Charts CI

```
Updated:
  aquarist-labs/s3gw:
    - 0.22.0
  bitnami/airflow:
    - 16.0.7
  bitnami/mariadb:
    - 14.1.0
  bitnami/mysql:
    - 9.14.1
  bitnami/wordpress:
    - 18.0.10
  datadog/datadog:
    - 3.42.0
  jfrog/artifactory-ha:
    - 107.71.3
  jfrog/artifactory-jcr:
    - 107.71.3
  kasten/k10:
    - 6.0.11
  kubecost/cost-analyzer:
    - 1.106.4
  loft/loft:
    - 3.3.0
  new-relic/nri-bundle:
    - 5.0.42
  speedscale/speedscale-operator:
    - 1.3.44
  sysdig/sysdig:
    - 1.16.19
  yugabyte/yugabyte:
    - 2.18.4
  yugabyte/yugaware:
    - 2.18.4
```

charts/aquarist-labs/s3gw/Chart.yaml

@@ -35,4 +35,4 @@ sources:
 - https://github.com/aquarist-labs/s3gw-cosi-driver
 - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar
 type: application
-version: 0.21.0
+version: 0.22.0

charts/bitnami/airflow/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.1.5
+  version: 18.1.6
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 13.1.5
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.13.2
+  version: 2.13.3
-digest: sha256:5b0157324635d8a3daca94e01d702a13f41b14d81250b29486b5512db2d6b2e5
+digest: sha256:997c8924637ccceb54891a37f5a10b84c97192f805079f1407d704ccaa64ed41
-generated: "2023-10-14T17:55:52.376439601Z"
+generated: "2023-10-24T20:41:28.772039309Z"

charts/bitnami/airflow/Chart.yaml

@@ -10,9 +10,9 @@ annotations:
     - name: airflow-scheduler
       image: docker.io/bitnami/airflow-scheduler:2.7.2-debian-11-r0
     - name: airflow-worker
-      image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r0
+      image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r1
     - name: airflow
-      image: docker.io/bitnami/airflow:2.7.2-debian-11-r0
+      image: docker.io/bitnami/airflow:2.7.2-debian-11-r1
     - name: git
       image: docker.io/bitnami/git:2.42.0-debian-11-r45
     - name: os-shell
@@ -50,4 +50,4 @@ maintainers:
 name: airflow
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/airflow
-version: 16.0.6
+version: 16.0.7

charts/bitnami/airflow/README.md

@@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
 ## TL;DR
 
 ```console
-helm install my-release oci://registry-1.docker.io/bitnamicharts/airflow
+helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
 ```
 
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
 ## Introduction
 
 This chart bootstraps an [Apache Airflow](https://github.com/bitnami/containers/tree/main/bitnami/airflow) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 
-Looking to use Apache Airflow in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+Looking to use Apache Airflow in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 
 ## Prerequisites
 
@@ -32,9 +34,11 @@ Looking to use Apache Airflow in production? Try [VMware Application Catalog](ht
 To install the chart with the release name `my-release`:
 
 ```console
-helm install my-release oci://registry-1.docker.io/bitnamicharts/airflow
+helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
 ```
 
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
 These commands deploy Airflow on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
 
 > **Tip**: List all releases using `helm list`
@@ -77,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and
 ### Airflow common parameters
 
 | Name                     | Description                                                                                                                                                               | Value                      |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
 | `auth.username`          | Username to access web UI                                                                                                                                                 | `user`                     |
 | `auth.password`          | Password to access web UI                                                                                                                                                 | `""`                       |
 | `auth.fernetKey`         | Fernet key to secure connections                                                                                                                                          | `""`                       |
@@ -88,9 +92,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `configuration`          | Specify content for Airflow config file (auto-generated based on other env. vars otherwise)                                                                               | `""`                       |
 | `existingConfigmap`      | Name of an existing ConfigMap with the Airflow config file                                                                                                                | `""`                       |
 | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow                                                                                         | `""`                       |
-| `dags.image.registry`    | Init container load-dags image registry                                                                                                                                   | `docker.io`        |
+| `dags.image.registry`    | Init container load-dags image registry                                                                                                                                   | `REGISTRY_NAME`            |
-| `dags.image.repository`  | Init container load-dags image repository                                                                                                                                 | `bitnami/os-shell` |
+| `dags.image.repository`  | Init container load-dags image repository                                                                                                                                 | `REPOSITORY_NAME/os-shell` |
-| `dags.image.tag`         | Init container load-dags image tag (immutable tags are recommended)                                                                                                       | `11-debian-11-r90` |
 | `dags.image.digest`      | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                  | `""`                       |
 | `dags.image.pullPolicy`  | Init container load-dags image pull policy                                                                                                                                | `IfNotPresent`             |
 | `dags.image.pullSecrets` | Init container load-dags image pull secrets                                                                                                                               | `[]`                       |
@@ -106,10 +109,9 @@ The command removes all the Kubernetes components associated with the chart and
 ### Airflow web parameters
 
 | Name                                        | Description                                                                                                              | Value                     |
-| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- |
+| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
-| `web.image.registry`                        | Airflow image registry                                                                                                   | `docker.io`          |
+| `web.image.registry`                        | Airflow image registry                                                                                                   | `REGISTRY_NAME`           |
-| `web.image.repository`                      | Airflow image repository                                                                                                 | `bitnami/airflow`    |
+| `web.image.repository`                      | Airflow image repository                                                                                                 | `REPOSITORY_NAME/airflow` |
-| `web.image.tag`                             | Airflow image tag (immutable tags are recommended)                                                                       | `2.7.2-debian-11-r0` |
 | `web.image.digest`                          | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                  | `""`                      |
 | `web.image.pullPolicy`                      | Airflow image pull policy                                                                                                | `IfNotPresent`            |
 | `web.image.pullSecrets`                     | Airflow image pull secrets                                                                                               | `[]`                      |
@@ -181,10 +183,9 @@ The command removes all the Kubernetes components associated with the chart and
 ### Airflow scheduler parameters
 
 | Name                                              | Description                                                                                                              | Value                               |
-| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
-| `scheduler.image.registry`                        | Airflow Scheduler image registry                                                                                         | `docker.io`                 |
+| `scheduler.image.registry`                        | Airflow Scheduler image registry                                                                                         | `REGISTRY_NAME`                     |
-| `scheduler.image.repository`                      | Airflow Scheduler image repository                                                                                       | `bitnami/airflow-scheduler` |
+| `scheduler.image.repository`                      | Airflow Scheduler image repository                                                                                       | `REPOSITORY_NAME/airflow-scheduler` |
-| `scheduler.image.tag`                             | Airflow Scheduler image tag (immutable tags are recommended)                                                             | `2.7.2-debian-11-r0`        |
 | `scheduler.image.digest`                          | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag        | `""`                                |
 | `scheduler.image.pullPolicy`                      | Airflow Scheduler image pull policy                                                                                      | `IfNotPresent`                      |
 | `scheduler.image.pullSecrets`                     | Airflow Scheduler image pull secrets                                                                                     | `[]`                                |
@@ -235,10 +236,9 @@ The command removes all the Kubernetes components associated with the chart and
 ### Airflow worker parameters
 
 | Name                                           | Description                                                                                                              | Value                            |
-| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
+| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
-| `worker.image.registry`                        | Airflow Worker image registry                                                                                            | `docker.io`              |
+| `worker.image.registry`                        | Airflow Worker image registry                                                                                            | `REGISTRY_NAME`                  |
-| `worker.image.repository`                      | Airflow Worker image repository                                                                                          | `bitnami/airflow-worker` |
+| `worker.image.repository`                      | Airflow Worker image repository                                                                                          | `REPOSITORY_NAME/airflow-worker` |
-| `worker.image.tag`                             | Airflow Worker image tag (immutable tags are recommended)                                                                | `2.7.2-debian-11-r1`     |
 | `worker.image.digest`                          | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag           | `""`                             |
 | `worker.image.pullPolicy`                      | Airflow Worker image pull policy                                                                                         | `IfNotPresent`                   |
 | `worker.image.pullSecrets`                     | Airflow Worker image pull secrets                                                                                        | `[]`                             |
@@ -315,10 +315,9 @@ The command removes all the Kubernetes components associated with the chart and
 ### Airflow git sync parameters
 
 | Name                           | Description                                                                                         | Value                 |
-| ------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------- |
+| ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
-| `git.image.registry`           | Git image registry                                                                                  | `docker.io`            |
+| `git.image.registry`           | Git image registry                                                                                  | `REGISTRY_NAME`       |
-| `git.image.repository`         | Git image repository                                                                                | `bitnami/git`          |
+| `git.image.repository`         | Git image repository                                                                                | `REPOSITORY_NAME/git` |
-| `git.image.tag`                | Git image tag (immutable tags are recommended)                                                      | `2.42.0-debian-11-r45` |
 | `git.image.digest`             | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                  |
 | `git.image.pullPolicy`         | Git image pull policy                                                                               | `IfNotPresent`        |
 | `git.image.pullSecrets`        | Git image pull secrets                                                                              | `[]`                  |
@@ -406,11 +405,10 @@ The command removes all the Kubernetes components associated with the chart and
 ### Airflow metrics parameters
 
 | Name                                            | Description                                                                                                      | Value                              |
-| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------- |
+| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
 | `metrics.enabled`                               | Whether or not to create a standalone Airflow exporter to expose Airflow metrics                                 | `false`                            |
-| `metrics.image.registry`                        | Airflow exporter image registry                                                                                  | `docker.io`                   |
+| `metrics.image.registry`                        | Airflow exporter image registry                                                                                  | `REGISTRY_NAME`                    |
-| `metrics.image.repository`                      | Airflow exporter image repository                                                                                | `bitnami/airflow-exporter`    |
+| `metrics.image.repository`                      | Airflow exporter image repository                                                                                | `REPOSITORY_NAME/airflow-exporter` |
-| `metrics.image.tag`                             | Airflow exporter image tag (immutable tags are recommended)                                                      | `0.20220314.0-debian-11-r438` |
 | `metrics.image.digest`                          | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                               |
 | `metrics.image.pullPolicy`                      | Airflow exporter image pull policy                                                                               | `IfNotPresent`                     |
 | `metrics.image.pullSecrets`                     | Airflow exporter image pull secrets                                                                              | `[]`                               |
@@ -491,9 +489,11 @@ helm install my-release \
                --set auth.password=my-passsword \
                --set auth.fernetKey=my-fernet-key \
                --set auth.secretKey=my-secret-key \
-               oci://registry-1.docker.io/bitnamicharts/airflow
+               oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
 ```
 
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
 The above command sets the credentials to access the Airflow web UI.
 
 > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@@ -501,9 +501,10 @@ The above command sets the credentials to access the Airflow web UI.
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 
 ```console
-helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/airflow
+helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
 ```
 
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
 > **Tip**: You can use the default [values.yaml](values.yaml)
 
 ## Configuration and installation details

charts/bitnami/airflow/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.13.2
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.13.2
+version: 2.13.3

charts/bitnami/airflow/charts/common/README.md

@@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
 
 ## Prerequisites
 
-- Kubernetes 1.19+
+- Kubernetes 1.23+
-- Helm 3.2.0+
+- Helm 3.8.0+
 
 ## Parameters
 

charts/bitnami/airflow/charts/common/templates/_capabilities.tpl

@@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
 {{/*
 Returns true if AdmissionConfiguration is supported
 */}}
-{{- define "common.capabilities.admisionConfiguration.supported" -}}
+{{- define "common.capabilities.admissionConfiguration.supported" -}}
 {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
   {{- true -}}
 {{- end -}}
@@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
 {{/*
 Return the appropriate apiVersion for AdmissionConfiguration.
 */}}
-{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
+{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
 {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
 {{- print "apiserver.config.k8s.io/v1alpha1" -}}
 {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

charts/bitnami/airflow/charts/redis/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.13.2
+  version: 2.13.3
-digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
+digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
-generated: "2023-10-07T00:54:22.108613108Z"
+generated: "2023-10-19T12:32:36.790999138Z"

charts/bitnami/airflow/charts/redis/Chart.yaml

@@ -6,12 +6,12 @@ annotations:
     - name: redis-exporter
       image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
     - name: redis-sentinel
-      image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r26
+      image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0
     - name: redis
-      image: docker.io/bitnami/redis:7.2.1-debian-11-r26
+      image: docker.io/bitnami/redis:7.2.2-debian-11-r0
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 7.2.1
+appVersion: 7.2.2
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
@@ -33,4 +33,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 18.1.5
+version: 18.1.6

charts/bitnami/airflow/charts/redis/README.md

@@ -98,10 +98,10 @@ The command removes all the Kubernetes components associated with the chart and
 ### Redis® Image parameters
 
 | Name                | Description                                                                                                | Value                |
-| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- |
 | `image.registry`    | Redis® image registry                                                                                  | `docker.io`          |
 | `image.repository`  | Redis® image repository                                                                                | `bitnami/redis`      |
-| `image.tag`         | Redis® image tag (immutable tags are recommended)                                                      | `7.2.1-debian-11-r26` |
+| `image.tag`         | Redis® image tag (immutable tags are recommended)                                                      | `7.2.2-debian-11-r0` |
 | `image.digest`      | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                 |
 | `image.pullPolicy`  | Redis® image pull policy                                                                               | `IfNotPresent`       |
 | `image.pullSecrets` | Redis® image pull secrets                                                                              | `[]`                 |
@@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sentinel.enabled`                                           | Use Redis® Sentinel on Redis® pods.                                                                                                 | `false`                  |
 | `sentinel.image.registry`                                    | Redis® Sentinel image registry                                                                                                          | `docker.io`              |
 | `sentinel.image.repository`                                  | Redis® Sentinel image repository                                                                                                        | `bitnami/redis-sentinel` |
-| `sentinel.image.tag`                                         | Redis® Sentinel image tag (immutable tags are recommended)                                                                              | `7.2.1-debian-11-r26`    |
+| `sentinel.image.tag`                                         | Redis® Sentinel image tag (immutable tags are recommended)                                                                              | `7.2.2-debian-11-r0`     |
 | `sentinel.image.digest`                                      | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                         | `""`                     |
 | `sentinel.image.pullPolicy`                                  | Redis® Sentinel image pull policy                                                                                                       | `IfNotPresent`           |
 | `sentinel.image.pullSecrets`                                 | Redis® Sentinel image pull secrets                                                                                                      | `[]`                     |

charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.13.2
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.13.2
+version: 2.13.3

charts/bitnami/airflow/charts/redis/charts/common/README.md

@@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
 
 ## Prerequisites
 
-- Kubernetes 1.19+
+- Kubernetes 1.23+
-- Helm 3.2.0+
+- Helm 3.8.0+
 
 ## Parameters
 

charts/bitnami/airflow/charts/redis/charts/common/templates/_capabilities.tpl

@@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
 {{/*
 Returns true if AdmissionConfiguration is supported
 */}}
-{{- define "common.capabilities.admisionConfiguration.supported" -}}
+{{- define "common.capabilities.admissionConfiguration.supported" -}}
 {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
   {{- true -}}
 {{- end -}}
@@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
 {{/*
 Return the appropriate apiVersion for AdmissionConfiguration.
 */}}
-{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
+{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
 {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
 {{- print "apiserver.config.k8s.io/v1alpha1" -}}
 {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

charts/bitnami/airflow/charts/redis/values.yaml

@@ -91,7 +91,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/redis
-  tag: 7.2.1-debian-11-r26
+  tag: 7.2.2-debian-11-r0
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1056,7 +1056,7 @@ sentinel:
   image:
     registry: docker.io
     repository: bitnami/redis-sentinel
-    tag: 7.2.1-debian-11-r26
+    tag: 7.2.2-debian-11-r0
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

charts/bitnami/airflow/values.yaml

@@ -111,9 +111,9 @@ dags:
   existingConfigmap: ""
   ## OS Shell + Utility image
   ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
-  ## @param dags.image.registry Init container load-dags image registry
+  ## @param dags.image.registry [default: REGISTRY_NAME] Init container load-dags image registry
-  ## @param dags.image.repository Init container load-dags image repository
+  ## @param dags.image.repository [default: REPOSITORY_NAME/os-shell] Init container load-dags image repository
-  ## @param dags.image.tag Init container load-dags image tag (immutable tags are recommended)
+  ## @skip dags.image.tag Init container load-dags image tag (immutable tags are recommended)
   ## @param dags.image.digest Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
   ## @param dags.image.pullPolicy Init container load-dags image pull policy
   ## @param dags.image.pullSecrets Init container load-dags image pull secrets
@@ -178,9 +178,9 @@ extraVolumes: []
 web:
   ## Bitnami Airflow image version
   ## ref: https://hub.docker.com/r/bitnami/airflow/tags/
-  ## @param web.image.registry Airflow image registry
+  ## @param web.image.registry [default: REGISTRY_NAME] Airflow image registry
-  ## @param web.image.repository Airflow image repository
+  ## @param web.image.repository [default: REPOSITORY_NAME/airflow] Airflow image repository
-  ## @param web.image.tag Airflow image tag (immutable tags are recommended)
+  ## @skip web.image.tag Airflow image tag (immutable tags are recommended)
   ## @param web.image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
   ## @param web.image.pullPolicy Airflow image pull policy
   ## @param web.image.pullSecrets Airflow image pull secrets
@@ -188,7 +188,7 @@ web:
   image:
     registry: docker.io
     repository: bitnami/airflow
-    tag: 2.7.2-debian-11-r0
+    tag: 2.7.2-debian-11-r1
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -435,9 +435,9 @@ web:
 scheduler:
   ## Bitnami Airflow Scheduler image version
   ## ref: https://hub.docker.com/r/bitnami/airflow-scheduler/tags/
-  ## @param scheduler.image.registry Airflow Scheduler image registry
+  ## @param scheduler.image.registry [default: REGISTRY_NAME] Airflow Scheduler image registry
-  ## @param scheduler.image.repository Airflow Scheduler image repository
+  ## @param scheduler.image.repository [default: REPOSITORY_NAME/airflow-scheduler] Airflow Scheduler image repository
-  ## @param scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended)
+  ## @skip scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended)
   ## @param scheduler.image.digest Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
   ## @param scheduler.image.pullPolicy Airflow Scheduler image pull policy
   ## @param scheduler.image.pullSecrets Airflow Scheduler image pull secrets
@@ -639,9 +639,9 @@ scheduler:
 worker:
   ## Bitnami Airflow Worker image version
   ## ref: https://hub.docker.com/r/bitnami/airflow-worker/tags/
-  ## @param worker.image.registry Airflow Worker image registry
+  ## @param worker.image.registry [default: REGISTRY_NAME] Airflow Worker image registry
-  ## @param worker.image.repository Airflow Worker image repository
+  ## @param worker.image.repository [default: REPOSITORY_NAME/airflow-worker] Airflow Worker image repository
-  ## @param worker.image.tag Airflow Worker image tag (immutable tags are recommended)
+  ## @skip worker.image.tag Airflow Worker image tag (immutable tags are recommended)
   ## @param worker.image.digest Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
   ## @param worker.image.pullPolicy Airflow Worker image pull policy
   ## @param worker.image.pullSecrets Airflow Worker image pull secrets
@@ -913,9 +913,9 @@ worker:
 git:
   ## Bitnami Git image version
   ## ref: https://hub.docker.com/r/bitnami/git/tags/
-  ## @param git.image.registry Git image registry
+  ## @param git.image.registry [default: REGISTRY_NAME] Git image registry
-  ## @param git.image.repository Git image repository
+  ## @param git.image.repository [default: REPOSITORY_NAME/git] Git image repository
-  ## @param git.image.tag Git image tag (immutable tags are recommended)
+  ## @skip git.image.tag Git image tag (immutable tags are recommended)
   ## @param git.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
   ## @param git.image.pullPolicy Git image pull policy
   ## @param git.image.pullSecrets Git image pull secrets
@@ -1276,9 +1276,9 @@ metrics:
   enabled: false
   ## Bitnami Airflow exporter image
   ## ref: https://hub.docker.com/r/bitnami/airflow-exporter/tags/
-  ## @param metrics.image.registry Airflow exporter image registry
+  ## @param metrics.image.registry [default: REGISTRY_NAME] Airflow exporter image registry
-  ## @param metrics.image.repository Airflow exporter image repository
+  ## @param metrics.image.repository [default: REPOSITORY_NAME/airflow-exporter] Airflow exporter image repository
-  ## @param metrics.image.tag Airflow exporter image tag (immutable tags are recommended)
+  ## @skip metrics.image.tag Airflow exporter image tag (immutable tags are recommended)
   ## @param metrics.image.digest Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
   ## @param metrics.image.pullPolicy Airflow exporter image pull policy
   ## @param metrics.image.pullSecrets Airflow exporter image pull secrets

charts/bitnami/mariadb/Chart.yaml

@@ -37,4 +37,4 @@ maintainers:
 name: mariadb
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/mariadb
-version: 14.0.3
+version: 14.1.0

charts/bitnami/mariadb/README.md

@@ -24,7 +24,7 @@ MariaDB is developed as open source software and as a relational database it pro
 
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 
-Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 
 ## Prerequisites
 
@@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `primary.containerSecurityContext.runAsNonRoot`             | Set primary container's Security Context runAsNonRoot                                                             | `true`              |
 | `primary.containerSecurityContext.privileged`               | Set primary container's Security Context privileged                                                               | `false`             |
 | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation                                                 | `false`             |
+| `primary.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                | `["ALL"]`           |
+| `primary.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                  | `RuntimeDefault`    |
 | `primary.resources.limits`                                  | The resources limits for MariaDB primary containers                                                               | `{}`                |
 | `primary.resources.requests`                                | The requested resources for MariaDB primary containers                                                            | `{}`                |
 | `primary.startupProbe.enabled`                              | Enable startupProbe                                                                                               | `false`             |
@@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `secondary.containerSecurityContext.runAsNonRoot`             | Set secondary container's Security Context runAsNonRoot                                                               | `true`              |
 | `secondary.containerSecurityContext.privileged`               | Set secondary container's Security Context privileged                                                                 | `false`             |
 | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation                                                   | `false`             |
+| `secondary.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                    | `["ALL"]`           |
+| `secondary.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                      | `RuntimeDefault`    |
 | `secondary.resources.limits`                                  | The resources limits for MariaDB secondary containers                                                                 | `{}`                |
 | `secondary.resources.requests`                                | The requested resources for MariaDB secondary containers                                                              | `{}`                |
 | `secondary.startupProbe.enabled`                              | Enable startupProbe                                                                                                   | `false`             |
@@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.extraArgs`                                         | Extra args to be passed to mysqld_exporter                                                                                                | `{}`                              |
 | `metrics.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s)                                             | `{}`                              |
 | `metrics.containerSecurityContext.enabled`                  | Enable security context for MariaDB metrics container                                                                                     | `false`                           |
+| `metrics.containerSecurityContext.runAsUser`                | User ID for the MariaDB metrics container                                                                                                 | `1001`                            |
+| `metrics.containerSecurityContext.runAsNonRoot`             | Set metrics container's Security Context runAsNonRoot                                                                                     | `true`                            |
 | `metrics.containerSecurityContext.privileged`               | Set metrics container's Security Context privileged                                                                                       | `false`                           |
 | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation                                                                         | `false`                           |
+| `metrics.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                                        | `["ALL"]`                         |
+| `metrics.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                                          | `RuntimeDefault`                  |
 | `metrics.resources.limits`                                  | The resources limits for MariaDB prometheus exporter containers                                                                           | `{}`                              |
 | `metrics.resources.requests`                                | The requested resources for MariaDB prometheus exporter containers                                                                        | `{}`                              |
 | `metrics.livenessProbe.enabled`                             | Enable livenessProbe                                                                                                                      | `true`                            |

charts/bitnami/mariadb/values.yaml

@@ -325,6 +325,8 @@ primary:
   ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
   ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
   ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
+  ## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ##
   containerSecurityContext:
     enabled: true
@@ -332,6 +334,10 @@ primary:
     runAsNonRoot: true
     privileged: false
     allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## MariaDB primary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -721,6 +727,8 @@ secondary:
   ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
   ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
   ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
+  ## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ##
   containerSecurityContext:
     enabled: true
@@ -728,6 +736,10 @@ secondary:
     runAsNonRoot: true
     privileged: false
     allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## MariaDB secondary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -1104,8 +1116,12 @@ metrics:
   ## MariaDB metrics container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
+  ## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
+  ## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
   ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
   ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
+  ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ## Example:
   ##   containerSecurityContext:
   ##     enabled: true
@@ -1116,7 +1132,13 @@ metrics:
   containerSecurityContext:
     enabled: false
     privileged: false
+    runAsNonRoot: true
+    runAsUser: 1001
     allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## Mysqld Prometheus exporter resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious

charts/bitnami/mysql/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.13.2
+  version: 2.13.3
-digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
+digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
-generated: "2023-10-12T15:20:38.409783798Z"
+generated: "2023-10-25T13:36:31.889996785Z"

charts/bitnami/mysql/Chart.yaml

@@ -6,14 +6,14 @@ annotations:
   category: Database
   images: |
     - name: mysql
-      image: docker.io/bitnami/mysql:8.0.34-debian-11-r75
+      image: docker.io/bitnami/mysql:8.0.35-debian-11-r0
     - name: mysqld-exporter
       image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70
     - name: os-shell
       image: docker.io/bitnami/os-shell:11-debian-11-r90
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 8.0.34
+appVersion: 8.0.35
 dependencies:
 - name: common
   repository: file://./charts/common
@@ -36,4 +36,4 @@ maintainers:
 name: mysql
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/mysql
-version: 9.13.0
+version: 9.14.1

charts/bitnami/mysql/README.md

@@ -111,7 +111,7 @@ The command removes all the Kubernetes components associated with the chart and
 ### MySQL Primary parameters
 
 | Name                                                        | Description                                                                                                     | Value               |
-| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- |
+| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- |
 | `primary.name`                                              | Name of the primary database (eg primary, master, leader, ...)                                                  | `primary`           |
 | `primary.command`                                           | Override default container command on MySQL Primary container(s) (useful when using custom images)              | `[]`                |
 | `primary.args`                                              | Override default container args on MySQL Primary container(s) (useful when using custom images)                 | `[]`                |
@@ -140,6 +140,9 @@ The command removes all the Kubernetes components associated with the chart and
 | `primary.containerSecurityContext.enabled`                  | MySQL primary container securityContext                                                                         | `true`              |
 | `primary.containerSecurityContext.runAsUser`                | User ID for the MySQL primary container                                                                         | `1001`              |
 | `primary.containerSecurityContext.runAsNonRoot`             | Set MySQL primary container's Security Context runAsNonRoot                                                     | `true`              |
+| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation                                                                            | `false`             |
+| `primary.containerSecurityContext.capabilities.drop`        | Set container's Security Context runAsNonRoot                                                                   | `["ALL"]`           |
+| `primary.containerSecurityContext.seccompProfile.type`      | Set Client container's Security Context seccomp profile                                                         | `RuntimeDefault`    |
 | `primary.resources.limits`                                  | The resources limits for MySQL primary containers                                                               | `{}`                |
 | `primary.resources.requests`                                | The requested resources for MySQL primary containers                                                            | `{}`                |
 | `primary.livenessProbe.enabled`                             | Enable livenessProbe                                                                                            | `true`              |
@@ -200,7 +203,7 @@ The command removes all the Kubernetes components associated with the chart and
 ### MySQL Secondary parameters
 
 | Name                                                          | Description                                                                                                         | Value               |
-| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- |
+| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- |
 | `secondary.name`                                              | Name of the secondary database (eg secondary, slave, ...)                                                           | `secondary`         |
 | `secondary.replicaCount`                                      | Number of MySQL secondary replicas                                                                                  | `1`                 |
 | `secondary.hostAliases`                                       | Deployment pod host aliases                                                                                         | `[]`                |
@@ -230,6 +233,9 @@ The command removes all the Kubernetes components associated with the chart and
 | `secondary.containerSecurityContext.enabled`                  | MySQL secondary container securityContext                                                                           | `true`              |
 | `secondary.containerSecurityContext.runAsUser`                | User ID for the MySQL secondary container                                                                           | `1001`              |
 | `secondary.containerSecurityContext.runAsNonRoot`             | Set MySQL secondary container's Security Context runAsNonRoot                                                       | `true`              |
+| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation                                                                                | `false`             |
+| `secondary.containerSecurityContext.capabilities.drop`        | Set container's Security Context runAsNonRoot                                                                       | `["ALL"]`           |
+| `secondary.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                    | `RuntimeDefault`    |
 | `secondary.resources.limits`                                  | The resources limits for MySQL secondary containers                                                                 | `{}`                |
 | `secondary.resources.requests`                                | The requested resources for MySQL secondary containers                                                              | `{}`                |
 | `secondary.livenessProbe.enabled`                             | Enable livenessProbe                                                                                                | `true`              |

charts/bitnami/mysql/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.13.2
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.13.2
+version: 2.13.3

charts/bitnami/mysql/charts/common/README.md

@@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
 
 ## Prerequisites
 
-- Kubernetes 1.19+
+- Kubernetes 1.23+
-- Helm 3.2.0+
+- Helm 3.8.0+
 
 ## Parameters
 

charts/bitnami/mysql/charts/common/templates/_capabilities.tpl

@@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
 {{/*
 Returns true if AdmissionConfiguration is supported
 */}}
-{{- define "common.capabilities.admisionConfiguration.supported" -}}
+{{- define "common.capabilities.admissionConfiguration.supported" -}}
 {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
   {{- true -}}
 {{- end -}}
@@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
 {{/*
 Return the appropriate apiVersion for AdmissionConfiguration.
 */}}
-{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
+{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
 {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
 {{- print "apiserver.config.k8s.io/v1alpha1" -}}
 {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

charts/bitnami/mysql/values.yaml

@@ -85,7 +85,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/mysql
-  tag: 8.0.34-debian-11-r75
+  tag: 8.0.35-debian-11-r0
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -320,11 +320,19 @@ primary:
   ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext
   ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container
   ## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot
+  ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+  ## @param primary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+  ## @param primary.containerSecurityContext.seccompProfile.type Set Client container's Security Context seccomp profile
   ##
   containerSecurityContext:
     enabled: true
     runAsUser: 1001
     runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## MySQL primary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -698,11 +706,19 @@ secondary:
   ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
   ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container
   ## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot
+  ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+  ## @param secondary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+  ## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ##
   containerSecurityContext:
     enabled: true
     runAsUser: 1001
     runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## MySQL secondary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious

charts/bitnami/wordpress/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 6.6.7
 - name: mariadb
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 14.0.3
+  version: 14.1.0
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 2.13.3
-digest: sha256:71a3286fadd425374117a24310d8b00d17a64ed43220b1a05492df31bee54036
+digest: sha256:33dedb4663f9ae749ac6e28fd296a17b61104270ebdfd7f3aa17f6a08d32c963
-generated: "2023-10-24T00:18:57.948707298Z"
+generated: "2023-10-25T15:16:14.675651715Z"

charts/bitnami/wordpress/Chart.yaml

@@ -10,7 +10,7 @@ annotations:
     - name: os-shell
       image: docker.io/bitnami/os-shell:11-debian-11-r90
     - name: wordpress
-      image: docker.io/bitnami/wordpress:6.3.2-debian-11-r1
+      image: docker.io/bitnami/wordpress:6.3.2-debian-11-r3
   licenses: Apache-2.0
 apiVersion: v2
 appVersion: 6.3.2
@@ -47,4 +47,4 @@ maintainers:
 name: wordpress
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
-version: 18.0.8
+version: 18.0.10

charts/bitnami/wordpress/charts/mariadb/Chart.yaml

@@ -33,4 +33,4 @@ maintainers:
 name: mariadb
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/mariadb
-version: 14.0.3
+version: 14.1.0

charts/bitnami/wordpress/charts/mariadb/README.md

@@ -24,7 +24,7 @@ MariaDB is developed as open source software and as a relational database it pro
 
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 
-Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 
 ## Prerequisites
 
@@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `primary.containerSecurityContext.runAsNonRoot`             | Set primary container's Security Context runAsNonRoot                                                             | `true`              |
 | `primary.containerSecurityContext.privileged`               | Set primary container's Security Context privileged                                                               | `false`             |
 | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation                                                 | `false`             |
+| `primary.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                | `["ALL"]`           |
+| `primary.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                  | `RuntimeDefault`    |
 | `primary.resources.limits`                                  | The resources limits for MariaDB primary containers                                                               | `{}`                |
 | `primary.resources.requests`                                | The requested resources for MariaDB primary containers                                                            | `{}`                |
 | `primary.startupProbe.enabled`                              | Enable startupProbe                                                                                               | `false`             |
@@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `secondary.containerSecurityContext.runAsNonRoot`             | Set secondary container's Security Context runAsNonRoot                                                               | `true`              |
 | `secondary.containerSecurityContext.privileged`               | Set secondary container's Security Context privileged                                                                 | `false`             |
 | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation                                                   | `false`             |
+| `secondary.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                    | `["ALL"]`           |
+| `secondary.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                      | `RuntimeDefault`    |
 | `secondary.resources.limits`                                  | The resources limits for MariaDB secondary containers                                                                 | `{}`                |
 | `secondary.resources.requests`                                | The requested resources for MariaDB secondary containers                                                              | `{}`                |
 | `secondary.startupProbe.enabled`                              | Enable startupProbe                                                                                                   | `false`             |
@@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.extraArgs`                                         | Extra args to be passed to mysqld_exporter                                                                                                | `{}`                              |
 | `metrics.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s)                                             | `{}`                              |
 | `metrics.containerSecurityContext.enabled`                  | Enable security context for MariaDB metrics container                                                                                     | `false`                           |
+| `metrics.containerSecurityContext.runAsUser`                | User ID for the MariaDB metrics container                                                                                                 | `1001`                            |
+| `metrics.containerSecurityContext.runAsNonRoot`             | Set metrics container's Security Context runAsNonRoot                                                                                     | `true`                            |
 | `metrics.containerSecurityContext.privileged`               | Set metrics container's Security Context privileged                                                                                       | `false`                           |
 | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation                                                                         | `false`                           |
+| `metrics.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                                        | `["ALL"]`                         |
+| `metrics.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                                          | `RuntimeDefault`                  |
 | `metrics.resources.limits`                                  | The resources limits for MariaDB prometheus exporter containers                                                                           | `{}`                              |
 | `metrics.resources.requests`                                | The requested resources for MariaDB prometheus exporter containers                                                                        | `{}`                              |
 | `metrics.livenessProbe.enabled`                             | Enable livenessProbe                                                                                                                      | `true`                            |

charts/bitnami/wordpress/charts/mariadb/values.yaml

@@ -325,6 +325,8 @@ primary:
   ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
   ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
   ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
+  ## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ##
   containerSecurityContext:
     enabled: true
@@ -332,6 +334,10 @@ primary:
     runAsNonRoot: true
     privileged: false
     allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## MariaDB primary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -721,6 +727,8 @@ secondary:
   ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
   ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
   ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
+  ## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ##
   containerSecurityContext:
     enabled: true
@@ -728,6 +736,10 @@ secondary:
     runAsNonRoot: true
     privileged: false
     allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## MariaDB secondary container's resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious
@@ -1104,8 +1116,12 @@ metrics:
   ## MariaDB metrics container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
+  ## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
+  ## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
   ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
   ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
+  ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+  ## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
   ## Example:
   ##   containerSecurityContext:
   ##     enabled: true
@@ -1116,7 +1132,13 @@ metrics:
   containerSecurityContext:
     enabled: false
     privileged: false
+    runAsNonRoot: true
+    runAsUser: 1001
     allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
   ## Mysqld Prometheus exporter resource requests and limits
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## We usually recommend not to specify default resources and to leave this as a conscious

charts/bitnami/wordpress/values.yaml

@@ -76,7 +76,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/wordpress
-  tag: 6.3.2-debian-11-r1
+  tag: 6.3.2-debian-11-r3
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

charts/datadog/datadog/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Datadog changelog
 
+## 3.42.0
+
+* Allow enabling SBOM collection for host and container images.
+
+## 3.41.0
+
+* Enable container lifecycle events collection by default.
+
+## 3.40.4
+
+* Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService`
+
 ## 3.40.3
 
 * Default `Agent` and `Cluster-Agent` to `7.48.1` version.

charts/datadog/datadog/Chart.yaml

@@ -19,4 +19,4 @@ name: datadog
 sources:
 - https://app.datadoghq.com/account/settings#agent/kubernetes
 - https://github.com/DataDog/datadog-agent
-version: 3.40.3
+version: 3.42.0

charts/datadog/datadog/README.md

@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.40.3](https://img.shields.io/badge/Version-3.40.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.42.0](https://img.shields.io/badge/Version-3.42.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -520,6 +520,7 @@ helm install <RELEASE_NAME> \
 | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
 | clusterAgent.metricsProvider.enabled | bool | `false` | Set this to true to enable Metrics Provider |
 | clusterAgent.metricsProvider.endpoint | string | `nil` | Override the external metrics provider endpoint. If not set, the cluster-agent defaults to `datadog.site` |
+| clusterAgent.metricsProvider.registerAPIService | bool | `true` | Set this to false to disable external metrics registration as an APIService |
 | clusterAgent.metricsProvider.service.port | int | `8443` | Set port of cluster-agent metrics server service (Kubernetes >= 1.15) |
 | clusterAgent.metricsProvider.service.type | string | `"ClusterIP"` | Set type of cluster-agent metrics server service |
 | clusterAgent.metricsProvider.useDatadogMetrics | bool | `false` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries |
@@ -611,9 +612,11 @@ helm install <RELEASE_NAME> \
 | datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list |
 | datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list |
 | datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list |
+| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata |
 | datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list.  If a container matches an include rule, it’s always included in the Autodiscovery |
 | datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list |
 | datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list |
+| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection |
 | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. |
 | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) |
 | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL |
@@ -693,6 +696,8 @@ helm install <RELEASE_NAME> \
 | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. |
 | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. |
 | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead |
+| datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images |
+| datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems |
 | datadog.secretAnnotations | object | `{}` |  |
 | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). |
 | datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. |

charts/datadog/datadog/templates/_container-agent.yaml

@@ -150,12 +150,32 @@
     - name: DD_CHECKS_TAG_CARDINALITY
       value: {{ .Values.datadog.checksCardinality | quote }}
     {{- end }}
+    {{- if .Values.datadog.containerLifecycle.enabled }}
+    - name: DD_CONTAINER_LIFECYCLE_ENABLED
+      value: {{ .Values.datadog.containerLifecycle.enabled | quote }}
+    {{- end }}
     - name: DD_ORCHESTRATOR_EXPLORER_ENABLED
       value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }}
     - name: DD_EXPVAR_PORT
       value: {{ .Values.datadog.expvarPort | quote }}
     - name: DD_COMPLIANCE_CONFIG_ENABLED
       value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }}
+    {{- if eq (include "should-enable-container-image-collection" .) "true" }}
+    - name: DD_CONTAINER_IMAGE_ENABLED
+      value: "true"
+    {{- end }}
+    {{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }}
+    - name: DD_SBOM_ENABLED
+      value: "true"
+    {{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }}
+    - name: DD_SBOM_CONTAINER_IMAGE_ENABLED
+      value: "true"
+    {{- end }}
+    {{- if .Values.datadog.sbom.host.enabled }}
+    - name: DD_SBOM_HOST_ENABLED
+      value: "true"
+    {{- end }}
+    {{- end }}
     {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }}
     {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }}
   volumeMounts:

charts/datadog/datadog/templates/_helpers.tpl

@@ -846,4 +846,33 @@ Create RBACs for custom resources
   - list
   - watch
 {{- end }}
+{{- end }}
+
+{{/*
+  Return true if container image collection is enabled
+*/}}
+{{- define "should-enable-container-image-collection" -}}
+  {{- if and (not .Values.datadog.containerRuntimeSupport.enabled)
+      (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}}
+    {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}}
+  {{- end -}}
+  {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}}
+    true
+  {{- else -}}
+    false
+  {{- end -}}
+{{- end -}}
+
+{{/*
+  Return true if SBOM collection for container image is enabled
+*/}}
+{{- define "should-enable-sbom-container-image-collection" -}}
+  {{- if .Values.datadog.sbom.containerImage.enabled -}}
+    {{- if not (eq (include "should-enable-container-image-collection" .) "true") -}}
+      {{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}}
+    {{- end -}}
+    true
+  {{- else -}}
+    false
+  {{- end -}}
 {{- end -}}

charts/datadog/datadog/templates/agent-apiservice.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled -}}
+{{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.registerAPIService -}}
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:

charts/datadog/datadog/templates/hpa-external-metrics-rbac.yaml

@@ -1,4 +1,4 @@
-{{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}}
+{{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.registerAPIService .Values.clusterAgent.metricsProvider.createReaderRbac -}}
 apiVersion: {{ template "rbac.apiVersion" . }}
 kind: ClusterRole
 metadata:

charts/datadog/datadog/values.yaml

@@ -629,6 +629,11 @@ datadog:
     # datadog.systemProbe.enableDefaultKernelHeadersPaths -- Enable mount of default paths where kernel headers are stored
     enableDefaultKernelHeadersPaths: true
 
+
+  containerImageCollection:
+    # datadog.containerImageCollection.enabled -- Enable collection of container image metadata
+    enabled: false
+
   orchestratorExplorer:
     # datadog.orchestratorExplorer.enabled -- Set this to false to disable the orchestrator explorer
 
@@ -675,6 +680,16 @@ datadog:
     # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring
     enabled: false
 
+  # Software Bill of Materials configuration
+  sbom:
+    containerImage:
+      # datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images
+      enabled: false
+
+    host:
+      # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems
+      enabled: false
+
   ## Enable security agent and provide custom configs
   securityAgent:
     compliance:
@@ -824,6 +839,10 @@ datadog:
   ## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#pause-containers
   excludePauseContainer: true
 
+  containerLifecycle:
+    # datadog.containerLifecycle.enabled -- Enable container lifecycle events collection
+    enabled: true
+
 ## This is the Datadog Cluster Agent implementation that handles cluster-wide
 ## metrics more cleanly, separates concerns for better rbac, and implements
 ## the external metrics API so you can autoscale HPAs based on datadog metrics
@@ -926,6 +945,9 @@ clusterAgent:
     # clusterAgent.metricsProvider.enabled -- Set this to true to enable Metrics Provider
     enabled: false
 
+    # clusterAgent.metricsProvider.registerAPIService -- Set this to false to disable external metrics registration as an APIService
+    registerAPIService: true
+
     # clusterAgent.metricsProvider.wpaController -- Enable informer and controller of the watermark pod autoscaler
 
     ## Note: You need to install the `WatermarkPodAutoscaler` CRD before

charts/jfrog/artifactory-ha/CHANGELOG.md

@@ -1,8 +1,8 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file
 
-## [107.68.14] - Sep 20, 2023
+## [107.71.3] - Sep 18, 2023
-* Fixed rtfs context
+* Adjust rtfs context
 * Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)
 
 ## [107.68.8] - Sep 18, 2023

charts/jfrog/artifactory-ha/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.14.0-0'
   catalog.cattle.io/release-name: artifactory-ha
 apiVersion: v2
-appVersion: 7.68.14
+appVersion: 7.71.3
 dependencies:
 - condition: postgresql.enabled
   name: postgresql
@@ -26,4 +26,4 @@ name: artifactory-ha
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 107.68.14
+version: 107.71.3

charts/jfrog/artifactory-ha/values.yaml

@@ -41,7 +41,7 @@ global:
 ## String to fully override artifactory-ha.fullname template
 ##
 # fullnameOverride:
-initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691
+initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717
 installer:
   type:
   platform:
@@ -214,7 +214,7 @@ logger:
   image:
     registry: releases-docker.jfrog.io
     repository: ubi9/ubi-minimal
-    tag: 9.2.691
+    tag: 9.2.717
 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
 ## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
 aws:
@@ -239,7 +239,7 @@ router:
   image:
     registry: releases-docker.jfrog.io
     repository: jfrog/router
-    tag: 7.77.0
+    tag: 7.81.0
     imagePullPolicy: IfNotPresent
   serviceRegistry:
     ## Service registry (Access) TLS verification skipped if enabled

charts/jfrog/artifactory-jcr/CHANGELOG.md

@@ -1,7 +1,7 @@
 # JFrog Container Registry Chart Changelog
 All changes to this chart will be documented in this file.
 
-## [107.68.14] - Jul 20, 2023
+## [107.71.3] - Jul 20, 2023
 * Disabled federation services when splitServicesToContainers=true
 
 ## [107.45.0] - Aug 25, 2022

charts/jfrog/artifactory-jcr/Chart.yaml

@@ -4,11 +4,11 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.14.0-0'
   catalog.cattle.io/release-name: artifactory-jcr
 apiVersion: v2
-appVersion: 7.68.14
+appVersion: 7.71.3
 dependencies:
 - name: artifactory
   repository: file://./charts/artifactory
-  version: 107.68.14
+  version: 107.71.3
 description: JFrog Container Registry
 home: https://jfrog.com/container-registry/
 icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@@ -27,4 +27,4 @@ name: artifactory-jcr
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 107.68.14
+version: 107.71.3

charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md

@@ -1,8 +1,8 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
-## [107.68.14] - Sep 20, 2023
+## [107.71.3] - Sep 18, 2023
-* Fixed rtfs context
+* Adjust rtfs context
 * Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)
 
 ## [107.68.8] - Sep 18, 2023

charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 7.68.14
+appVersion: 7.71.3
 dependencies:
 - condition: postgresql.enabled
   name: postgresql
@@ -21,4 +21,4 @@ name: artifactory
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 107.68.14
+version: 107.71.3

charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml

@@ -42,7 +42,7 @@ global:
 ## String to fully override artifactory.fullname template
 ##
 # fullnameOverride:
-initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691
+initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717
 # Init containers
 initContainers:
   resources:
@@ -162,7 +162,7 @@ logger:
   image:
     registry: releases-docker.jfrog.io
     repository: ubi9/ubi-minimal
-    tag: 9.2.691
+    tag: 9.2.717
 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
 ## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
 aws:
@@ -187,7 +187,7 @@ router:
   image:
     registry: releases-docker.jfrog.io
     repository: jfrog/router
-    tag: 7.77.0
+    tag: 7.81.0
     imagePullPolicy: IfNotPresent
   serviceRegistry:
     ## Service registry (Access) TLS verification skipped if enabled

charts/jfrog/artifactory-jcr/values.yaml

@@ -69,4 +69,8 @@ postgresql:
   enabled: true
 router:
   image:
-    tag: 7.77.0
+    tag: 7.81.0
+logger:
+  image:
+    tag: 9.2.717
+initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717

charts/kasten/k10/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: grafana
   repository: ""
-  version: 6.59.4
+  version: 6.60.6
 - name: prometheus
   repository: ""
   version: 23.3.0
-digest: sha256:498161c215e2844ce0a26e96cb5c430fcd3e9a5db225a7ab06ec88d5445eee42
+digest: sha256:742c8bb60a7bdc54588a1823848e117fe9498fb841eb11270f486a297534997c
-generated: "2023-10-10T16:10:31.808394604Z"
+generated: "2023-10-25T10:10:45.774911186Z"

charts/kasten/k10/Chart.yaml

@@ -4,11 +4,11 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.17.0-0'
   catalog.cattle.io/release-name: k10
 apiVersion: v2
-appVersion: 6.0.9
+appVersion: 6.0.11
 dependencies:
 - name: grafana
   repository: file://./charts/grafana
-  version: 6.59.4
+  version: 6.60.6
 - name: prometheus
   repository: file://./charts/prometheus
   version: 23.3.0
@@ -19,4 +19,4 @@ maintainers:
 - email: contact@kasten.io
   name: kastenIO
 name: k10
-version: 6.0.901
+version: 6.0.1101

charts/kasten/k10/charts/grafana/Chart.yaml

@@ -6,7 +6,7 @@ annotations:
     - name: Upstream Project
       url: https://github.com/grafana/grafana
 apiVersion: v2
-appVersion: 10.1.1
+appVersion: 10.1.5
 description: The leading tool for querying and visualizing time series and metrics.
 home: https://grafana.net
 icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@@ -30,4 +30,4 @@ sources:
 - https://github.com/grafana/grafana
 - https://github.com/grafana/helm-charts
 type: application
-version: 6.59.4
+version: 6.60.6

charts/kasten/k10/charts/grafana/templates/_helpers.tpl

@@ -201,3 +201,27 @@ Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific
 {{- end }}
 {{- end }}
 {{- end }}
+
+
+{{/*
+ Checks whether or not the configSecret secret has to be created
+ */}}
+{{- define "grafana.shouldCreateConfigSecret" -}}
+{{- $secretFound := false -}}
+{{- range $key, $value := .Values.datasources }}
+  {{- if hasKey $value "secret" }}
+    {{- $secretFound = true}}
+  {{- end }}
+{{- end }}
+{{- range $key, $value := .Values.notifiers }}
+  {{- if hasKey $value "secret" }}
+    {{- $secretFound = true}}
+  {{- end }}
+{{- end }}
+{{- range $key, $value := .Values.alerting }}
+  {{- if (or (hasKey $value "secret") (hasKey $value "secretFile")) }}
+    {{- $secretFound = true}}
+  {{- end }}
+{{- end }}
+{{- $secretFound}}
+{{- end -}}

charts/kasten/k10/charts/grafana/templates/clusterrole.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.enabled -}}
-{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingRole) }}
+{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:

charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml

@@ -16,8 +16,8 @@ subjects:
     namespace: {{ include "grafana.namespace" . }}
 roleRef:
   kind: ClusterRole
-  {{- if .Values.rbac.useExistingRole }}
+  {{- if .Values.rbac.useExistingClusterRole }}
-  name: {{ .Values.rbac.useExistingRole }}
+  name: {{ .Values.rbac.useExistingClusterRole }}
   {{- else }}
   name: {{ include "grafana.fullname" . }}-clusterrole
   {{- end }}

charts/kasten/k10/charts/grafana/templates/configSecret.yaml

@@ -0,0 +1,43 @@
+{{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}}
+{{- if and .Values.createConfigmap $createConfigSecret }}
+{{- $files := .Files }}
+{{- $root := . -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ include "grafana.fullname" . }}-config-secret"
+  namespace: {{ include "grafana.namespace" . }}
+  labels:
+      {{- include "grafana.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+data:
+{{- range $key, $value := .Values.alerting }}
+  {{- if (hasKey $value "secretFile") }}
+  {{- $key | nindent 2 }}:
+    {{- toYaml ( $files.Get $value.secretFile ) | b64enc | nindent 4}}
+  {{/* as of https://helm.sh/docs/chart_template_guide/accessing_files/ this will only work if you fork this chart and add files to it*/}}
+  {{- end }}
+{{- end }}
+stringData:
+{{- range $key, $value := .Values.datasources }}
+{{- if (hasKey $value "secret") }}
+{{- $key | nindent 2 }}: |
+  {{- tpl (toYaml $value | nindent 4) $root }}
+{{- end }}
+{{- end }}
+{{- range $key, $value := .Values.notifiers }}
+{{- if (hasKey $value "secret") }}
+{{- $key | nindent 2 }}: |
+  {{- tpl (toYaml $value | nindent 4) $root }}
+{{- end }}
+{{- end }}
+{{- range $key, $value := .Values.alerting }}
+{{ if (hasKey $value "secret") }}
+  {{- $key | nindent 2 }}: |
+    {{- tpl (toYaml $value.secret | nindent 4) $root }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/kasten/k10/charts/grafana/templates/configmap.yaml

@@ -45,19 +45,25 @@ data:
   {{- end }}
 
   {{- range $key, $value := .Values.datasources }}
+  {{- if not (hasKey $value "secret") }}
   {{- $key | nindent 2 }}: |
     {{- tpl (toYaml $value | nindent 4) $root }}
   {{- end }}
+  {{- end }}
 
   {{- range $key, $value := .Values.notifiers }}
+  {{- if not (hasKey $value "secret") }}
   {{- $key | nindent 2 }}: |
     {{- toYaml $value | nindent 4 }}
   {{- end }}
+  {{- end }}
 
   {{- range $key, $value := .Values.alerting }}
   {{- if (hasKey $value "file") }}
   {{- $key | nindent 2 }}:
   {{- toYaml ( $files.Get $value.file ) | nindent 4}}
+  {{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
+  {{/*  will be stored inside secret generated by "configSecret.yaml"*/}}
   {{- else }}
   {{- $key | nindent 2 }}: |
     {{- tpl (toYaml $value | nindent 4) $root }}

charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml

@@ -10,6 +10,9 @@ metadata:
   labels:
     {{- include "grafana.labels" $ | nindent 4 }}
     dashboard-provider: {{ $provider }}
+    {{- if $.Values.sidecar.dashboards.enabled }}
+    {{ $.Values.sidecar.dashboards.label }}: {{ $.Values.sidecar.dashboards.labelValue | quote }}
+    {{- end }}
 {{- if $dashboards }}
 data:
 {{- $dashboardFound := false }}

charts/kasten/k10/charts/grafana/values.yaml

@@ -16,7 +16,8 @@ global:
 rbac:
   create: true
   ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
-  # useExistingRole: name-of-some-(cluster)role
+  # useExistingRole: name-of-some-role
+  # useExistingClusterRole: name-of-some-clusterRole
   pspEnabled: false
   pspUseAppArmor: false
   namespaced: false
@@ -203,7 +204,7 @@ serviceMonitor:
   path: /metrics
   #  namespace: monitoring  (defaults to use the namespace this chart is deployed to)
   labels: {}
-  interval: 1m
+  interval: 30s
   scheme: http
   tlsConfig: {}
   scrapeTimeout: 30s
@@ -617,6 +618,7 @@ alerting: {}
   #           labels:
   #             team: sre_team_1
   # contactpoints.yaml:
+  #   secret:
   #     apiVersion: 1
   #     contactPoints:
   #       - orgId: 1

charts/kasten/k10/templates/NOTES.txt

@@ -42,7 +42,6 @@ To establish a connection to it use the following `kubectl` command:
 `kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.service.externalPort }}`
 
 The Kasten dashboard will be available at: `http{{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}s{{ end }}://127.0.0.1:8080/{{ .Release.Name }}/#/`
-
 {{ if and ( .Values.metering.awsManagedLicense )  ( not .Values.metering.licenseConfigSecretName ) }}
 
 IAM Role created during installation need to have permissions that allow K10 to
@@ -57,3 +56,9 @@ Refer to `https://docs.kasten.io/latest/install/aws-containers-anywhere/aws-cont
 for more information.
 
 {{ end }}
+
+{{- if .Values.auth.dex.enabled }}
+--------------------
+Deprecation warning: The `auth.dex` block of values will be deprecated in favor of `auth.openshift` and `auth.ldap` in version 6.5.
+--------------------
+{{- end }}

charts/kasten/k10/templates/_definitions.tpl

@@ -210,5 +210,5 @@ state-svc:
 {{- define "k10.multiClusterVersion" -}}2{{- end -}}
 {{- define "k10.mcExternalPort" -}}18000{{- end -}}
 {{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}}
-{{- define "k10.kanisterToolsImageTag" -}}0.97.0{{- end -}}
+{{- define "k10.kanisterToolsImageTag" -}}0.98.0{{- end -}}
 {{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}}

charts/kasten/k10/templates/_helpers.tpl

@@ -110,6 +110,20 @@
   {{- end -}}
 {{- end -}}
 
+{{- define "k10.capabilities" -}}
+  {{- /* Internal capabilities enabled by other Helm values are added here */ -}}
+  {{- $internal_capabilities := list -}}
+
+  {{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
+{{- end -}}
+
+{{- define "k10.capabilities_mask" -}}
+  {{- /* Internal capabilities masked by other Helm values are added here */ -}}
+  {{- $internal_capabilities_mask := list -}}
+
+  {{- concat $internal_capabilities_mask (.Values.capabilitiesMask | default list) | join " " -}}
+{{- end -}}
+
 {{/* Check if basic auth is needed */}}
 {{- define "basicauth.check" -}}
   {{- if .Values.auth.basicAuth.enabled }}
@@ -430,16 +444,6 @@ Check if AWS creds are specified
 {{- end -}}
 {{- end -}}
 
-{{/*
-Check if kanister-tools image has k10- in name
-this means we need to overwrite kanister image in the system
-*/}}
-{{- define "overwite.kanisterToolsImage" -}}
-{{- if or .Values.global.airgapped.repository .Values.global.rhMarketPlace -}}
-{{- print true -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Check if Azure MSI with Default ID is specified
 */}}
@@ -480,25 +484,32 @@ Checks and enforces only 1 set of azure creds is specified
 {{- end -}}
 
 {{/*
-Figure out the kanisterToolsImage.image based on
+Get the kanister-tools image.
-the value of airgapped.repository value
-The details on how these image are being generated
-is in below issue
-https://kasten.atlassian.net/browse/K10-4036
-Using substr to remove repo from kanisterToolsImage
 */}}
-{{- define "get.kanisterToolsImage" }}
+{{- define "get.kanisterToolsImage" -}}
-{{- if not .Values.global.rhMarketPlace }}
+  {{- (get .Values.global.images (include "kan.kanisterToolsImageName" .)) | default (include "kan.kanisterToolsImage" .)  }}
-{{- if .Values.global.airgapped.repository }}
-{{- printf "%s/%s:k10-%s" (.Values.global.airgapped.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
-{{- else }}
-{{- printf "%s/%s/%s:%s" (.Values.kanisterToolsImage.registry) (.Values.kanisterToolsImage.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
-{{- end }}
-{{- else }}
-{{- printf "%s" (get .Values.global.images "kanister-tools") -}}
-{{- end }}
 {{- end }}
 
+{{- define "kan.kanisterToolsImage" -}}
+  {{- printf "%s:%s" (include "kan.kanisterToolsImageRepo" .) (include "kan.kanisterToolsImageTag" .) }}
+{{- end -}}
+
+{{- define "kan.kanisterToolsImageRepo" -}}
+  {{- if .Values.global.airgapped.repository }}
+    {{- printf "%s/%s" .Values.global.airgapped.repository (include "kan.kanisterToolsImageName" .) }}
+  {{- else }}
+    {{- printf "%s/%s" .Values.global.image.registry (include "kan.kanisterToolsImageName" .) }}
+  {{- end }}
+{{- end -}}
+
+{{- define "kan.kanisterToolsImageName" -}}
+  {{- printf "kanister-tools" }}
+{{- end -}}
+
+{{- define "kan.kanisterToolsImageTag" -}}
+  {{- include "get.k10ImageTag" . }}
+{{- end -}}
+
 {{/*
 Check if Google creds are specified
 */}}
@@ -869,6 +880,13 @@ running in the same cluster.
   {{- end }}
 {{- end -}}
 
+{{/* Used to verify if Ironbank is enabled */}}
+{{- define "ironbank.enabled" -}}
+  {{- if (.Values.global.ironbank | default dict).enabled -}}
+    {{- print true -}}
+  {{- end -}}
+{{- end -}}
+
 {{/* Get the K10 image tag. Fails if not set correctly */}}
 {{- define "get.k10ImageTag" -}}
   {{- $imageTag := coalesce .Values.global.image.tag (include "k10.imageTag" .) }}
@@ -899,6 +917,26 @@ running in the same cluster.
   {{- printf "init" }}
 {{- end -}}
 
+{{- define "k10.cephtool.getImage" -}}
+  {{- (get .Values.global.images (include "k10.cephtool.ImageName" .)) | default (include "k10.cephtool.Image" .)  }}
+{{- end -}}
+
+{{- define "k10.cephtool.Image" -}}
+  {{- printf "%s:%s" (include "k10.cephtool.ImageRepo" .) (include "get.k10ImageTag" .) }}
+{{- end -}}
+
+{{- define "k10.cephtool.ImageRepo" -}}
+  {{- if .Values.global.airgapped.repository }}
+    {{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.cephtool.ImageName" .) }}
+  {{- else }}
+    {{- printf "%s/%s" .Values.global.image.registry (include "k10.cephtool.ImageName" .) }}
+  {{- end }}
+{{- end -}}
+
+{{- define "k10.cephtool.ImageName" -}}
+  {{- printf "cephtool" }}
+{{- end -}}
+
 {{- define "k10.splitImage" -}}
   {{- $split_repo_tag_and_hash := .image | splitList "@" -}}
   {{- $split_repo_and_tag := $split_repo_tag_and_hash | first | splitList ":" -}}
@@ -930,3 +968,51 @@ running in the same cluster.
     ) | toJson
   -}}
 {{- end -}}
+
+{{/* Fail if Ironbank is enabled and images we don't support are turned on  */}}
+{{- define "k10.fail.ironbankRHMarketplace" -}}
+  {{- if and (include "ironbank.enabled" .) (.Values.global.rhMarketPlace) -}}
+    {{- fail "global.ironbank.enabled and global.rhMarketPlace cannot both be enabled at the same time" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Fail if Ironbank is enabled and images we don't support are turned on  */}}
+{{- define "k10.fail.ironbankGrafana" -}}
+  {{- if (include "ironbank.enabled" .) -}}
+    {{- range $key, $value := .Values.grafana.sidecar -}}
+      {{/* 
+        https://go.dev/doc/go1.18: the "and" used to evaluate all conditions and not terminate early
+        if a predicate was met, so we must have the below as their own conditional for any customers
+        used go version < 1.18.
+       */}}
+      {{- if kindIs "map" $value -}}
+        {{- if hasKey $value "enabled" -}}
+          {{- if $value.enabled -}}
+            {{- fail (printf "Ironbank deployment does not support grafana sidecar %s" $key) -}}
+          {{- end -}}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Fail if Ironbank is enabled and images we don't support are turned on  */}}
+{{- define "k10.fail.ironbankPrometheus" -}}
+  {{- if (include "ironbank.enabled" .) -}}
+    {{- $prometheusDict := pick .Values.prometheus "alertmanager" "kube-state-metrics" "prometheus-node-exporter" "prometheus-pushgateway" -}}
+    {{- range $key, $value := $prometheusDict -}}
+      {{/* 
+        https://go.dev/doc/go1.18: the "and" used to evaluate all conditions and not terminate early
+        if a predicate was met, so we must have the below as their own conditional for any customers
+        used go version < 1.18.
+       */}}
+      {{- if kindIs "map" $value -}}
+        {{- if hasKey $value "enabled" -}}
+          {{- if $value.enabled -}}
+            {{- fail (printf "Ironbank deployment does not support prometheus %s" $key) -}}
+          {{- end -}}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/kasten/k10/templates/_k10_container.tpl

@@ -224,6 +224,14 @@ stating that types are not same for the equality check
                 name: k10-config
                 key: clustername
 {{- end }}
+          {{- with $capabilities := include "k10.capabilities" . }}
+          - name: K10_CAPABILITIES
+            value: {{ $capabilities | quote }}
+          {{- end }}
+          {{- with $capabilities_mask := include "k10.capabilities_mask" . }}
+          - name: K10_CAPABILITIES_MASK
+            value: {{ $capabilities_mask | quote }}
+          {{- end }}
 {{- if eq $service "controllermanager" }}
           - name: K10_STATEFUL
             value: "{{ .Values.global.persistence.enabled }}"
@@ -512,13 +520,11 @@ stating that types are not same for the equality check
                 name: k10-token-auth
                 key: auth
 {{- end }}
-{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
           - name: KANISTER_TOOLS
             valueFrom:
               configMapKeyRef:
                 name: k10-config
-                key: overwriteKanisterTools
+                key: KanisterToolsImage
-{{- end }}
 {{- if eq (include "check.cacertconfigmap" .) "true" }}
           - name: CACERT_CONFIGMAP_NAME
             value: {{ .Values.cacertconfigmap.name }}
@@ -658,8 +664,9 @@ stating that types are not same for the equality check
 {{- if .Values.toolsImage.enabled }}
 {{- if eq $service "executor" }}
       - name: tools
-        {{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
         imagePullPolicy: {{ .Values.toolsImage.pullPolicy }}
+        {{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
+        command: ["tail", "-f", "/dev/null"]
 {{- $podName := (printf "%s-svc" $service) }}
 {{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "tools"  | include "k10.resource.request" | indent 8}}
 {{- end }}

charts/kasten/k10/templates/_k10_image_tag.tpl

@@ -1 +1 @@
-{{- define "k10.imageTag" -}}6.0.9{{- end -}}
+{{- define "k10.imageTag" -}}6.0.11{{- end -}}

charts/kasten/k10/templates/_k10_metering.tpl

@@ -170,6 +170,11 @@ spec:
               configMapKeyRef:
                 name: k10-config
                 key: version
+          - name: KANISTER_TOOLS
+            valueFrom:
+              configMapKeyRef:
+                name: k10-config
+                key: KanisterToolsImage
 {{- if .Values.clusterName }}
           - name: CLUSTER_NAME
             valueFrom:
@@ -177,6 +182,14 @@ spec:
                 name: k10-config
                 key: clustername
 {{- end }}
+          {{- with $capabilities := include "k10.capabilities" . }}
+          - name: K10_CAPABILITIES
+            value: {{ $capabilities | quote }}
+          {{- end }}
+          {{- with $capabilities_mask := include "k10.capabilities_mask" . }}
+          - name: K10_CAPABILITIES_MASK
+            value: {{ $capabilities_mask | quote }}
+          {{- end }}
           - name: LOG_LEVEL
             valueFrom:
               configMapKeyRef:
@@ -207,13 +220,6 @@ spec:
           - name: NODE_USAGE_STORE
             value: /tmp/reports/node_usage_history
 {{- end }}
-{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
-          - name: KANISTER_TOOLS
-            valueFrom:
-              configMapKeyRef:
-                name: k10-config
-                key: overwriteKanisterTools
-{{- end }}
 {{- if .Values.metering.awsRegion }}
           - name: AWS_REGION
             value: {{ .Values.metering.awsRegion }}

charts/kasten/k10/templates/_k10_serviceimage.tpl

@@ -3,7 +3,6 @@ Helper to get k10 service image
 The details on how these image are being generated
 is in below issue
 https://kasten.atlassian.net/browse/K10-4036
-Using substr to remove repo from ambassadorImage
 */}}
 {{- define "serviceImage" -}}
 {{/*
@@ -20,13 +19,14 @@ value that is specified.
 {{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.airgapped.repository "/" .k10_service ":" }}
 {{- else }}
 {{- $serviceImage = (include "get.k10ImageTag" .main)  | print .main.Values.global.image.registry "/" .k10_service ":" }}
+{{- if eq .k10_service "cephtool"}}
+{{- $serviceImage = include "k10.cephtool.getImage" .main }}
+{{- end }}
 {{- end }}{{/* if .main.Values.global.airgapped.repository */}}
 {{- $serviceImageKey := print (replace "-" "" .k10_service) "Image" }}
-{{- if eq $serviceImageKey "ambassadorImage" }}
+{{- if eq $serviceImageKey "dexImage" }}
-{{- $tagFromDefs = (include "k10.ambassadorImageTag" .) }}
-{{- else if eq $serviceImageKey "dexImage" }}
 {{- $tagFromDefs = (include "dex.dexImageTag" .) }}
-{{- end }}{{/* if eq $serviceImageKey "ambassadorImage" */}}
+{{- end }}{{/* if eq $serviceImageKey "dexImage" */}}
 {{- if index .main.Values $serviceImageKey }}
 {{- $service_values := index .main.Values $serviceImageKey }}
 {{- if .main.Values.global.airgapped.repository }}

charts/kasten/k10/templates/ironbank.tpl

@@ -0,0 +1,7 @@
+{{/*
+This file is used to fail the helm deployment if certain values are set which are
+not compatible with an Ironbank deployment.
+*/}}
+{{- include "k10.fail.ironbankRHMarketplace" . -}}
+{{- include "k10.fail.ironbankGrafana" . -}}
+{{- include "k10.fail.ironbankPrometheus" . -}}

charts/kasten/k10/templates/k10-config.yaml

@@ -35,6 +35,7 @@ data:
   KanisterPodMetricSidecarEnabled: {{ .Values.kanisterPodMetricSidecar.enabled | quote }}
   KanisterPodMetricSidecarMetricLifetime: {{ .Values.kanisterPodMetricSidecar.metricLifetime | quote }}
   KanisterPodPushgatewayMetricsInterval: {{ .Values.kanisterPodMetricSidecar.pushGatewayInterval | quote }}
+  KanisterToolsImage: {{ include "get.kanisterToolsImage" . | quote }}
   K10MutatingWebhookTLSCertDir: "/etc/ssl/certs/webhook"
 
   K10LimiterGenericVolumeSnapshots: {{ default (include "k10.defaultK10LimiterGenericVolumeSnapshots" .) .Values.limiter.genericVolumeSnapshots | quote }}
@@ -79,11 +80,6 @@ data:
   {{- else }}
   kanisterFunctionVersion: {{ quote "v1.0.0-alpha" }}
   {{- end }}
-  {{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
-    {{- if (include "get.kanisterToolsImage" .) }}
-  overwriteKanisterTools: {{ include "get.kanisterToolsImage" .}}
-    {{- end }}
-  {{- end }}
 {{- include "kanisterToolsResources" . | indent 2 }}
 
 {{ if .Values.features }}

charts/kasten/k10/values.schema.json

@@ -236,12 +236,6 @@
               "title": "Aggregatedapis service container image",
               "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
             },
-            "ambassador": {
-              "type": "string",
-              "default": "",
-              "title": "Ambassador service container image",
-              "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
-            },
             "auth": {
               "type": "string",
               "default": "",

charts/kasten/k10/values.yaml

@@ -61,7 +61,6 @@ global:
   images:
     admin: ''
     aggregatedapis: ''
-    ambassador: ''
     auth: ''
     bloblifecyclemanager: ''
     catalog: ''
@@ -100,7 +99,6 @@ global:
   network:
     enable_ipv6: false
 
-
 ## OpenShift route configuration.
 route:
   enabled: false

charts/kubecost/cost-analyzer/Chart.yaml

@@ -7,7 +7,7 @@ annotations:
   catalog.cattle.io/featured: "1"
   catalog.cattle.io/release-name: cost-analyzer
 apiVersion: v2
-appVersion: 1.106.3
+appVersion: 1.106.4
 dependencies:
 - condition: global.grafana.enabled
   name: grafana
@@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni
   cloud costs.
 icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
 name: cost-analyzer
-version: 1.106.3
+version: 1.106.4

charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml

@@ -20,6 +20,10 @@ spec:
     metadata:
       labels:
         app: awsstore
+      {{- with .Values.global.podAnnotations}}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       serviceAccountName: awsstore-serviceaccount
       {{- if .Values.awsstore.priorityClassName }}

charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml

@@ -44,12 +44,10 @@ spec:
         {{- if and .Values.kubecostDeployment .Values.kubecostDeployment.labels }}
         {{- toYaml .Values.kubecostDeployment.labels | nindent 8 }}
         {{- end }}
-{{- if .Values.global.podAnnotations}}
+      {{- with .Values.global.podAnnotations}}
       annotations:
-{{- with .Values.global.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
-{{ toYaml . | indent 8 }}
+      {{- end }}
-{{- end }}
-{{- end }}
     spec:
       {{- if .Values.kubecostFrontend.tls }}
       {{- if .Values.kubecostFrontend.tls.enabled }}

charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml

@@ -19,6 +19,10 @@ spec:
     metadata:
       labels:
         {{- include "federator.selectorLabels" . | nindent 8 }}
+      {{- with .Values.global.podAnnotations}}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       containers:
         - name: federator

charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml

@@ -32,12 +32,10 @@ spec:
 {{- with .Values.kubecostMetrics.exporter.labels }}
 {{ toYaml . | indent 8 }}
 {{- end }}
-{{- if .Values.global.podAnnotations }}
+      {{- with .Values.global.podAnnotations}}
       annotations:
-{{- with .Values.global.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
-{{ toYaml . | indent 8 }}
+      {{- end }}
-{{- end }}
-{{- end }}
     spec:
       {{- if .Values.kubecostFrontend.tls }}
       {{- if .Values.kubecostFrontend.tls.enabled }}

charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml

@@ -38,6 +38,10 @@ spec:
         app.kubernetes.io/name: query-service
         app.kubernetes.io/instance: {{ .Release.Name }}
         app: query-service
+      {{- with .Values.global.podAnnotations}}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       restartPolicy: Always
 

charts/loft/loft/Chart.yaml

@@ -28,4 +28,4 @@ name: loft
 sources:
 - https://github.com/loft-sh/loft
 type: application
-version: 3.2.4
+version: 3.3.0

charts/loft/loft/templates/_helpers.tpl

@@ -1,10 +1,4 @@
 {{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "loft.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
 
 {{/*
 Create a default fully qualified app name.
@@ -12,38 +6,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "loft.fullname" -}}
-{{- if .Values.fullnameOverride -}}
+{{- printf "loft" -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "loft.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "loft.labels" -}}
-app.kubernetes.io/name: {{ include "loft.name" . }}
-helm.sh/chart: {{ include "loft.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- else }}
-app.kubernetes.io/version: {{ .Chart.Version | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
 {{/*
@@ -58,17 +21,22 @@ Create the name of the service account to use
 {{- end -}}
 
 {{/*
-Get access key for invite link
+Default image name for a given product
 */}}
-{{- $}}
+{{- define "loft.defaultImage" -}}
-{{- define "loft.admin.accessKey" -}}
+{{- printf "ghcr.io/loft-sh/loft:%s" .Chart.Version -}}
-{{- now | unixEpoch | toString | trunc 8 | sha256sum -}}
 {{- end -}}
 
-{{/*
+{{- define "loft.image" -}}
-Get loft admin user username
+  {{- if .Values.product -}}
-*/}}
+    {{- if eq .Values.product "vcluster-pro" -}}
-{{- $}}
+      {{- printf "ghcr.io/loft-sh/vcluster-control-plane:%s" .Chart.Version -}}
-{{- define "loft.admin.name" -}}
+    {{- else if eq .Values.product "devpod-pro" -}}
-admin
+      {{- printf "ghcr.io/loft-sh/devpod-pro:%s" .Chart.Version -}}
+    {{- else -}}
+      {{ include "loft.defaultImage" . }}
+    {{- end -}}
+  {{- else -}}
+    {{ include "loft.defaultImage" . }}
+  {{- end -}}
 {{- end -}}

charts/loft/loft/templates/apiservice.yaml

@@ -1,5 +1,6 @@
 {{- if .Values.apiservice }}
 {{- if .Values.apiservice.create }}
+{{- if not .Values.agentOnly }}
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
@@ -32,5 +33,26 @@ spec:
   selector:
     app: {{ template "loft.fullname" . }}
     release: {{ .Release.Name }}
+---
+{{- end }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: loft-apiservice-agent
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "loft.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  ports:
+    - name: apiservice
+      port: 443
+      targetPort: 9444
+      protocol: TCP
+  selector:
+    app: {{ template "loft.fullname" . }}
+    release: {{ .Release.Name }}
 {{- end }}
 {{- end }}

charts/loft/loft/templates/deployment.yaml

@@ -54,28 +54,31 @@ spec:
       {{- if .Values.volumes }}
 {{ toYaml .Values.volumes | indent 8 }}
       {{- end }}
-      {{- if .Values.audit }}
+      {{- if or (and .Values.persistence .Values.persistence.enabled) (and .Values.audit .Values.audit.persistence.enabled) }}
-      {{- if .Values.audit.persistence.enabled }}
+        - name: loft-data
-      - name: audit-log
           persistentVolumeClaim:
             claimName: {{ template "loft.fullname" . }}-audit
-      {{- else if .Values.audit.enableSideCar }}
+      {{- else }}
-      - name: audit-log
+        - name: loft-data
           emptyDir: {}
       {{- end }}
-      {{- end }}
       containers:
       - name: manager
-        {{- if .Values.image }}
+        {{- if .Values.agentOnly }}
-        image: "{{ .Values.image }}"
+        command: ["loft", "agent"]
-        {{- else }}
-        image: "ghcr.io/loft-sh/loft:{{ .Chart.Version }}"
         {{- end }}
+        image: {{ default (include "loft.image" .) .Values.image }}
         ports:
+        {{- if not .Values.agentOnly }}
           - name: http
             containerPort: 8080
           - name: https
             containerPort: 10443
+        {{- end }}
+          - name: https-webhook
+            containerPort: 9443
+          - name: http-wakeup
+            containerPort: 9090
         {{- if .Values.livenessProbe }}
         {{- if .Values.livenessProbe.enabled }}
         livenessProbe:
@@ -105,6 +108,10 @@ spec:
         - name: ADMIN_PASSWORD_HASH
           value: {{ .Values.admin.password | sha256sum | quote }}
         {{- end }}
+        {{- if (gt (int .Values.replicaCount) 1) }}
+        - name: LEADER_ELECTION_ENABLED
+          value: "true"
+        {{- end }}
         {{- range $key, $value := .Values.envValueFrom }}
         - name: {{ $key | quote }}
           valueFrom:
@@ -124,6 +131,12 @@ spec:
               key: {{ .Values.tls.keyKey }}
         {{- end }}
         {{- end }}
+        {{- if .Values.logging }}
+        - name: LOFT_LOG_ENCODING
+          value: {{ default "console" .Values.logging.encoding }}
+        - name: LOFT_LOG_LEVEL
+          value: {{ default "info" .Values.logging.level }}
+        {{- end }}
         {{- range $key, $value := .Values.env }}
         - name: {{ $key | quote }}
           value: {{ $value | quote }}
@@ -132,12 +145,8 @@ spec:
         {{- if .Values.volumeMounts }}
 {{ toYaml .Values.volumeMounts | indent 10 }}
         {{- end }}
-        {{- if .Values.audit }}
+          - mountPath: /var/lib/loft
-        {{- if or .Values.audit.enableSideCar .Values.audit.persistence.enabled }}
+            name: loft-data
-        - mountPath: /var/log/loft
-          name: audit-log
-        {{- end }}
-        {{- end }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
       {{- if .Values.securityContext }}
@@ -147,18 +156,23 @@ spec:
           capabilities:
             drop:
               - ALL
+      {{- if .Values.securityContext.runAsRoot }}
+          runAsUser: 0
+          runAsGroup: 0
+      {{- else }}
           runAsNonRoot: true
       {{- end }}
       {{- end }}
+      {{- end }}
       {{- if .Values.audit }}
       {{- if .Values.audit.enableSideCar }}
       - name: audit
         image: "{{ .Values.audit.image }}"
         command: ["sh"]
-        args: ["-c", "touch /var/log/loft/audit.log && tail -F /var/log/loft/audit.log"]
+        args: ["-c", "touch /var/lib/loft/audit.log && tail -F /var/lib/loft/audit.log"]
         volumeMounts:
-        - mountPath: /var/log/loft
+        - mountPath: /var/lib/loft
-          name: audit-log
+          name: loft-data
       {{- end }}
       {{- end }}
       {{- if .Values.nodeSelector }}

charts/loft/loft/templates/ingress-wakeup-service.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: loft-ingress-wakeup-agent
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "loft.fullname" . }}
+    loft.sh/service: {{ template "loft.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  {{- if .Values.agentOnly }}
+  type: {{ .Values.service.type }}
+  {{- else }}
+  type: ClusterIP
+  {{- end }}
+  ports:
+    - name: http-wakeup
+      port: 9090
+      targetPort: 9090
+      protocol: TCP
+  selector:
+    app: {{ template "loft.fullname" . }}
+    release: {{ .Release.Name }}

charts/loft/loft/templates/ingress.yaml

@@ -17,7 +17,6 @@ metadata:
       {{- toYaml . | nindent 4 }}
     {{- end }}
   annotations:
-    kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }}
     nginx.ingress.kubernetes.io/proxy-read-timeout: "43200"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "43200"
     nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k"
@@ -30,6 +29,7 @@ metadata:
       {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
+  ingressClassName: {{ .Values.ingress.ingressClass }}
   rules:
     - host: {{ .Values.ingress.host }}
       http:

charts/loft/loft/templates/pvc.yaml

@@ -1,5 +1,4 @@
-{{- if .Values.audit }}
+{{- if and .Values.audit .Values.audit.persistence.enabled }}
-{{- if .Values.audit.persistence.enabled }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -19,5 +18,24 @@ spec:
   resources:
     requests:
       storage: {{ .Values.audit.persistence.size }}
-{{- end }}
+{{- else if and .Values.persistence .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "loft.fullname" . }}-audit
+  {{- if .Values.commonAnnotations }}
+  annotations:
+    {{- toYaml .Values.commonAnnotations | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.persistence.accessModes }}
+  accessModes:
+{{ toYaml .Values.persistence.accessModes | indent 4 }}
+  {{- else }}
+  accessModes: ["ReadWriteOnce"]
+  {{- end }}
+  storageClassName: {{ .Values.persistence.storageClassName }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
 {{- end }}

charts/loft/loft/templates/service.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.agentOnly }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -6,7 +7,7 @@ metadata:
   labels:
     app: {{ template "loft.fullname" . }}
     loft.sh/service: {{ template "loft.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    chart: "{{ .Chart.Name }}"
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
     {{- with .Values.service.labels }}
@@ -37,3 +38,4 @@ spec:
   selector:
     app: {{ template "loft.fullname" . }}
     release: {{ .Release.Name }}
+{{- end }}