-tls-cert{{- if .Values.controlPlane.tls.general.caSecretName }}-ca{{- end }} + mountPath: /var/run/secrets/kuma.io/tls-cert/ca.crt + subPath: ca.crt + readOnly: true + {{- end }} {{- end }} - name: {{ include "kuma.name" . }}-control-plane-config mountPath: /etc/kuma.io/kuma-control-plane @@ -288,6 +342,18 @@ spec: secret: secretName: {{ .Values.controlPlane.tls.general.caSecretName }} {{- end }} + {{- end }} + {{- if and (eq .Values.controlPlane.environment "universal") (eq .Values.controlPlane.mode "zone") }} + {{- if .Values.controlPlane.tls.general.secretName }} + - name: general-tls-cert + secret: + secretName: {{ .Values.controlPlane.tls.general.secretName }} + {{- end }} + {{- if .Values.controlPlane.tls.general.caSecretName }} + - name: general-tls-cert-ca + secret: + secretName: {{ .Values.controlPlane.tls.general.caSecretName }} + {{- end }} {{- end }} {{- if .Values.controlPlane.tls.apiServer.secretName }} - name: api-server-tls-cert diff --git a/charts/kuma/kuma/templates/cp-global-sync-service.yaml b/charts/kuma/kuma/templates/cp-global-sync-service.yaml index 2ca90b482..c5b3555a8 100644 --- a/charts/kuma/kuma/templates/cp-global-sync-service.yaml +++ b/charts/kuma/kuma/templates/cp-global-sync-service.yaml @@ -14,6 +14,12 @@ spec: {{- if .Values.controlPlane.globalZoneSyncService.loadBalancerIP }} loadBalancerIP: {{ .Values.controlPlane.globalZoneSyncService.loadBalancerIP }} {{- end }} + {{- if .Values.controlPlane.globalZoneSyncService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range .Values.controlPlane.globalZoneSyncService.loadBalancerSourceRanges }} + - {{.}} + {{- end }} + {{- end }} ports: - port: {{ .Values.controlPlane.globalZoneSyncService.port }} appProtocol: {{ .Values.controlPlane.globalZoneSyncService.protocol }} diff --git a/charts/kuma/kuma/templates/cp-ingress.yaml b/charts/kuma/kuma/templates/cp-ingress.yaml index a0726d3ee..8ceae01f8 100644 --- a/charts/kuma/kuma/templates/cp-ingress.yaml +++ b/charts/kuma/kuma/templates/cp-ingress.yaml @@ -21,5 +21,5 @@ spec: service: name: {{ include "kuma.controlPlane.serviceName" . }} port: - number: 5681 + number: {{ .Values.controlPlane.ingress.servicePort }} {{- end }} diff --git a/charts/kuma/kuma/templates/cp-rbac.yaml b/charts/kuma/kuma/templates/cp-rbac.yaml index 9b82e6e35..365a260a2 100644 --- a/charts/kuma/kuma/templates/cp-rbac.yaml +++ b/charts/kuma/kuma/templates/cp-rbac.yaml @@ -4,6 +4,10 @@ metadata: name: {{ include "kuma.name" . }}-control-plane namespace: {{ .Release.Namespace }} labels: {{ include "kuma.cpLabels" . | nindent 4 }} +{{- with .Values.controlPlane.serviceAccountAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- range . }} @@ -192,7 +196,6 @@ rules: - get - list - watch - {{- if not .Values.legacy.cni.enabled }} - apiGroups: - "" resources: @@ -206,7 +209,6 @@ rules: verbs: - list {{- end }} - {{- end }} # validate k8s token before issuing mTLS cert - apiGroups: - authentication.k8s.io diff --git a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml index a0d0bf49d..6d7e4b275 100644 --- a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml +++ b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml @@ -58,6 +58,11 @@ webhooks: - name: mesh.defaulter.kuma-admission.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Fail + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] clientConfig: caBundle: {{ $caBundle }} service: @@ -81,6 +86,11 @@ webhooks: - name: owner-reference.kuma-admission.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Fail + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] clientConfig: caBundle: {{ $caBundle }} service: @@ -120,8 +130,13 @@ webhooks: admissionReviewVersions: ["v1"] failurePolicy: {{ .Values.controlPlane.injectorFailurePolicy }} namespaceSelector: - matchLabels: - kuma.io/sidecar-injection: enabled + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] + - key: kuma.io/sidecar-injection + operator: In + values: ["enabled"] clientConfig: caBundle: {{ $caBundle }} service: @@ -141,6 +156,11 @@ webhooks: - name: pods-kuma-injector.kuma.io admissionReviewVersions: ["v1"] failurePolicy: {{ .Values.controlPlane.injectorFailurePolicy }} + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] objectSelector: matchLabels: kuma.io/sidecar-injection: enabled @@ -163,6 +183,11 @@ webhooks: - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Ignore {{/* Failure policy is hardcoded as Ignore because any other mode will cause CP to be unable to start after all instances are down */}} + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] clientConfig: caBundle: {{ $caBundle }} service: @@ -191,6 +216,11 @@ webhooks: - name: validator.kuma-admission.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Fail + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] clientConfig: caBundle: {{ $caBundle }} service: @@ -235,6 +265,11 @@ webhooks: - name: service.validator.kuma-admission.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Ignore + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] clientConfig: caBundle: {{ $caBundle }} service: @@ -280,6 +315,11 @@ webhooks: - name: gateway.validator.kuma-admission.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Ignore + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: ["kube-system"] clientConfig: caBundle: {{ $caBundle }} service: diff --git a/charts/kuma/kuma/templates/egress-deployment.yaml b/charts/kuma/kuma/templates/egress-deployment.yaml index c282203d7..7655a3fa7 100644 --- a/charts/kuma/kuma/templates/egress-deployment.yaml +++ b/charts/kuma/kuma/templates/egress-deployment.yaml @@ -36,6 +36,7 @@ spec: securityContext: {{- toYaml .Values.egress.podSecurityContext | trim | nindent 8 }} serviceAccountName: {{ include "kuma.name" . }}-egress + automountServiceAccountToken: {{ .Values.egress.automountServiceAccountToken }} {{- with .Values.egress.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} @@ -63,8 +64,6 @@ spec: value: "https://{{ include "kuma.controlPlane.serviceName" . }}.{{ .Release.Namespace }}:5678" - name: KUMA_CONTROL_PLANE_CA_CERT_FILE value: /var/run/secrets/kuma.io/cp-ca/ca.crt - - name: KUMA_DATAPLANE_NAME - value: $(POD_NAME).$(POD_NAMESPACE) - name: KUMA_DATAPLANE_DRAIN_TIME value: {{ .Values.egress.drainTime }} - name: KUMA_DATAPLANE_RUNTIME_TOKEN_PATH @@ -73,7 +72,7 @@ spec: value: "egress" args: - run - - --log-level=info + - --log-level={{ .Values.egress.logLevel | default "info" }} ports: - containerPort: 10002 livenessProbe: @@ -96,12 +95,37 @@ spec: timeoutSeconds: 3 resources: {{ toYaml .Values.egress.resources | nindent 12 }} volumeMounts: +{{- if not .Values.egress.automountServiceAccountToken }} + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: serviceaccount-token + readOnly: true +{{- end }} - name: control-plane-ca mountPath: /var/run/secrets/kuma.io/cp-ca readOnly: true - name: tmp mountPath: /tmp volumes: +{{- if not .Values.egress.automountServiceAccountToken }} + - name: serviceaccount-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3600 + path: token + - configMap: + name: kube-root-ca.crt + items: + - key: ca.crt + path: ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +{{- end }} - name: control-plane-ca secret: secretName: {{ include "kuma.controlPlane.tls.general.caSecretName" . }} diff --git a/charts/kuma/kuma/templates/egress-rbac.yaml b/charts/kuma/kuma/templates/egress-rbac.yaml index e26a12d85..1b4326fdb 100644 --- a/charts/kuma/kuma/templates/egress-rbac.yaml +++ b/charts/kuma/kuma/templates/egress-rbac.yaml @@ -5,4 +5,14 @@ metadata: name: {{ include "kuma.name" . }}-egress namespace: {{ .Release.Namespace }} labels: {{ include "kuma.egressLabels" . | nindent 4 }} +{{- with .Values.egress.serviceAccountAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- with .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/kuma/kuma/templates/gateway-class.yaml b/charts/kuma/kuma/templates/gateway-class.yaml index 0de15581c..09d8a74a1 100644 --- a/charts/kuma/kuma/templates/gateway-class.yaml +++ b/charts/kuma/kuma/templates/gateway-class.yaml @@ -1,4 +1,12 @@ -{{- if and .Values.experimental.gatewayAPI (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1beta1/GatewayClass") }} +{{- if and .Values.experimental.gatewayAPI (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1/GatewayClass") }} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: kuma +spec: + controllerName: "gateways.kuma.io/controller" +{{- else if and .Values.experimental.gatewayAPI (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1beta1/GatewayClass") }} --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: GatewayClass diff --git a/charts/kuma/kuma/templates/ingress-deployment.yaml b/charts/kuma/kuma/templates/ingress-deployment.yaml index b301c8f4e..65ab4e19a 100644 --- a/charts/kuma/kuma/templates/ingress-deployment.yaml +++ b/charts/kuma/kuma/templates/ingress-deployment.yaml @@ -36,6 +36,7 @@ spec: securityContext: {{- toYaml .Values.ingress.podSecurityContext | trim | nindent 8 }} serviceAccountName: {{ include "kuma.name" . }}-ingress + automountServiceAccountToken: {{ .Values.ingress.automountServiceAccountToken }} {{- with .Values.ingress.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} @@ -64,8 +65,6 @@ spec: value: "https://{{ include "kuma.controlPlane.serviceName" . }}.{{ .Release.Namespace }}:5678" - name: KUMA_CONTROL_PLANE_CA_CERT_FILE value: /var/run/secrets/kuma.io/cp-ca/ca.crt - - name: KUMA_DATAPLANE_NAME - value: $(POD_NAME).$(POD_NAMESPACE) - name: KUMA_DATAPLANE_DRAIN_TIME value: {{ .Values.ingress.drainTime }} - name: KUMA_DATAPLANE_RUNTIME_TOKEN_PATH @@ -74,7 +73,7 @@ spec: value: "ingress" args: - run - - --log-level=info + - --log-level={{ .Values.ingress.logLevel | default "info" }} ports: - containerPort: 10001 livenessProbe: @@ -100,12 +99,37 @@ spec: lifecycle: {{ . | toYaml | nindent 12 }} {{ end }} volumeMounts: +{{- if not .Values.ingress.automountServiceAccountToken }} + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: serviceaccount-token + readOnly: true +{{- end }} - name: control-plane-ca mountPath: /var/run/secrets/kuma.io/cp-ca readOnly: true - name: tmp mountPath: /tmp volumes: +{{- if not .Values.ingress.automountServiceAccountToken }} + - name: serviceaccount-token + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3600 + path: token + - configMap: + name: kube-root-ca.crt + items: + - key: ca.crt + path: ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +{{- end }} - name: control-plane-ca secret: secretName: {{ include "kuma.controlPlane.tls.general.caSecretName" . }} diff --git a/charts/kuma/kuma/templates/ingress-rbac.yaml b/charts/kuma/kuma/templates/ingress-rbac.yaml index b99a52bd5..e4e1d61ce 100644 --- a/charts/kuma/kuma/templates/ingress-rbac.yaml +++ b/charts/kuma/kuma/templates/ingress-rbac.yaml @@ -5,6 +5,10 @@ metadata: name: {{ include "kuma.name" . }}-ingress namespace: {{ .Release.Namespace }} labels: {{ include "kuma.ingressLabels" . | nindent 4 }} +{{- with .Values.ingress.serviceAccountAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- range . }} diff --git a/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml b/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml index 8860572c0..aaa3166ff 100644 --- a/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml +++ b/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml @@ -1,4 +1,4 @@ -{{- if and (.Values.experimental.ebpf.enabled) (and (not .Values.cni.enabled) (not .Values.noHelmHooks)) }} +{{- if and (.Values.experimental.ebpf.enabled) (and (not .Values.cni.enabled) (not .Values.noHelmHooks) (eq .Values.controlPlane.environment "kubernetes")) }} {{- $serviceAccountName := printf "%s-cleanup-node-ebpf-job" (include "kuma.name" .) }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/kuma/kuma/templates/pre-delete-webhooks.yaml b/charts/kuma/kuma/templates/pre-delete-webhooks.yaml index feca1faac..a1a122c57 100644 --- a/charts/kuma/kuma/templates/pre-delete-webhooks.yaml +++ b/charts/kuma/kuma/templates/pre-delete-webhooks.yaml @@ -90,7 +90,7 @@ spec: {{- toYaml .Values.hooks.podSecurityContext | trim | nindent 8 }} containers: - name: pre-delete-job - image: {{ include "kubectl.formatImage" (dict "image" .Values.kubectl.image "root" $) | quote }} + image: "{{ .Values.kubectl.image.registry }}/{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}" command: - 'kubectl' - 'delete' diff --git a/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml b/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml index 97407dcdb..a84d7accf 100644 --- a/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml +++ b/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.noHelmHooks }} +{{- if and ( .Values.noHelmHooks ) (eq .Values.controlPlane.environment "kubernetes") }} {{- $errorMessage := ".Values.noHelmHooks is set. You must manually create and label the system namespace with kuma.io/system-namespace: \"true\" before installing or upgrading the chart" }} {{- $systemNamespace := (lookup "v1" "Namespace" "" .Release.Namespace) }} {{- if not $systemNamespace }} @@ -101,7 +101,7 @@ spec: {{- toYaml .Values.hooks.podSecurityContext | trim | nindent 8 }} containers: - name: pre-install-job - image: {{ include "kubectl.formatImage" (dict "image" .Values.kubectl.image "root" $) | quote }} + image: "{{ .Values.kubectl.image.registry }}/{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}" securityContext: {{- toYaml (mergeOverwrite (dict "runAsUser" 65534) .Values.hooks.containerSecurityContext) | trim | nindent 12 }} resources: diff --git a/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml b/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml index 37323e465..b605289c1 100644 --- a/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml +++ b/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml @@ -123,7 +123,7 @@ spec: {{- toYaml .Values.hooks.podSecurityContext | trim | nindent 8 }} containers: - name: pre-upgrade-job - image: {{ include "kubectl.formatImage" (dict "image" .Values.kubectl.image "root" $) | quote }} + image: "{{ .Values.kubectl.image.registry }}/{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}" securityContext: {{- toYaml (mergeOverwrite (dict "runAsUser" 65534) .Values.hooks.containerSecurityContext) | trim | nindent 12 }} resources: diff --git a/charts/kuma/kuma/values.yaml b/charts/kuma/kuma/values.yaml index 722a16b9f..3a3a61c22 100644 --- a/charts/kuma/kuma/values.yaml +++ b/charts/kuma/kuma/values.yaml @@ -20,6 +20,9 @@ installCrdsOnUpgrade: # -- Whether to disable all helm hooks noHelmHooks: false +# -- Whether to restart control-plane by calculating a new checksum for the secret +restartOnSecretChange: true + controlPlane: # -- Environment that control plane is run in, useful when running universal global control plane on k8s environment: "kubernetes" @@ -45,7 +48,13 @@ controlPlane: # -- Number of replicas of the Kuma CP. Ignored when autoscaling is enabled replicas: 1 - # -- Control Plane Pod Annotations + # -- Minimum number of seconds for which a newly created pod should be ready for it to be considered available. + minReadySeconds: 0 + + # -- Annotations applied only to the `Deployment` resource + deploymentAnnotations: {} + + # -- Annotations applied only to the `Pod` resource podAnnotations: {} # Horizontal Pod Autoscaling configuration @@ -149,6 +158,8 @@ controlPlane: path: / # -- Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) pathType: ImplementationSpecific + # -- Port from kuma-cp to use to expose API and GUI. Switch to 5682 to expose TLS port + servicePort: 5681 globalZoneSyncService: # -- Whether to create a k8s service for the global zone sync @@ -159,6 +170,8 @@ controlPlane: type: LoadBalancer # -- (string) Optionally specify IP to be used by cloud provider when configuring load balancer loadBalancerIP: + # -- Optionally specify allowed source ranges that can access the load balancer + loadBalancerSourceRanges: [] # -- Additional annotations to put on the Global Zone Sync Service annotations: { } # -- Port on which Global Zone Sync Service is exposed on Node for service of type NodePort @@ -241,6 +254,9 @@ controlPlane: # -- If true, TLS cert of the server is not verified. skipVerify: false + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + image: # -- Kuma CP ImagePullPolicy pullPolicy: IfNotPresent @@ -392,6 +408,9 @@ ingress: # -- Number of replicas of the Ingress. Ignored when autoscaling is enabled. replicas: 1 + # -- Log level for ingress (available values: off|info|debug) + logLevel: info + # -- Define the resources to allocate to mesh ingress resources: requests: @@ -495,7 +514,12 @@ ingress: # -- Security context at the container level for ingress containerSecurityContext: - readOnlyRootFilesystem: true + readOnlyRootFilesystem: true + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true egress: # -- If true, it deploys Egress for cross cluster communication @@ -507,6 +531,9 @@ egress: # -- Number of replicas of the Egress. Ignored when autoscaling is enabled. replicas: 1 + # -- Log level for egress (available values: off|info|debug) + logLevel: info + # Horizontal Pod Autoscaling configuration autoscaling: # -- Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster @@ -599,7 +626,12 @@ egress: # -- Security context at the container level for egress containerSecurityContext: - readOnlyRootFilesystem: true + readOnlyRootFilesystem: true + + # -- Annotations to add for Control Plane's Service Account + serviceAccountAnnotations: { } + # -- Whether to automountServiceAccountToken for cp. Optionally set to false + automountServiceAccountToken: true kumactl: image: @@ -609,15 +641,13 @@ kumactl: tag: kubectl: - # kuma image that support v1.20.15 image */ } } - # see: https://hub.docker.com/r/kumahq/kubectl */ } } image: # -- The kubectl image registry - registry: kumahq + registry: docker.io # -- The kubectl image repository - repository: kubectl + repository: bitnami/kubectl # -- The kubectl image tag - tag: "v1.20.15" + tag: "1.27.5" hooks: # -- Node selector for the HELM hooks nodeSelector: @@ -660,22 +690,8 @@ experimental: tcAttachIface: "" # -- Path where compiled eBPF programs which will be installed can be found programsSourcePath: /kuma/ebpf - # -- If true, it uses new API for resource synchronization - deltaKds: false - -legacy: - # -- If true, use the legacy transparent proxy engine - transparentProxy: false - cni: - # -- If true, it installs legacy version of the CNI - enabled: false - image: - # -- CNI v1 image registry - registry: "docker.io/kumahq" - # -- CNI v1 image repository - repository: "install-cni" - # -- CNI v1 image tag - tag: "0.0.10" + # -- If false, it uses legacy API for resource synchronization + deltaKds: true # Postgres' settings for universal control plane on k8s postgres: diff --git a/charts/linkerd/linkerd-control-plane/Chart.yaml b/charts/linkerd/linkerd-control-plane/Chart.yaml index 0be1487c5..9f0284d56 100644 --- a/charts/linkerd/linkerd-control-plane/Chart.yaml +++ b/charts/linkerd/linkerd-control-plane/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: linkerd-control-plane apiVersion: v2 -appVersion: stable-2.14.3 +appVersion: stable-2.14.4 dependencies: - name: partials repository: file://./charts/partials @@ -25,4 +25,4 @@ name: linkerd-control-plane sources: - https://github.com/linkerd/linkerd2/ type: application -version: 1.16.4 +version: 1.16.5 diff --git a/charts/linkerd/linkerd-control-plane/README.md b/charts/linkerd/linkerd-control-plane/README.md index ca27549e3..3f7d938d1 100644 --- a/charts/linkerd/linkerd-control-plane/README.md +++ b/charts/linkerd/linkerd-control-plane/README.md @@ -3,7 +3,7 @@ Linkerd gives you observability, reliability, and security for your microservices — with no code change required. -![Version: 1.16.4](https://img.shields.io/badge/Version-1.16.4-informational?style=flat-square) +![Version: 1.16.5](https://img.shields.io/badge/Version-1.16.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square) @@ -226,6 +226,8 @@ Kubernetes: `>=1.21.0-0` | proxy.await | bool | `true` | If set, the application container will not start until the proxy is ready | | proxy.cores | int | `0` | The `cpu.limit` and `cores` should be kept in sync. The value of `cores` must be an integer and should typically be set by rounding up from the limit. E.g. if cpu.limit is '1500m', cores should be 2. | | proxy.defaultInboundPolicy | string | "all-unauthenticated" | The default allow policy to use when no `Server` selects a pod. One of: "all-authenticated", "all-unauthenticated", "cluster-authenticated", "cluster-unauthenticated", "deny" | +| proxy.disableInboundProtocolDetectTimeout | bool | `false` | When set to true, disables the protocol detection timeout on the inbound side of the proxy by setting it to a very high value | +| proxy.disableOutboundProtocolDetectTimeout | bool | `false` | When set to true, disables the protocol detection timeout on the outbound side of the proxy by setting it to a very high value | | proxy.enableExternalProfiles | bool | `false` | Enable service profiles for non-Kubernetes services | | proxy.image.name | string | `"cr.l5d.io/linkerd/proxy"` | Docker image for the proxy | | proxy.image.pullPolicy | string | imagePullPolicy | Pull policy for the proxy container Docker image | diff --git a/charts/linkerd/linkerd-control-plane/charts/partials/templates/_proxy.tpl b/charts/linkerd/linkerd-control-plane/charts/partials/templates/_proxy.tpl index 1f644894b..f5dd4c2cd 100644 --- a/charts/linkerd/linkerd-control-plane/charts/partials/templates/_proxy.tpl +++ b/charts/linkerd/linkerd-control-plane/charts/partials/templates/_proxy.tpl @@ -57,6 +57,14 @@ env: - name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT value: {{.Values.proxy.inboundDiscoveryCacheUnusedTimeout | quote}} {{ end -}} +{{ if .Values.proxy.disableOutboundProtocolDetectTimeout -}} +- name: LINKERD2_PROXY_OUTBOUND_DETECT_TIMEOUT + value: "365d" +{{ end -}} +{{ if .Values.proxy.disableInboundProtocolDetectTimeout -}} +- name: LINKERD2_PROXY_INBOUND_DETECT_TIMEOUT + value: "365d" +{{ end -}} - name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR value: 0.0.0.0:{{.Values.proxy.ports.control}} - name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR @@ -92,7 +100,7 @@ env: {{ end -}} - name: LINKERD2_PROXY_DESTINATION_CONTEXT value: | - {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)"} + {"ns":"$(_pod_ns)", "nodeName":"$(_pod_nodeName)", "pod":"$(_pod_name)"} - name: _pod_sa valueFrom: fieldRef: diff --git a/charts/linkerd/linkerd-control-plane/values.yaml b/charts/linkerd/linkerd-control-plane/values.yaml index 2a340c6de..e4fb45340 100644 --- a/charts/linkerd/linkerd-control-plane/values.yaml +++ b/charts/linkerd/linkerd-control-plane/values.yaml @@ -22,7 +22,7 @@ controlPlaneTracing: false # -- namespace to send control plane traces to controlPlaneTracingNamespace: linkerd-jaeger # -- control plane version. See Proxy section for proxy version -linkerdVersion: stable-2.14.3 +linkerdVersion: stable-2.14.4 # -- default kubernetes deployment strategy deploymentStrategy: rollingUpdate: @@ -115,6 +115,12 @@ proxy: # -- Maximum time allowed before an unused inbound discovery result # is evicted from the cache inboundDiscoveryCacheUnusedTimeout: "90s" + # -- When set to true, disables the protocol detection timeout on the + # outbound side of the proxy by setting it to a very high value + disableOutboundProtocolDetectTimeout: false + # -- When set to true, disables the protocol detection timeout on the inbound + # side of the proxy by setting it to a very high value + disableInboundProtocolDetectTimeout: false image: # -- Docker image for the proxy name: cr.l5d.io/linkerd/proxy diff --git a/charts/minio/minio-operator/Chart.yaml b/charts/minio/minio-operator/Chart.yaml index ffd9837cd..07ba40b55 100644 --- a/charts/minio/minio-operator/Chart.yaml +++ b/charts/minio/minio-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: minio-operator apiVersion: v2 -appVersion: v5.0.10 +appVersion: v5.0.11 description: A Helm chart for MinIO Operator home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -19,4 +19,4 @@ name: minio-operator sources: - https://github.com/minio/operator type: application -version: 5.0.10 +version: 5.0.11 diff --git a/charts/minio/minio-operator/Chart.yaml-e b/charts/minio/minio-operator/Chart.yaml-e index f78513aec..1d5dc01f7 100644 --- a/charts/minio/minio-operator/Chart.yaml-e +++ b/charts/minio/minio-operator/Chart.yaml-e @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.10 -appVersion: v5.0.10 +version: 5.0.11 +appVersion: v5.0.11 keywords: - storage - object-storage diff --git a/charts/minio/minio-operator/templates/console-clusterrole.yaml b/charts/minio/minio-operator/templates/console-clusterrole.yaml index d6c4db7a7..e6d1c467e 100644 --- a/charts/minio/minio-operator/templates/console-clusterrole.yaml +++ b/charts/minio/minio-operator/templates/console-clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if .Values.console.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -235,3 +236,4 @@ rules: - get - list - watch +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-clusterrolebinding.yaml b/charts/minio/minio-operator/templates/console-clusterrolebinding.yaml index ae8b447b1..05f06d52b 100644 --- a/charts/minio/minio-operator/templates/console-clusterrolebinding.yaml +++ b/charts/minio/minio-operator/templates/console-clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.console.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -10,3 +11,4 @@ subjects: - kind: ServiceAccount name: console-sa namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-configmap.yaml b/charts/minio/minio-operator/templates/console-configmap.yaml index 0a38bcf1e..e45634f49 100644 --- a/charts/minio/minio-operator/templates/console-configmap.yaml +++ b/charts/minio/minio-operator/templates/console-configmap.yaml @@ -1,7 +1,10 @@ +{{- if .Values.console.enabled }} apiVersion: v1 kind: ConfigMap metadata: name: console-env + namespace: {{ .Release.Namespace }} data: CONSOLE_PORT: "9090" CONSOLE_TLS_PORT: "9443" +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-deployment.yaml b/charts/minio/minio-operator/templates/console-deployment.yaml index e224eceb0..ad4f7521e 100644 --- a/charts/minio/minio-operator/templates/console-deployment.yaml +++ b/charts/minio/minio-operator/templates/console-deployment.yaml @@ -1,7 +1,9 @@ +{{- if .Values.console.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: console + namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: replicas: {{ .Values.console.replicaCount }} @@ -61,3 +63,4 @@ spec: {{- with .Values.console.volumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-ingress.yaml b/charts/minio/minio-operator/templates/console-ingress.yaml index 3a8fd62a0..bce6c9f19 100644 --- a/charts/minio/minio-operator/templates/console-ingress.yaml +++ b/charts/minio/minio-operator/templates/console-ingress.yaml @@ -1,8 +1,10 @@ +{{- if .Values.console.enabled }} {{- if .Values.console.ingress.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "minio-operator.console-fullname" . }} + namespace: {{ .Release.Namespace }} {{- with .Values.console.ingress.labels }} labels: {{ toYaml . | nindent 4 }} {{- end }} @@ -35,3 +37,4 @@ spec: port: name: http {{- end }} +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-secret.yaml b/charts/minio/minio-operator/templates/console-secret.yaml index ce5b5fe65..78b4fbdb0 100644 --- a/charts/minio/minio-operator/templates/console-secret.yaml +++ b/charts/minio/minio-operator/templates/console-secret.yaml @@ -1,7 +1,10 @@ +{{- if .Values.console.enabled }} apiVersion: v1 kind: Secret metadata: name: console-sa-secret + namespace: {{ .Release.Namespace }} annotations: kubernetes.io/service-account.name: console-sa type: kubernetes.io/service-account-token +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-service.yaml b/charts/minio/minio-operator/templates/console-service.yaml index 429e1612c..fbd1e3e3e 100644 --- a/charts/minio/minio-operator/templates/console-service.yaml +++ b/charts/minio/minio-operator/templates/console-service.yaml @@ -1,7 +1,9 @@ +{{- if .Values.console.enabled }} apiVersion: v1 kind: Service metadata: name: console + namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: ports: @@ -10,3 +12,4 @@ spec: - name: https port: 9443 selector: {{- include "minio-operator.console-selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-serviceaccount.yaml b/charts/minio/minio-operator/templates/console-serviceaccount.yaml index a19e58a06..8b7673977 100644 --- a/charts/minio/minio-operator/templates/console-serviceaccount.yaml +++ b/charts/minio/minio-operator/templates/console-serviceaccount.yaml @@ -1,4 +1,7 @@ +{{- if .Values.console.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: console-sa + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml index 5abb59184..24331b5b9 100644 --- a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml +++ b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml @@ -1353,6 +1353,19 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: claims: @@ -1384,6 +1397,8 @@ spec: x-kubernetes-int-or-string: true type: object type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2753,6 +2768,8 @@ spec: additionalProperties: type: string type: object + reclaimStorage: + type: boolean resources: properties: claims: @@ -3047,6 +3064,11 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -3087,8 +3109,6 @@ spec: type: array phase: type: string - resizeStatus: - type: string type: object type: object volumesPerServer: @@ -3594,6 +3614,19 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: claims: @@ -3625,6 +3658,8 @@ spec: x-kubernetes-int-or-string: true type: object type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -3970,6 +4005,11 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -4010,8 +4050,6 @@ spec: type: array phase: type: string - resizeStatus: - type: string type: object type: object type: array @@ -4743,8 +4781,6 @@ spec: - name type: object type: array - required: - - containers type: object startup: properties: diff --git a/charts/minio/minio-operator/templates/operator-clusterrole.yaml b/charts/minio/minio-operator/templates/operator-clusterrole.yaml index b5a9ee979..3e58817c1 100644 --- a/charts/minio/minio-operator/templates/operator-clusterrole.yaml +++ b/charts/minio/minio-operator/templates/operator-clusterrole.yaml @@ -18,6 +18,7 @@ rules: - get - update - list + - delete - apiGroups: - "" resources: diff --git a/charts/minio/minio-operator/templates/operator-deployment.yaml b/charts/minio/minio-operator/templates/operator-deployment.yaml index 523039192..c79885adb 100644 --- a/charts/minio/minio-operator/templates/operator-deployment.yaml +++ b/charts/minio/minio-operator/templates/operator-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: minio-operator + namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: replicas: {{ .Values.operator.replicaCount }} diff --git a/charts/minio/minio-operator/templates/operator-service.yaml b/charts/minio/minio-operator/templates/operator-service.yaml index 0abb7c061..33f25fbbb 100644 --- a/charts/minio/minio-operator/templates/operator-service.yaml +++ b/charts/minio/minio-operator/templates/operator-service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: operator + namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: type: ClusterIP diff --git a/charts/minio/minio-operator/templates/operator-serviceaccount.yaml b/charts/minio/minio-operator/templates/operator-serviceaccount.yaml index 9c118323d..7b6442480 100644 --- a/charts/minio/minio-operator/templates/operator-serviceaccount.yaml +++ b/charts/minio/minio-operator/templates/operator-serviceaccount.yaml @@ -2,4 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: minio-operator + namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} diff --git a/charts/minio/minio-operator/templates/sts-service.yaml b/charts/minio/minio-operator/templates/sts-service.yaml index faeb98fc6..51b06a590 100644 --- a/charts/minio/minio-operator/templates/sts-service.yaml +++ b/charts/minio/minio-operator/templates/sts-service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: sts + namespace: {{ .Release.Namespace }} labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: type: ClusterIP diff --git a/charts/minio/minio-operator/values.yaml b/charts/minio/minio-operator/values.yaml index 8a94c5cb8..03f4850b2 100644 --- a/charts/minio/minio-operator/values.yaml +++ b/charts/minio/minio-operator/values.yaml @@ -1,54 +1,129 @@ -# Default values for minio-operator. - +### +# Root key for Operator Helm Chart operator: - ## Setup environment variables for the Operator -# env: -# - name: MINIO_OPERATOR_DEPLOYMENT_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.labels['app.kubernetes.io/name'] -# - name: MINIO_CONSOLE_TLS_ENABLE -# value: "off" -# - name: CLUSTER_DOMAIN -# value: "cluster.domain" -# - name: WATCHED_NAMESPACE -# value: "" -# - name: MINIO_OPERATOR_RUNTIME -# value: "OpenShift" - env: [ ] + ### + # An array of environment variables to pass to the Operator deployment. + # Pass an empty array to start Operator with defaults. + # + # For example: + # + # .. code-block:: yaml + # + # env: + # - name: MINIO_OPERATOR_DEPLOYMENT_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['app.kubernetes.io/name'] + # - name: MINIO_CONSOLE_TLS_ENABLE + # value: "off" + # - name: CLUSTER_DOMAIN + # value: "cluster.domain" + # - name: WATCHED_NAMESPACE + # value: "" + # - name: MINIO_OPERATOR_RUNTIME + # value: "OpenShift" + # + # See `Operator environment variables `__ for a list of all supported values. + env: + - name: OPERATOR_STS_ENABLED + value: "on" + ### + # Specify the Operator container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator + # tag: v5.0.11 + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent # - ### Image field: - ## Image from tag (original behaviour), for example: - # image: - # repository: quay.io/minio/operator - # tag: v5.0.10 - # pullPolicy: IfNotPresent - ## Image from digest (added after original behaviour), for example: - # image: - # repository: quay.io/minio/operator@sha256 - # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 - # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator - tag: v5.0.10 + tag: v5.0.11 pullPolicy: IfNotPresent + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. + # Only one array element is supported at this time. imagePullSecrets: [ ] + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator pods. runtimeClassName: ~ + ### + # An array of `initContainers `__ to start up before the Operator pods. + # Exercise care as ``initContainer`` failures prevent Operator pods from starting. + # Pass an empty array to start the Operator normally. initContainers: [ ] + ### + # The number of Operator pods to deploy. + # Higher values increase availability in the event of worker node failures. + # + # The cluster must have sufficient number of available worker nodes to fulfill the request. + # Operator pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node. replicaCount: 2 + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator resources. + # + # You may need to modify these values to meet your cluster's security and access settings. securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true fsGroup: 1000 + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true + ### + # An array of `Volumes `__ which the Operator can mount to pods. + # + # The volumes must exist *and* be accessible to the Operator pods. volumes: [ ] + ### + # An array of volume mount points associated to each Operator container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``volumes`` array. volumeMounts: [ ] + ### + # Any `Node Selectors `__ to apply to Operator pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Operator pods. + # + # If no worker nodes match the specified selectors, the Operator deployment will fail. nodeSelector: { } + ### + # + # The `Pod Priority `__ to assign to Operator pods. priorityClassName: "" + ### + # + # The `affinity `__ or anti-affinity settings to apply to Operator pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -59,38 +134,150 @@ operator: values: - minio-operator topologyKey: kubernetes.io/hostname + ### + # + # An array of `Toleration labels `__ to associate to Operator pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] + ### + # + # The `Requests or Limits `__ for resources to associate to Operator pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Operator may fail to deploy. resources: requests: cpu: 200m memory: 256Mi ephemeral-storage: 500Mi +### +# Root key for Operator Console console: + ### + # Specify ``false`` to disable the Operator Console. + # + # If the Operator Console is disabled, all management of Operator Tenants must be done through the Kubernetes API. + enabled: true + ### + # Specify the Operator Console container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator + # tag: v5.0.11 + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent + # + # The specified values should match that of ``operator.image`` to ensure predictable operations. image: repository: quay.io/minio/operator - tag: v5.0.10 + tag: v5.0.11 pullPolicy: IfNotPresent + ### + # An array of environment variables to pass to the Operator Console deployment. + # Pass an empty array to start Operator Console with defaults. env: [ ] + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. imagePullSecrets: [ ] + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator Console pods. runtimeClassName: ~ + ### + # An array of `initContainers `__ to start up before the Operator Console pods. + # Exercise care as ``initContainer`` failures prevent Console pods from starting. + # Pass an empty array to start the Console normally. initContainers: [ ] + ### + # The number of Operator Console pods to deploy. + # Higher values increase availability in the event of worker node failures. + # + # The cluster must have sufficient number of available worker nodes to fulfill the request. + # Console pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node. replicaCount: 1 + ### + # Any `Node Selectors `__ to apply to Operator Console pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Console pods. + # + # If no worker nodes match the specified selectors, the Console deployment will fail. nodeSelector: { } - affinity: { } + ### + # + # The `affinity `__ or anti-affinity settings to apply to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - minio-operator + topologyKey: kubernetes.io/hostname + ### + # + # An array of `Toleration labels `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] + ### + # + # The `Requests or Limits `__ for resources to associate to Operator Console pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Console may fail to deploy. resources: requests: cpu: 0.25 memory: 512Mi + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator Console resources. + # + # You may need to modify these values to meet your cluster's security and access settings. securityContext: runAsUser: 1000 runAsNonRoot: true + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator Console containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsNonRoot: true + ### + # Configures `Ingress `__ for the Operator Console. + # + # Set the keys to conform to the Ingress controller and configuration of your choice. ingress: enabled: false ingressClassName: "" @@ -100,5 +287,26 @@ console: host: console.local path: / pathType: Prefix - volumes: [ ] - volumeMounts: [ ] + ### + # An array of `Volumes `__ which the Operator Console can mount to pods. + # + # The volumes must exist *and* be accessible to the Console pods. + volumes: + - name: tmp + emptyDir: {} + ### + # An array of volume mount points associated to each Operator Console container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``volumes`` array. + volumeMounts: + - name: tmp + readOnly: false + mountPath: /tmp/certs/CAs diff --git a/charts/minio/minio-operator/values.yaml-e b/charts/minio/minio-operator/values.yaml-e index 8a94c5cb8..03f4850b2 100644 --- a/charts/minio/minio-operator/values.yaml-e +++ b/charts/minio/minio-operator/values.yaml-e @@ -1,54 +1,129 @@ -# Default values for minio-operator. - +### +# Root key for Operator Helm Chart operator: - ## Setup environment variables for the Operator -# env: -# - name: MINIO_OPERATOR_DEPLOYMENT_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.labels['app.kubernetes.io/name'] -# - name: MINIO_CONSOLE_TLS_ENABLE -# value: "off" -# - name: CLUSTER_DOMAIN -# value: "cluster.domain" -# - name: WATCHED_NAMESPACE -# value: "" -# - name: MINIO_OPERATOR_RUNTIME -# value: "OpenShift" - env: [ ] + ### + # An array of environment variables to pass to the Operator deployment. + # Pass an empty array to start Operator with defaults. + # + # For example: + # + # .. code-block:: yaml + # + # env: + # - name: MINIO_OPERATOR_DEPLOYMENT_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['app.kubernetes.io/name'] + # - name: MINIO_CONSOLE_TLS_ENABLE + # value: "off" + # - name: CLUSTER_DOMAIN + # value: "cluster.domain" + # - name: WATCHED_NAMESPACE + # value: "" + # - name: MINIO_OPERATOR_RUNTIME + # value: "OpenShift" + # + # See `Operator environment variables `__ for a list of all supported values. + env: + - name: OPERATOR_STS_ENABLED + value: "on" + ### + # Specify the Operator container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator + # tag: v5.0.11 + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent # - ### Image field: - ## Image from tag (original behaviour), for example: - # image: - # repository: quay.io/minio/operator - # tag: v5.0.10 - # pullPolicy: IfNotPresent - ## Image from digest (added after original behaviour), for example: - # image: - # repository: quay.io/minio/operator@sha256 - # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 - # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator - tag: v5.0.10 + tag: v5.0.11 pullPolicy: IfNotPresent + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. + # Only one array element is supported at this time. imagePullSecrets: [ ] + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator pods. runtimeClassName: ~ + ### + # An array of `initContainers `__ to start up before the Operator pods. + # Exercise care as ``initContainer`` failures prevent Operator pods from starting. + # Pass an empty array to start the Operator normally. initContainers: [ ] + ### + # The number of Operator pods to deploy. + # Higher values increase availability in the event of worker node failures. + # + # The cluster must have sufficient number of available worker nodes to fulfill the request. + # Operator pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node. replicaCount: 2 + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator resources. + # + # You may need to modify these values to meet your cluster's security and access settings. securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true fsGroup: 1000 + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true + ### + # An array of `Volumes `__ which the Operator can mount to pods. + # + # The volumes must exist *and* be accessible to the Operator pods. volumes: [ ] + ### + # An array of volume mount points associated to each Operator container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``volumes`` array. volumeMounts: [ ] + ### + # Any `Node Selectors `__ to apply to Operator pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Operator pods. + # + # If no worker nodes match the specified selectors, the Operator deployment will fail. nodeSelector: { } + ### + # + # The `Pod Priority `__ to assign to Operator pods. priorityClassName: "" + ### + # + # The `affinity `__ or anti-affinity settings to apply to Operator pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -59,38 +134,150 @@ operator: values: - minio-operator topologyKey: kubernetes.io/hostname + ### + # + # An array of `Toleration labels `__ to associate to Operator pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] + ### + # + # The `Requests or Limits `__ for resources to associate to Operator pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Operator may fail to deploy. resources: requests: cpu: 200m memory: 256Mi ephemeral-storage: 500Mi +### +# Root key for Operator Console console: + ### + # Specify ``false`` to disable the Operator Console. + # + # If the Operator Console is disabled, all management of Operator Tenants must be done through the Kubernetes API. + enabled: true + ### + # Specify the Operator Console container image to use for the deployment. + # ``image.tag`` + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. + # The container pulls the image if not already present: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator + # tag: v5.0.11 + # pullPolicy: IfNotPresent + # + # The chart also supports specifying an image based on digest value: + # + # .. code-block:: yaml + # + # image: + # repository: quay.io/minio/operator@sha256 + # digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 + # pullPolicy: IfNotPresent + # + # The specified values should match that of ``operator.image`` to ensure predictable operations. image: repository: quay.io/minio/operator - tag: v5.0.10 + tag: v5.0.11 pullPolicy: IfNotPresent + ### + # An array of environment variables to pass to the Operator Console deployment. + # Pass an empty array to start Operator Console with defaults. env: [ ] + ### + # + # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``. imagePullSecrets: [ ] + ### + # + # The name of a custom `Container Runtime `__ to use for the Operator Console pods. runtimeClassName: ~ + ### + # An array of `initContainers `__ to start up before the Operator Console pods. + # Exercise care as ``initContainer`` failures prevent Console pods from starting. + # Pass an empty array to start the Console normally. initContainers: [ ] + ### + # The number of Operator Console pods to deploy. + # Higher values increase availability in the event of worker node failures. + # + # The cluster must have sufficient number of available worker nodes to fulfill the request. + # Console pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node. replicaCount: 1 + ### + # Any `Node Selectors `__ to apply to Operator Console pods. + # + # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Console pods. + # + # If no worker nodes match the specified selectors, the Console deployment will fail. nodeSelector: { } - affinity: { } + ### + # + # The `affinity `__ or anti-affinity settings to apply to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes. + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - minio-operator + topologyKey: kubernetes.io/hostname + ### + # + # An array of `Toleration labels `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. tolerations: [ ] + ### + # + # An array of `Topology Spread Constraints `__ to associate to Operator Console pods. + # + # These settings determine the distribution of pods across worker nodes. topologySpreadConstraints: [ ] + ### + # + # The `Requests or Limits `__ for resources to associate to Operator Console pods. + # + # These settings can control the minimum and maximum resources requested for each pod. + # If no worker nodes can meet the specified requests, the Console may fail to deploy. resources: requests: cpu: 0.25 memory: 512Mi + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator Console resources. + # + # You may need to modify these values to meet your cluster's security and access settings. securityContext: runAsUser: 1000 runAsNonRoot: true + ### + # The Kubernetes `SecurityContext `__ to use for deploying Operator Console containers. + # You may need to modify these values to meet your cluster's security and access settings. containerSecurityContext: runAsUser: 1000 runAsNonRoot: true + ### + # Configures `Ingress `__ for the Operator Console. + # + # Set the keys to conform to the Ingress controller and configuration of your choice. ingress: enabled: false ingressClassName: "" @@ -100,5 +287,26 @@ console: host: console.local path: / pathType: Prefix - volumes: [ ] - volumeMounts: [ ] + ### + # An array of `Volumes `__ which the Operator Console can mount to pods. + # + # The volumes must exist *and* be accessible to the Console pods. + volumes: + - name: tmp + emptyDir: {} + ### + # An array of volume mount points associated to each Operator Console container. + # + # Specify each item in the array as follows: + # + # .. code-block:: yaml + # + # volumeMounts: + # - name: volumename + # mountPath: /path/to/mount + # + # The ``name`` field must correspond to an entry in the ``volumes`` array. + volumeMounts: + - name: tmp + readOnly: false + mountPath: /tmp/certs/CAs diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index e55be6c58..54723c6bc 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 0.7.9 - name: connectors repository: https://charts.redpanda.com - version: 0.1.8 -digest: sha256:5fdaeda1e1821425fca44c2c91bca27675f5d25eb8e848cc48b2097d785df810 -generated: "2023-11-14T19:43:42.164637881Z" + version: 0.1.9 +digest: sha256:69b23e58a55e6f46c5a099164400588608b5e7e1e15ff0d209af8698d6c65737 +generated: "2023-11-16T11:35:29.19034642Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index f656acf13..cd9bcc7d4 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/redpandadata/redpanda:v23.2.15 + image: docker.redpanda.com/redpandadata/redpanda:v23.2.16 - name: busybox image: busybox:latest - name: mintel/docker-alpine-bash-curl-jq @@ -17,7 +17,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: redpanda apiVersion: v2 -appVersion: v23.2.15 +appVersion: v23.2.16 dependencies: - condition: console.enabled name: console @@ -37,4 +37,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 5.6.45 +version: 5.6.48 diff --git a/charts/redpanda/redpanda/charts/connectors/Chart.yaml b/charts/redpanda/redpanda/charts/connectors/Chart.yaml index 424e0517e..b5714c7c5 100644 --- a/charts/redpanda/redpanda/charts/connectors/Chart.yaml +++ b/charts/redpanda/redpanda/charts/connectors/Chart.yaml @@ -22,4 +22,4 @@ name: connectors sources: - https://github.com/redpanda-data/helm-charts type: application -version: 0.1.8 +version: 0.1.9 diff --git a/charts/redpanda/redpanda/charts/connectors/README.md b/charts/redpanda/redpanda/charts/connectors/README.md index e9322257d..d8d47dab7 100644 --- a/charts/redpanda/redpanda/charts/connectors/README.md +++ b/charts/redpanda/redpanda/charts/connectors/README.md @@ -3,11 +3,11 @@ description: Find the default values and descriptions of settings in the Redpanda Connectors Helm chart. --- -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.6](https://img.shields.io/badge/AppVersion-v1.0.6-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.6](https://img.shields.io/badge/AppVersion-v1.0.6-informational?style=flat-square) This page describes the official Redpanda Connectors Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/connectors/values.yaml). Each of the settings is listed and described on this page, along with any default values. -For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the [deployment documentation](TODO). +For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the [deployment documentation](https://docs.redpanda.com/current/deploy/deployment-option/self-hosted/kubernetes/k-deploy-connectors/). ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) @@ -24,7 +24,7 @@ Kubernetes: `^1.21.0-0` ### [auth](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=auth) -Authentication settings. For details, see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/). +Authentication settings. For details, see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/). The first line of the secret file is used. So the first superuser is used to authenticate to the Redpanda cluster. **Default:** @@ -52,25 +52,25 @@ Additional labels to add to all Kubernetes objects. For example, `my.k8s.service ### [connectors.additionalConfiguration](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.additionalConfiguration) -TODO the schema +A placeholder for any Java configuration settings for Kafka Connect that are not explicitly defined in this Helm chart. Java configuration settings are passed to the Kafka Connect startup script. **Default:** `""` ### [connectors.bootstrapServers](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.bootstrapServers) -Bootstrap servers list is coma separated list of individual Redpanda brokers as single line string +A comma-separated list of Redpanda broker addresses in the format of IP:Port or DNS:Port. Kafka Connect uses this to connect to the Redpanda/Kafka cluster. **Default:** `""` ### [connectors.brokerTLS.ca.secretNameOverwrite](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.ca.secretNameOverwrite) -If secretRef points to secret where Certificate Authority is not under ca.crt key then please use secretNameOverwrite to overwrite it e.g. corp-ca.crt +If `secretRef` points to a Secret where the certificate authority (CA) is not under the `ca.crt` key, use `secretNameOverwrite` to overwrite it e.g. `corp-ca.crt`. **Default:** `""` ### [connectors.brokerTLS.ca.secretRef](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.ca.secretRef) -The name of the secret where ca.crt is located +The name of the Secret where the ca.crt file content is located. **Default:** `""` @@ -104,24 +104,30 @@ The name of the secret where client private key is located ### [connectors.groupID](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.groupID) +A unique string that identifies the Kafka Connect cluster. It's used in the formation of the internal topic names, ensuring that multiple Kafka Connect clusters can connect to the same Redpanda cluster without interfering with each other. + **Default:** `"connectors-cluster"` ### [connectors.producerBatchSize](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.producerBatchSize) +The number of bytes of records a producer will attempt to batch together before sending to Redpanda. Batching improves throughput. + **Default:** `131072` ### [connectors.producerLingerMS](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.producerLingerMS) +The time, in milliseconds, that a producer will wait before sending a batch of records. Waiting allows the producer to gather more records in the same batch and improve throughput. + **Default:** `1` ### [connectors.restPort](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.restPort) +The port on which the Kafka Connect REST API listens. The API is used for administrative tasks. + **Default:** `8083` ### [connectors.schemaRegistryURL](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.schemaRegistryURL) -List of Redpanda IP:Port or DNS:Port separated by coma. - **Default:** `""` ### [connectors.secretManager.connectorsPrefix](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.secretManager.connectorsPrefix) @@ -140,44 +146,48 @@ List of Redpanda IP:Port or DNS:Port separated by coma. **Default:** `""` -### [connectors.storage.remote.read.config](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote.read.config) +### [connectors.storage.remote](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote) -**Default:** `false` +Indicates if read and write operations for the respective topics are allowed remotely. -### [connectors.storage.remote.read.offset](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote.read.offset) +**Default:** -**Default:** `false` +``` +{"read":{"config":false,"offset":false,"status":false},"write":{"config":false,"offset":false,"status":false}} +``` -### [connectors.storage.remote.read.status](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote.read.status) +### [connectors.storage.replicationFactor](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor) -**Default:** `false` +The number of replicas for each of the internal topics that Kafka Connect uses. -### [connectors.storage.remote.write.config](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote.write.config) +**Default:** -**Default:** `false` - -### [connectors.storage.remote.write.offset](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote.write.offset) - -**Default:** `false` - -### [connectors.storage.remote.write.status](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote.write.status) - -**Default:** `false` +``` +{"config":-1,"offset":-1,"status":-1} +``` ### [connectors.storage.replicationFactor.config](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor.config) +Replication factor for the configuration topic. + **Default:** `-1` ### [connectors.storage.replicationFactor.offset](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor.offset) +Replication factor for the offset topic. + **Default:** `-1` ### [connectors.storage.replicationFactor.status](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor.status) +Replication factor for the status topic. + **Default:** `-1` ### [connectors.storage.topic.config](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.topic.config) +The name of the internal topic that Kafka Connect uses to store connector and task configurations. + **Default:** ``` @@ -186,6 +196,8 @@ List of Redpanda IP:Port or DNS:Port separated by coma. ### [connectors.storage.topic.offset](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.topic.offset) +The name of the internal topic that Kafka Connect uses to store source connector offsets. + **Default:** ``` @@ -194,6 +206,8 @@ List of Redpanda IP:Port or DNS:Port separated by coma. ### [connectors.storage.topic.status](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.topic.status) +The name of the internal topic that Kafka Connect uses to store connector and task status updates. + **Default:** ``` @@ -216,13 +230,13 @@ Pod resource management. ### [container.resources.javaMaxHeapSize](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=container.resources.javaMaxHeapSize) -Java maximum heap size can not be greater than $container.resources.limits.memory +Java maximum heap size must not be greater than `container.resources.limits.memory`. **Default:** `"2G"` ### [container.securityContext](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=container.securityContext) -Security context for managed Connectors container. See also deployment.securityContext for pod level. +Security context for the Redpanda Connectors container. See also `deployment.securityContext` for Pod-level settings. **Default:** @@ -232,7 +246,7 @@ Security context for managed Connectors container. See also deployment.securityC ### [deployment.annotations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.annotations) -Additional annotations to apply to the Pods of this StatefulSet. +Additional annotations to apply to the Pods of this Deployment. **Default:** `{}` @@ -246,7 +260,7 @@ Additional annotations to apply to the Pods of this StatefulSet. ### [deployment.extraEnv](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.extraEnv) -Additional environment variables for the Connectors Deployment. +Additional environment variables for the Pods. **Default:** `[]` @@ -268,7 +282,7 @@ Node Affinity rules for scheduling Pods of this Deployment. The suggestion would ### [deployment.nodeSelector](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.nodeSelector) -Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). +Node selection constraints for scheduling Pods of this Deployment. These constraints override the global `nodeSelector` value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). **Default:** `{}` @@ -296,7 +310,7 @@ Change `podAntiAffinity.type` to `custom` and provide your own podAntiAffinity r ### [deployment.podAntiAffinity.topologyKey](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAntiAffinity.topologyKey) -The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc. +The `topologyKey` to be used. Can be used to spread across different nodes, AZs, regions etc. **Default:** `"kubernetes.io/hostname"` @@ -314,13 +328,13 @@ Weight for `soft` anti-affinity rules. Does not apply for other anti-affinity ty ### [deployment.priorityClassName](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.priorityClassName) -PriorityClassName given to Pods of this StatefulSet. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). +PriorityClassName given to Pods of this Deployment. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). **Default:** `""` ### [deployment.progressDeadlineSeconds](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.progressDeadlineSeconds) -The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. +The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. **Default:** `600` @@ -350,7 +364,7 @@ The maximum time in seconds for a deployment to make progress before it is co ### [deployment.revisionHistoryLimit](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.revisionHistoryLimit) -The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. +The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. **Default:** `10` @@ -380,7 +394,7 @@ The number of old ReplicaSets to retain to allow rollback. This is a pointer ### [deployment.tolerations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.tolerations) -Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). +Taints to be tolerated by Pods of this Deployment. These tolerations override the global tolerations value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). **Default:** `[]` @@ -462,7 +476,7 @@ Log level Valid values (from least to most verbose) are: `error`, `warn`, `info` ### [monitoring](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=monitoring) -Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. +Monitoring. When set to `true`, the Helm chart creates a PodMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. **Default:** @@ -488,7 +502,7 @@ Service management. ### [service.annotations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=service.annotations) -Annotations to add to the service. +Annotations to add to the Service. **Default:** `{}` @@ -500,7 +514,7 @@ The name of the service to use. If not set, a name is generated using the `conne ### [serviceAccount](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount) -Service account management. +ServiceAccount management. **Default:** @@ -510,19 +524,19 @@ Service account management. ### [serviceAccount.annotations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.annotations) -Annotations to add to the service account. +Annotations to add to the ServiceAccount. **Default:** `{}` ### [serviceAccount.create](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.create) -Specifies whether a service account should be created. +Specifies whether a ServiceAccount should be created. **Default:** `false` ### [serviceAccount.name](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.name) -The name of the service account to use. If not set and `serviceAccount.create` is `true`, a name is generated using the `connectors.fullname` template. +The name of the ServiceAccount to use. If not set and `serviceAccount.create` is `true`, a name is generated using the `connectors.fullname` template. **Default:** `""` @@ -552,7 +566,7 @@ The name of the service account to use. If not set and `serviceAccount.create` i ### [tolerations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=tolerations) -Taints to be tolerated by Pods, can override this for StatefulSets. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). +Taints to be tolerated by Pods. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). **Default:** `[]` diff --git a/charts/redpanda/redpanda/charts/connectors/ci/01-default-values.yaml b/charts/redpanda/redpanda/charts/connectors/ci/01-default-values.yaml index f1caf00fa..d0dbb71c2 100644 --- a/charts/redpanda/redpanda/charts/connectors/ci/01-default-values.yaml +++ b/charts/redpanda/redpanda/charts/connectors/ci/01-default-values.yaml @@ -22,3 +22,13 @@ connectors: logging: level: trace + +deployment: + annotations: + test: test + test2: test2 + +service: + annotations: + test: test + test2: test2 diff --git a/charts/redpanda/redpanda/charts/connectors/templates/deployment.yaml b/charts/redpanda/redpanda/charts/connectors/templates/deployment.yaml index bbbb11902..ecf79b01c 100644 --- a/charts/redpanda/redpanda/charts/connectors/templates/deployment.yaml +++ b/charts/redpanda/redpanda/charts/connectors/templates/deployment.yaml @@ -28,6 +28,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- with dig "replicas" "" .Values.deployment }} + replicas: {{ . }} + {{- end }} progressDeadlineSeconds: {{ .Values.deployment.progressDeadlineSeconds }} revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} selector: @@ -212,7 +215,7 @@ spec: schedulerName: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.deployment.nodeSelector }} - nodeSelector: {{- . | nindent 8 }} + nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/redpanda/redpanda/charts/connectors/templates/pod-monitor.yaml b/charts/redpanda/redpanda/charts/connectors/templates/pod-monitor.yaml index e542fc16e..8b963627b 100644 --- a/charts/redpanda/redpanda/charts/connectors/templates/pod-monitor.yaml +++ b/charts/redpanda/redpanda/charts/connectors/templates/pod-monitor.yaml @@ -22,11 +22,11 @@ metadata: name: {{ template "connectors.fullname" . }} labels: {{- with .Values.monitoring.labels }} - {{- . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} annotations: {{- with .Values.monitoring.annotations }} - {{- . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: {{- with .Values.monitoring.namespaceSelector }} diff --git a/charts/redpanda/redpanda/charts/connectors/templates/serviceaccount.yaml b/charts/redpanda/redpanda/charts/connectors/templates/serviceaccount.yaml index 3de13fc10..32b7feffe 100644 --- a/charts/redpanda/redpanda/charts/connectors/templates/serviceaccount.yaml +++ b/charts/redpanda/redpanda/charts/connectors/templates/serviceaccount.yaml @@ -23,7 +23,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- with include "full.labels" . }} - {{- . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: diff --git a/charts/redpanda/redpanda/charts/connectors/values.yaml b/charts/redpanda/redpanda/charts/connectors/values.yaml index 7796d7e46..1bc270653 100644 --- a/charts/redpanda/redpanda/charts/connectors/values.yaml +++ b/charts/redpanda/redpanda/charts/connectors/values.yaml @@ -172,6 +172,9 @@ container: javaGCLogEnabled: "false" deployment: + # Replicas can be used to scale Deployment + # replicas + create: true # Customize the command to use as the entrypoint of the Deployment. # command: [] diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index 4bfa42fcc..67a9a68a5 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -91,7 +91,7 @@ spec: if [ -d "/etc/secrets/users/" ]; then IFS=":" read -r USER_NAME PASSWORD MECHANISM < <(grep "" $(find /etc/secrets/users/* -print)) curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors --ssl-reqd \ - {{- if $cert.caEnabled }} + {{- if and $cert ( dig "caEnabled" false $cert ) }} --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ {{- end }} -X PUT -u ${USER_NAME}:${PASSWORD} \ diff --git a/charts/redpanda/redpanda/templates/secrets.yaml b/charts/redpanda/redpanda/templates/secrets.yaml index bc194c90e..fd7be94d7 100644 --- a/charts/redpanda/redpanda/templates/secrets.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -352,3 +352,57 @@ stringData: rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}" {{- end }} {{- end }} +{{- if .Values.statefulset.initContainers.fsValidator.enabled}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ (include "redpanda.fullname" .) | trunc 49 }}-fs-validator + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} +type: Opaque +stringData: + fsValidator.sh: |- + set -e + EXPECTED_FS_TYPE=$1 + + DATA_DIR="/var/lib/redpanda/data" + TEST_FILE="testfile" + + echo "checking data directory exist..." + if [ ! -d "${DATA_DIR}" ]; then + echo "data directory does not exists, exiting" + exit 1 + fi + + echo "checking filesystem type..." + FS_TYPE=$(df -T $DATA_DIR | tail -n +2 | awk '{print $2}') + + if [ "${FS_TYPE}" != "${EXPECTED_FS_TYPE}" ]; then + echo "file system found to be ${FS_TYPE} when expected ${EXPECTED_FS_TYPE}" + exit 1 + fi + + echo "checking if able to create a test file..." + + touch ${DATA_DIR}/${TEST_FILE} + result=$(touch ${DATA_DIR}/${TEST_FILE} 2> /dev/null; echo $?) + if [ "${result}" != "0" ]; then + echo "could not write testfile, may not have write permission" + exit 1 + fi + + echo "checking if able to delete a test file..." + + result=$(rm ${DATA_DIR}/${TEST_FILE} 2> /dev/null; echo $?) + if [ "${result}" != "0" ]; then + echo "could not delete testfile" + exit 1 + fi + + echo "passed" + +{{- end }} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index f3dfc3dd1..789f1bb5a 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -103,6 +103,26 @@ spec: resources: {{- toYaml .Values.statefulset.initContainers.setDataDirOwnership.resources | nindent 12 }} {{- end }} {{- end }} +{{- if $values.statefulset.initContainers.fsValidator.enabled }} + - name: fs-validator + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /bin/sh + args: + - -c + - 'trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh {{ .Values.statefulset.initContainers.fsValidator.expectedFS }} & wait $!' + volumeMounts: {{ include "common-mounts" . | nindent 12 }} + {{- if dig "initContainers" "fsValidator" "extraVolumeMounts" false .Values.statefulset -}} + {{ tpl .Values.statefulset.initContainers.fsValidator.extraVolumeMounts . | nindent 12 }} + {{- end }} + - name: {{ (include "redpanda.fullname" .) | trunc 49 }}-fs-validator + mountPath: /etc/secrets/fs-validator/scripts/ + - name: datadir + mountPath: /var/lib/redpanda/data + {{- if get .Values.statefulset.initContainers.fsValidator "resources" }} + resources: {{- toYaml .Values.statefulset.fsValidator.tuning.resources | nindent 12 }} + {{- end }} +{{- end }} {{- if and (include "is-licensed" . | fromJson).bool (include "storage-tiered-config" .|fromJson).cloud_storage_enabled }} - name: set-tiered-storage-cache-dir-ownership image: {{ .Values.statefulset.initContainerImage.repository }}:{{ .Values.statefulset.initContainerImage.tag }} @@ -369,6 +389,10 @@ spec: secret: secretName: {{ template "redpanda.fullname" . }}-config-watcher defaultMode: 0o775 + - name: {{ (include "redpanda.fullname" .) | trunc 49 }}-fs-validator + secret: + secretName: {{ (include "redpanda.fullname" .) | trunc 49 }}-fs-validator + defaultMode: 0o775 {{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} topologySpreadConstraints: {{- range $v := .Values.statefulset.topologySpreadConstraints }} diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 81e4f54e5..642ee92bb 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -982,6 +982,23 @@ "initContainers": { "type": "object", "properties": { + "fsValidator": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "expectedFS": { + "type": "string" + }, + "resources": { + "type": "object" + }, + "extraVolumeMounts": { + "type": "string" + } + } + }, "tuning": { "type": "object", "properties": { diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 01a4cb7fe..5449f2850 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -650,6 +650,11 @@ statefulset: - all createRBAC: true initContainers: + fsValidator: + enabled: false + expectedFS: xfs + resources: {} + extraVolumeMounts: |- tuning: resources: {} extraVolumeMounts: |- diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index 128a45103..7f9a692be 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.4.33 +appVersion: 1.4.43 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.4.4 +version: 1.4.5 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 546b62115..abbe63e3d 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.4.4 +### Upgrade to 1.4.5 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.4.4/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.4.5/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 546b62115..abbe63e3d 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.4.4 +### Upgrade to 1.4.5 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.4.4/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.4.5/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/templates/configmap.yaml b/charts/speedscale/speedscale-operator/templates/configmap.yaml index 86f20ffd9..01aa823eb 100644 --- a/charts/speedscale/speedscale-operator/templates/configmap.yaml +++ b/charts/speedscale/speedscale-operator/templates/configmap.yaml @@ -28,3 +28,12 @@ data: DEPLOY_DEMO: {{ .Values.deployDemo }} GLOBAL_ANNOTATIONS: {{ .Values.globalAnnotations | toJson | quote }} GLOBAL_LABELS: {{ .Values.globalLabels | toJson | quote }} + {{- if .Values.http_proxy }} + HTTP_PROXY: {{ .Values.http_proxy }} + {{- end }} + {{- if .Values.https_proxy }} + HTTPS_PROXY: {{ .Values.https_proxy }} + {{- end }} + {{- if .Values.no_proxy }} + NO_PROXY: {{ .Values.no_proxy }} + {{- end }} diff --git a/charts/speedscale/speedscale-operator/templates/hooks.yaml b/charts/speedscale/speedscale-operator/templates/hooks.yaml index 24e733f3e..f25f4899d 100644 --- a/charts/speedscale/speedscale-operator/templates/hooks.yaml +++ b/charts/speedscale/speedscale-operator/templates/hooks.yaml @@ -18,6 +18,7 @@ metadata: {{- end }} spec: backoffLimit: 0 + ttlSecondsAfterFinished: 30 template: metadata: annotations: @@ -34,6 +35,15 @@ spec: - args: - |- # ensure valid settings before the chart reports a successfull install + {{- if .Values.http_proxy }} + HTTP_PROXY={{ .Values.http_proxy | quote }} \ + {{- end }} + {{- if .Values.https_proxy }} + HTTPS_PROXY={{ .Values.https_proxy | quote }} \ + {{- end }} + {{- if .Values.no_proxy }} + NO_PROXY={{ .Values.no_proxy | quote }} \ + {{- end }} speedctl init --overwrite --no-rcfile-update \ --api-key $SPEEDSCALE_API_KEY \ --app-url $SPEEDSCALE_APP_URL diff --git a/charts/speedscale/speedscale-operator/templates/tls.yaml b/charts/speedscale/speedscale-operator/templates/tls.yaml index c9a17f296..21db082cd 100644 --- a/charts/speedscale/speedscale-operator/templates/tls.yaml +++ b/charts/speedscale/speedscale-operator/templates/tls.yaml @@ -29,6 +29,7 @@ metadata: {{- end }} spec: backoffLimit: 0 + ttlSecondsAfterFinished: 30 template: metadata: annotations: @@ -53,6 +54,15 @@ spec: ARCH=arm64 ;; esac + {{- if .Values.http_proxy }} + HTTP_PROXY={{ .Values.http_proxy | quote }} \ + {{- end }} + {{- if .Values.https_proxy }} + HTTPS_PROXY={{ .Values.https_proxy | quote }} \ + {{- end }} + {{- if .Values.no_proxy }} + NO_PROXY={{ .Values.no_proxy | quote }} \ + {{- end }} curl -Lfs "https://storage.googleapis.com/kubernetes-release/release/v1.20.0/bin/linux/${ARCH}/kubectl" \ -o /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index e875a3057..840542119 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.4.33 + tag: v1.4.43 pullPolicy: Always # Log level for Speedscale components. @@ -77,6 +77,12 @@ nodeSelector: {} # Deploy a demo app at startup. deployDemo: "java" +# Proxy connection settings if required by your network. These translate to standard proxy environment +# variables HTTP_PROXY, HTTPS_PROXY, and NO_PROXY +http_proxy: "" +https_proxy: "" +no_proxy: "" + # Operator settings. These limits are recommended unless you have a cluster # with a very large number of workloads (for eg. 10k+ deployments, replicasets, etc.). operator: diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 2a6596d01..4b86a437c 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.16.21 +### Chores +* **sysdig, node-analyzer** [6c7c27bf](https://github.com/sysdiglabs/charts/commit/6c7c27bf845b30af0eb5a4cb8f5fe330923d564f): bump sysdig/vuln-runtime-scanner to v1.6.4 [SSPROD-3285] ([#1477](https://github.com/sysdiglabs/charts/issues/1477)) # v1.16.20 ### Bug Fixes * **agent,kspm-collector,node-analyzer,sysdig** [f378d192](https://github.com/sysdiglabs/charts/commit/f378d1922d0f21f5936c6ed872e6538536ccf1f2): whitespace errors ([#1436](https://github.com/sysdiglabs/charts/issues/1436)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index 0ae35a048..55a231079 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -19,4 +19,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.16.20 +version: 1.16.21 diff --git a/charts/sysdig/sysdig/README.md b/charts/sysdig/sysdig/README.md index baddc0277..b509c68c1 100644 --- a/charts/sysdig/sysdig/README.md +++ b/charts/sysdig/sysdig/README.md @@ -262,7 +262,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | `nodeAnalyzer.runtimeScanner.deploy` | Deploys the Runtime Scanner. | `false` | | `nodeAnalyzer.runtimeScanner.extraMounts` | Specifies a container engine custom socket path (docker, containerd, CRI-O). | | | `nodeAnalyzer.runtimeScanner.image.repository` | The image repository to pull the Runtime Scanner from. | `sysdig/vuln-runtime-scanner` | -| `nodeAnalyzer.runtimeScanner.image.tag` | The image tag to pull the Runtime Scanner. | `1.6.3` | +| `nodeAnalyzer.runtimeScanner.image.tag` | The image tag to pull the Runtime Scanner. | `1.6.4` | | `nodeAnalyzer.runtimeScanner.image.digest` | The image digest to pull. | ` ` | | `nodeAnalyzer.runtimeScanner.image.pullPolicy` | The image pull policy for the Runtime Scanner. | `IfNotPresent` | | `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Runtime Scanner CPU requests per node. | `250m` | diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index 03ac54ef1..c748c770c 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,5 +1,5 @@ # What's Changed -### Bug Fixes -- **agent,kspm-collector,node-analyzer,sysdig** [f378d192](https://github.com/sysdiglabs/charts/commit/f378d1922d0f21f5936c6ed872e6538536ccf1f2): whitespace errors ([#1436](https://github.com/sysdiglabs/charts/issues/1436)) -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.29.1...sysdig-1.16.20 +### Chores +- **sysdig, node-analyzer** [6c7c27bf](https://github.com/sysdiglabs/charts/commit/6c7c27bf845b30af0eb5a4cb8f5fe330923d564f): bump sysdig/vuln-runtime-scanner to v1.6.4 [SSPROD-3285] ([#1477](https://github.com/sysdiglabs/charts/issues/1477)) +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.29.8...sysdig-1.16.21 diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml index 9be974f96..d3cbfc292 100644 --- a/charts/sysdig/sysdig/values.yaml +++ b/charts/sysdig/sysdig/values.yaml @@ -432,7 +432,7 @@ nodeAnalyzer: deploy: false image: repository: sysdig/vuln-runtime-scanner - tag: 1.6.3 + tag: 1.6.4 digest: null pullPolicy: IfNotPresent extraMounts: [] diff --git a/index.yaml b/index.yaml index 167adf0e0..35a830dfc 100644 --- a/index.yaml +++ b/index.yaml @@ -11169,6 +11169,48 @@ entries: - assets/asserts/asserts-1.6.0.tgz version: 1.6.0 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + images: | + - name: cassandra-exporter + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r430 + - name: cassandra + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r75 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r91 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.3 + created: "2023-11-17T13:48:34.905549207Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: ad473d9b4b78b60b037b7aaa875a981c0c3fa27821b7714377c7ab95c450378d + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/cassandra + urls: + - assets/bitnami/cassandra-10.6.5.tgz + version: 10.6.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -15793,8 +15835,8 @@ entries: catalog.cattle.io/featured: "1" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 - appVersion: 1.107.0 - created: "2023-11-06T14:43:49.641713882Z" + appVersion: 1.107.1 + created: "2023-11-17T13:49:06.728346463Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -15810,7 +15852,38 @@ entries: version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. - digest: 60ef220bb098b34a131a47274a4c46168d9fcd1297b75986233188b02488a1c3 + digest: 837b5321d9f0ff562997f72644eec1f9c12aa001dc84120dd87917466d479a87 + icon: https://partner-charts.rancher.io/assets/logos/kubecost.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-1.107.1.tgz + version: 1.107.1 + - annotations: + artifacthub.io/links: | + - name: Homepage + url: https://www.kubecost.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kubecost + catalog.cattle.io/release-name: cost-analyzer + apiVersion: v2 + appVersion: 1.107.0 + created: "2023-11-17T13:48:54.181175806Z" + dependencies: + - condition: global.grafana.enabled + name: grafana + repository: file://./charts/grafana + version: ~1.17.2 + - condition: global.prometheus.enabled + name: prometheus + repository: file://./charts/prometheus + version: ~11.0.2 + - condition: global.thanos.enabled + name: thanos + repository: file://./charts/thanos + version: ~0.29.0 + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: e54bb04b425c7489ebbb12eb6088e264730eb1d75a333f5e82a7a7d16c1fd7d6 icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer urls: @@ -18092,6 +18165,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-11-17T13:48:37.999449459Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 1.0.1 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: c892cfc22af2641e59e9293abb61a6d7733a17224d5821f86eac8a5375db86ce + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.49.0.tgz + version: 3.49.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -25630,6 +25740,36 @@ entries: - assets/gopaddle/gopaddle-4.2.5.tgz version: 4.2.5 haproxy: + - annotations: + artifacthub.io/changes: | + - Use Ingress Controller 1.10.10 version for base image + - Add CRD install/upgrade job for automated CRD management + - Remove default CRDs provided by Chart + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: haproxy + apiVersion: v2 + appVersion: 1.10.10 + created: "2023-11-17T13:48:38.515048205Z" + description: A Helm chart for HAProxy Kubernetes Ingress Controller + digest: 47b1c5279309f6bb5294216411327b6ef9ede87d20c6f871c8ee33c5699e1079 + home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress + icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png + keywords: + - ingress + - haproxy + kubeVersion: '>=1.22.0-0' + maintainers: + - email: dkorunic@haproxy.com + name: Dinko Korunic + name: haproxy + sources: + - https://github.com/haproxytech/kubernetes-ingress + type: application + urls: + - assets/haproxy/haproxy-1.35.0.tgz + version: 1.35.0 - annotations: artifacthub.io/changes: | - Fixes for .Capabilities.APIVersions issues (issues #202 and #211) @@ -28420,6 +28560,62 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/images: | + - name: jenkins + image: jenkins/jenkins:2.426.1-jdk11 + - name: k8s-sidecar + image: kiwigrid/k8s-sidecar:1.24.4 + - name: inbound-agent + image: jenkins/inbound-agent:3107.v665000b_51092-15 + - name: backup + image: maorfr/kube-tasks:0.2.0 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.426.1 + created: "2023-11-17T13:48:52.537537296Z" + description: Jenkins - Build great things at any scale! The leading open source + automation server, Jenkins provides over 1800 plugins to support building, deploying + and automating any project. + digest: 83c271b3982ed509a36dbfbe845e67d2b4871505bf39fd94453a2d5183568b62 + home: https://jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + urls: + - assets/jenkins/jenkins-4.8.3.tgz + version: 4.8.3 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/images: | @@ -35661,6 +35857,31 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.4" + created: "2023-11-17T13:48:53.88927472Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 4c22105491e85638b50c2b64daacd2e9988820d6508ec62d792b8ee431edced7 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: team-k8s@konghq.com + name: team-k8s-bot + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.32.0.tgz + version: 2.32.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -37570,6 +37791,33 @@ entries: - assets/avesha/kubeslice-worker-0.4.5.tgz version: 0.4.5 kuma: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kuma + catalog.cattle.io/namespace: kuma-system + catalog.cattle.io/release-name: kuma + apiVersion: v2 + appVersion: 2.5.0 + created: "2023-11-17T13:49:06.839260114Z" + description: A Helm chart for the Kuma Control Plane + digest: 4e15d456997f209b0f3f6c9a5d49886a0759f60f411c155848fbe1db16c6f02a + home: https://github.com/kumahq/kuma + icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg + keywords: + - service mesh + - control plane + maintainers: + - email: austin.cawley@gmail.com + name: austince + - email: jakub.dyszkiewicz@konghq.com + name: jakubdyszkiewicz + - email: nikolay.nikolaev@konghq.com + name: nickolaev + name: kuma + type: application + urls: + - assets/kuma/kuma-2.5.0.tgz + version: 2.5.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kuma @@ -38065,15 +38313,46 @@ entries: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: linkerd-control-plane apiVersion: v2 - appVersion: stable-2.14.3 - created: "2023-11-09T12:42:02.315155459Z" + appVersion: stable-2.14.4 + created: "2023-11-17T13:49:19.42789717Z" dependencies: - name: partials repository: file://./charts/partials version: 0.1.0 description: 'Linkerd gives you observability, reliability, and security for your microservices — with no code change required. ' - digest: 2d70b97ab48e75bc280acc7eb9f59f2929b1c0b4fbd5481d855a1a1bdbb4b17a + digest: 3d823b02ed21e7ca85cfd46c56f4ea353dbfb8c6ece9cd047dd38f9825fc408d + home: https://linkerd.io + icon: https://linkerd.io/images/logo-only-200h.png + keywords: + - service-mesh + kubeVersion: '>=1.21.0-0' + maintainers: + - email: cncf-linkerd-dev@lists.cncf.io + name: Linkerd authors + url: https://linkerd.io/ + name: linkerd-control-plane + sources: + - https://github.com/linkerd/linkerd2/ + type: application + urls: + - assets/linkerd/linkerd-control-plane-1.16.5.tgz + version: 1.16.5 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Linkerd Control Plane + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: linkerd-control-plane + apiVersion: v2 + appVersion: stable-2.14.3 + created: "2023-11-17T13:49:06.849537792Z" + dependencies: + - name: partials + repository: file://./charts/partials + version: 0.1.0 + description: 'Linkerd gives you observability, reliability, and security for your + microservices — with no code change required. ' + digest: 8b862f754b9d9a92cfca220cba0c3aec23b1dd431af4ec6f3fb9aa69c7ee076f home: https://linkerd.io icon: https://linkerd.io/images/logo-only-200h.png keywords: @@ -40631,6 +40910,32 @@ entries: - assets/metallb/metallb-0.13.7.tgz version: 0.13.7 minio-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Minio Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: minio-operator + apiVersion: v2 + appVersion: v5.0.11 + created: "2023-11-17T13:49:19.457175376Z" + description: A Helm chart for MinIO Operator + digest: 4ca686301ad63b39a3f3d897b39ffbcc5d2751974aa282e24bfa749243c28f14 + home: https://min.io + icon: https://min.io/resources/img/logo/MINIO_wordmark.png + keywords: + - storage + - object-storage + - S3 + maintainers: + - email: dev@minio.io + name: MinIO, Inc + name: minio-operator + sources: + - https://github.com/minio/operator + type: application + urls: + - assets/minio/minio-operator-5.0.11.tgz + version: 5.0.11 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Minio Operator @@ -51995,6 +52300,50 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r91 + - name: redis-exporter + image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r2 + - name: redis-sentinel + image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r1 + - name: redis + image: docker.io/bitnami/redis:7.2.3-debian-11-r1 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.2.3 + created: "2023-11-17T13:48:36.142662778Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 24669ca7656f7bf5da50d7d37bda32917a91cf4da6c583ef8139ed543710ca98 + home: https://bitnami.com + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-18.4.0.tgz + version: 18.4.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -54359,6 +54708,50 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.2.16 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.8.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.2.16 + created: "2023-11-17T13:49:20.695887585Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: file://./charts/connectors + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 30ca9e715c5665a57527224d03046fc077e4f4637af51007302c00a10331ea6c + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.6.48.tgz + version: 5.6.48 - annotations: artifacthub.io/images: | - name: redpanda @@ -59083,6 +59476,43 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + images: | + - name: spark + image: docker.io/bitnami/spark:3.5.0-debian-11-r15 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.0 + created: "2023-11-17T13:48:36.238608767Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: dc816f1b6e002189a995a49ebe05f384a94479d96d42659848f8b72f6146e846 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-8.1.5.tgz + version: 8.1.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -60385,6 +60815,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.4.43 + created: "2023-11-17T13:49:20.779122458Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 98bf7cfc84826433ba5a94b40aab7fe19ca8b5038e6587f63b2a26c95dd5fcf5 + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.4.5.tgz + version: 1.4.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -62757,6 +63218,32 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.17.1 + created: "2023-11-17T13:49:21.024335313Z" + deprecated: true + description: Sysdig Monitor and Secure agent + digest: ca46e77275973668e9183ce926b9c1de3672467ec9129663c958efcbc580412f + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.16.21.tgz + version: 1.16.21 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -67539,10 +68026,41 @@ entries: catalog.cattle.io/release-name: vault charts.openshift.io/name: HashiCorp Vault apiVersion: v2 - appVersion: 1.15.1 - created: "2023-10-31T13:40:09.169111265Z" + appVersion: 1.15.2 + created: "2023-11-17T13:48:52.314595304Z" description: Official HashiCorp Vault Chart - digest: ec4b7b0963cd64e789700735089e7dfb8e3479b8f239d85ef70cb36239e467d9 + digest: 7f454a9eb8c67101b204cc3e42347cdd907223bf61d2c917271f081a30fb0657 + home: https://www.vaultproject.io + icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png + keywords: + - vault + - security + - encryption + - secrets + - management + - automation + - infrastructure + kubeVersion: '>= 1.20.0-0' + name: vault + sources: + - https://github.com/hashicorp/vault + - https://github.com/hashicorp/vault-helm + - https://github.com/hashicorp/vault-k8s + - https://github.com/hashicorp/vault-csi-provider + urls: + - assets/hashicorp/vault-0.27.0.tgz + version: 0.27.0 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Hashicorp Vault + catalog.cattle.io/kube-version: '>= 1.20.0-0' + catalog.cattle.io/release-name: vault + charts.openshift.io/name: HashiCorp Vault + apiVersion: v2 + appVersion: 1.15.1 + created: "2023-11-17T13:48:38.681678865Z" + description: Official HashiCorp Vault Chart + digest: 2e631a19e09b7e59f2ad3d9d39bf13ec16c881cdf67e3b8a6a8a91d8361cf78f home: https://www.vaultproject.io icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png keywords: