andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  aquarist-labs/s3gw:
    - 0.22.0
  bitnami/airflow:
    - 16.0.7
  bitnami/mariadb:
    - 14.1.0
  bitnami/mysql:
    - 9.14.1
  bitnami/wordpress:
    - 18.0.10
  datadog/datadog:
    - 3.42.0
  jfrog/artifactory-ha:
    - 107.71.3
  jfrog/artifactory-jcr:
    - 107.71.3
  kasten/k10:
    - 6.0.11
  kubecost/cost-analyzer:
    - 1.106.4
  loft/loft:
    - 3.3.0
  new-relic/nri-bundle:
    - 5.0.42
  speedscale/speedscale-operator:
    - 1.3.44
  sysdig/sysdig:
    - 1.16.19
  yugabyte/yugabyte:
    - 2.18.4
  yugabyte/yugaware:
    - 2.18.4
```
pull/927/head
github-actions[bot] 2023-10-26 13:22:48 +00:00
parent 5ac54c92b8
commit b93e180bdd
129 changed files with 2023 additions and 874 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/aquarist-labs/s3gw-0.22.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.0.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-14.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.14.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-18.0.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.42.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.71.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.71.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.0.1101.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.3.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/loft/loft-3.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.42.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.3.44.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.19.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.18.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2.18.4.tgz Normal file
View File

Binary file not shown.

2
charts/aquarist-labs/s3gw/Chart.yaml
View File

@ -35,4 +35,4 @@ sources:
- https://github.com/aquarist-labs/s3gw-cosi-driver - https://github.com/aquarist-labs/s3gw-cosi-driver
- https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar
type: application type: application
version: 0.21.0 version: 0.22.0

8
charts/bitnami/airflow/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies: dependencies:
- name: redis - name: redis
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 18.1.5 version: 18.1.6
- name: postgresql - name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 13.1.5 version: 13.1.5
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:5b0157324635d8a3daca94e01d702a13f41b14d81250b29486b5512db2d6b2e5 digest: sha256:997c8924637ccceb54891a37f5a10b84c97192f805079f1407d704ccaa64ed41
generated: "2023-10-14T17:55:52.376439601Z" generated: "2023-10-24T20:41:28.772039309Z"

6
charts/bitnami/airflow/Chart.yaml
View File

@ -10,9 +10,9 @@ annotations:
- name: airflow-scheduler - name: airflow-scheduler
image: docker.io/bitnami/airflow-scheduler:2.7.2-debian-11-r0 image: docker.io/bitnami/airflow-scheduler:2.7.2-debian-11-r0
- name: airflow-worker - name: airflow-worker
image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r0 image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r1
- name: airflow - name: airflow
image: docker.io/bitnami/airflow:2.7.2-debian-11-r0 image: docker.io/bitnami/airflow:2.7.2-debian-11-r1
- name: git - name: git
image: docker.io/bitnami/git:2.42.0-debian-11-r45 image: docker.io/bitnami/git:2.42.0-debian-11-r45
- name: os-shell - name: os-shell
@ -50,4 +50,4 @@ maintainers:
name: airflow name: airflow
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow - https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.0.6 version: 16.0.7

611
charts/bitnami/airflow/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR ## TL;DR
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/airflow helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction ## Introduction
This chart bootstraps an [Apache Airflow](https://github.com/bitnami/containers/tree/main/bitnami/airflow) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This chart bootstraps an [Apache Airflow](https://github.com/bitnami/containers/tree/main/bitnami/airflow) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Airflow in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use Apache Airflow in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -32,9 +34,11 @@ Looking to use Apache Airflow in production? Try [VMware Application Catalog](ht
To install the chart with the release name `my-release`: To install the chart with the release name `my-release`:
```console ```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/airflow helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy Airflow on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. These commands deploy Airflow on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list` > **Tip**: List all releases using `helm list`
@ -76,271 +80,266 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow common parameters ### Airflow common parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `auth.username` | Username to access web UI | `user` | | `auth.username` | Username to access web UI | `user` |
| `auth.password` | Password to access web UI | `""` | | `auth.password` | Password to access web UI | `""` |
| `auth.fernetKey` | Fernet key to secure connections | `""` | | `auth.fernetKey` | Fernet key to secure connections | `""` |
| `auth.secretKey` | Secret key to run your flask app | `""` | | `auth.secretKey` | Secret key to run your flask app | `""` |
| `auth.existingSecret` | Name of an existing secret to use for Airflow credentials | `""` | | `auth.existingSecret` | Name of an existing secret to use for Airflow credentials | `""` |
| `executor` | Airflow executor. Allowed values: `SequentialExecutor`, `LocalExecutor`, `CeleryExecutor`, `KubernetesExecutor`, `CeleryKubernetesExecutor` and `LocalKubernetesExecutor` | `CeleryExecutor` | | `executor` | Airflow executor. Allowed values: `SequentialExecutor`, `LocalExecutor`, `CeleryExecutor`, `KubernetesExecutor`, `CeleryKubernetesExecutor` and `LocalKubernetesExecutor` | `CeleryExecutor` |
| `loadExamples` | Switch to load some Airflow examples | `false` | | `loadExamples` | Switch to load some Airflow examples | `false` |
| `configuration` | Specify content for Airflow config file (auto-generated based on other env. vars otherwise) | `""` | | `configuration` | Specify content for Airflow config file (auto-generated based on other env. vars otherwise) | `""` |
| `existingConfigmap` | Name of an existing ConfigMap with the Airflow config file | `""` | | `existingConfigmap` | Name of an existing ConfigMap with the Airflow config file | `""` |
| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` |
| `dags.image.registry` | Init container load-dags image registry | `docker.io` | | `dags.image.registry` | Init container load-dags image registry | `REGISTRY_NAME` |
| `dags.image.repository` | Init container load-dags image repository | `bitnami/os-shell` | | `dags.image.repository` | Init container load-dags image repository | `REPOSITORY_NAME/os-shell` |
| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r90` | | `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` |
| `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | | `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` |
| `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | | `extraEnvVars` | Add extra environment variables for all the Airflow pods | `[]` |
| `extraEnvVars` | Add extra environment variables for all the Airflow pods | `[]` | | `extraEnvVarsCM` | ConfigMap with extra environment variables for all the Airflow pods | `""` |
| `extraEnvVarsCM` | ConfigMap with extra environment variables for all the Airflow pods | `""` | | `extraEnvVarsSecret` | Secret with extra environment variables for all the Airflow pods | `""` |
| `extraEnvVarsSecret` | Secret with extra environment variables for all the Airflow pods | `""` | | `extraEnvVarsSecrets` | List of secrets with extra environment variables for all the Airflow pods | `[]` |
| `extraEnvVarsSecrets` | List of secrets with extra environment variables for all the Airflow pods | `[]` | | `sidecars` | Add additional sidecar containers to all the Airflow pods | `[]` |
| `sidecars` | Add additional sidecar containers to all the Airflow pods | `[]` | | `initContainers` | Add additional init containers to all the Airflow pods | `[]` |
| `initContainers` | Add additional init containers to all the Airflow pods | `[]` | | `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for all the Airflow pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for all the Airflow pods | `[]` | | `extraVolumes` | Optionally specify extra list of additional volumes for the all the Airflow pods | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes for the all the Airflow pods | `[]` |
### Airflow web parameters ### Airflow web parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- | | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `web.image.registry` | Airflow image registry | `docker.io` | | `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
| `web.image.repository` | Airflow image repository | `bitnami/airflow` | | `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` | | `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | | `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | | `web.image.debug` | Enable image debug mode | `false` |
| `web.image.debug` | Enable image debug mode | `false` | | `web.baseUrl` | URL used to access to Airflow web ui | `""` |
| `web.baseUrl` | URL used to access to Airflow web ui | `""` | | `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` |
| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | | `web.command` | Override default container command (useful when using custom images) | `[]` |
| `web.command` | Override default container command (useful when using custom images) | `[]` | | `web.args` | Override default container args (useful when using custom images) | `[]` |
| `web.args` | Override default container args (useful when using custom images) | `[]` | | `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` |
| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | | `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` |
| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | | `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` |
| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | | `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` |
| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | | `web.containerPorts.http` | Airflow web HTTP container port | `8080` |
| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | | `web.replicaCount` | Number of Airflow web replicas | `1` |
| `web.replicaCount` | Number of Airflow web replicas | `1` | | `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` |
| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | | `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | | `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | | `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` |
| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | | `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` |
| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | | `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | | `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | | `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | | `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | | `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | | `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | | `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | | `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | | `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | | `web.hostAliases` | Deployment pod host aliases | `[]` |
| `web.hostAliases` | Deployment pod host aliases | `[]` | | `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | | `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | | `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` |
| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | | `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` |
| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | | `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` |
| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | | `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` |
| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | | `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | | `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | | `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` |
| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | | `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `web.priorityClassName` | Priority Class Name | `""` |
| `web.priorityClassName` | Priority Class Name | `""` | | `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | | `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` |
| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | | `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` |
| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | | `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` |
| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | | `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` |
| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | | `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` |
| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | | `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` |
| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | | `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` |
| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | | `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` |
| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | | `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` |
| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | | `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
### Airflow scheduler parameters ### Airflow scheduler parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- | | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` | | `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` | | `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | | `scheduler.image.debug` | Enable image debug mode | `false` |
| `scheduler.image.debug` | Enable image debug mode | `false` | | `scheduler.replicaCount` | Number of scheduler replicas | `1` |
| `scheduler.replicaCount` | Number of scheduler replicas | `1` | | `scheduler.command` | Override cmd | `[]` |
| `scheduler.command` | Override cmd | `[]` | | `scheduler.args` | Override args | `[]` |
| `scheduler.args` | Override args | `[]` | | `scheduler.extraEnvVars` | Add extra environment variables | `[]` |
| `scheduler.extraEnvVars` | Add extra environment variables | `[]` | | `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | | `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` | | `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` |
| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` | | `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` |
| `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` | | `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` |
| `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` | | `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` |
| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` | | `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` |
| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` | | `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | | `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | | `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | | `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` | | `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | | `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` | | `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` | | `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` |
| `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` | | `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` |
| `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` | | `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` |
| `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` | | `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` |
| `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` | | `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
| `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` | | `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | | `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` |
| `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` | | `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `scheduler.priorityClassName` | Priority Class Name | `""` |
| `scheduler.priorityClassName` | Priority Class Name | `""` | | `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | | `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` |
| `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` | | `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` |
| `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` | | `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` |
| `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` | | `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` |
| `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` | | `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` |
| `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` | | `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` |
| `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` | | `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` |
| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` | | `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` |
| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` | | `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` |
| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` | | `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` |
| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` |
### Airflow worker parameters ### Airflow worker parameters
| Name | Description | Value | | Name | Description | Value |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| `worker.image.registry` | Airflow Worker image registry | `docker.io` | | `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
| `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` | | `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.7.2-debian-11-r1` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | | `worker.image.debug` | Enable image debug mode | `false` |
| `worker.image.debug` | Enable image debug mode | `false` | | `worker.command` | Override default container command (useful when using custom images) | `[]` |
| `worker.command` | Override default container command (useful when using custom images) | `[]` | | `worker.args` | Override default container args (useful when using custom images) | `[]` |
| `worker.args` | Override default container args (useful when using custom images) | `[]` | | `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` |
| `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` | | `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` |
| `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` | | `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` |
| `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` | | `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` |
| `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` | | `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` |
| `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` | | `worker.replicaCount` | Number of Airflow worker replicas | `1` |
| `worker.replicaCount` | Number of Airflow worker replicas | `1` | | `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` |
| `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` | | `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | | `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | | `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | | `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | | `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` |
| `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` | | `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | | `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | | `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | | `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` |
| `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` | | `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | | `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | | `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | | `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | | `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` |
| `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` | | `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` |
| `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` | | `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` |
| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` | | `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` |
| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` | | `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | | `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | | `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | | `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` | | `worker.hostAliases` | Deployment pod host aliases | `[]` |
| `worker.hostAliases` | Deployment pod host aliases | `[]` | | `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` | | `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` | | `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` |
| `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` | | `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` |
| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` | | `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` |
| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` | | `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` |
| `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` | | `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` | | `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | | `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` |
| `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` | | `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | | `worker.priorityClassName` | Priority Class Name | `""` |
| `worker.priorityClassName` | Priority Class Name | `""` | | `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | | `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` |
| `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` | | `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` |
| `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` | | `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` |
| `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` | | `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` |
| `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` | | `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` |
| `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` | | `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` |
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` | | `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` |
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` | | `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` |
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` | | `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` |
| `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` | | `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `false` |
| `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `false` | | `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `1` |
| `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `1` | | `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` |
| `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` | | `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` |
| `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` | | `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` |
| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` | | `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` |
| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` | | `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` |
| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` | | `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` |
| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` |
### Airflow git sync parameters ### Airflow git sync parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------- | | ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
| `git.image.registry` | Git image registry | `docker.io` | | `git.image.registry` | Git image registry | `REGISTRY_NAME` |
| `git.image.repository` | Git image repository | `bitnami/git` | | `git.image.repository` | Git image repository | `REPOSITORY_NAME/git` |
| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.42.0-debian-11-r45` | | `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | | `git.image.pullSecrets` | Git image pull secrets | `[]` |
| `git.image.pullSecrets` | Git image pull secrets | `[]` | | `git.dags.enabled` | Enable in order to download DAG files from git repositories. | `false` |
| `git.dags.enabled` | Enable in order to download DAG files from git repositories. | `false` | | `git.dags.repositories` | Array of repositories from which to download DAG files | `[]` |
| `git.dags.repositories` | Array of repositories from which to download DAG files | `[]` | | `git.plugins.enabled` | Enable in order to download Plugins files from git repositories. | `false` |
| `git.plugins.enabled` | Enable in order to download Plugins files from git repositories. | `false` | | `git.plugins.repositories` | Array of repositories from which to download DAG files | `[]` |
| `git.plugins.repositories` | Array of repositories from which to download DAG files | `[]` | | `git.clone.command` | Override cmd | `[]` |
| `git.clone.command` | Override cmd | `[]` | | `git.clone.args` | Override args | `[]` |
| `git.clone.args` | Override args | `[]` | | `git.clone.extraVolumeMounts` | Add extra volume mounts | `[]` |
| `git.clone.extraVolumeMounts` | Add extra volume mounts | `[]` | | `git.clone.extraEnvVars` | Add extra environment variables | `[]` |
| `git.clone.extraEnvVars` | Add extra environment variables | `[]` | | `git.clone.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `git.clone.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | | `git.clone.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `git.clone.extraEnvVarsSecret` | Secret with extra environment variables | `""` | | `git.clone.resources` | Clone init container resource requests and limits | `{}` |
| `git.clone.resources` | Clone init container resource requests and limits | `{}` | | `git.sync.interval` | Interval in seconds to pull the git repository containing the plugins and/or DAG files | `60` |
| `git.sync.interval` | Interval in seconds to pull the git repository containing the plugins and/or DAG files | `60` | | `git.sync.command` | Override cmd | `[]` |
| `git.sync.command` | Override cmd | `[]` | | `git.sync.args` | Override args | `[]` |
| `git.sync.args` | Override args | `[]` | | `git.sync.extraVolumeMounts` | Add extra volume mounts | `[]` |
| `git.sync.extraVolumeMounts` | Add extra volume mounts | `[]` | | `git.sync.extraEnvVars` | Add extra environment variables | `[]` |
| `git.sync.extraEnvVars` | Add extra environment variables | `[]` | | `git.sync.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `git.sync.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | | `git.sync.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `git.sync.extraEnvVarsSecret` | Secret with extra environment variables | `""` | | `git.sync.resources` | Sync sidecar container resource requests and limits | `{}` |
| `git.sync.resources` | Sync sidecar container resource requests and limits | `{}` |
### Airflow ldap parameters ### Airflow ldap parameters
@ -405,53 +404,52 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow metrics parameters ### Airflow metrics parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------- | | ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `docker.io` | | `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` | | `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r438` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | | `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` |
| `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` | | `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` |
| `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` | | `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` |
| `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` | | `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` |
| `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` | | `metrics.resources.limits` | The resources limits for the container | `{}` |
| `metrics.resources.limits` | The resources limits for the container | `{}` | | `metrics.resources.requests` | The requested resources for the container | `{}` |
| `metrics.resources.requests` | The requested resources for the container | `{}` | | `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` | | `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` | | `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` | | `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` | | `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` | | `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` | | `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` | | `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` | | `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` |
| `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` | | `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
| `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` | | `metrics.affinity` | Affinity for pod assignment | `{}` |
| `metrics.affinity` | Affinity for pod assignment | `{}` | | `metrics.nodeSelector` | Node labels for pod assignment | `{}` |
| `metrics.nodeSelector` | Node labels for pod assignment | `{}` | | `metrics.tolerations` | Tolerations for pod assignment | `[]` |
| `metrics.tolerations` | Tolerations for pod assignment | `[]` | | `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` |
| `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` | | `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` |
| `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` | | `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | | `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | | `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` |
| `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` | | `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` | | `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | | `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | | `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | | `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | | `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | | `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | | `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | | `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | | `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
### Airflow database parameters ### Airflow database parameters
@ -491,9 +489,11 @@ helm install my-release \
--set auth.password=my-passsword \ --set auth.password=my-passsword \
--set auth.fernetKey=my-fernet-key \ --set auth.fernetKey=my-fernet-key \
--set auth.secretKey=my-secret-key \ --set auth.secretKey=my-secret-key \
oci://registry-1.docker.io/bitnamicharts/airflow oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the credentials to access the Airflow web UI. The above command sets the credentials to access the Airflow web UI.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -501,9 +501,10 @@ The above command sets the credentials to access the Airflow web UI.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console ```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/airflow helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
``` ```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details ## Configuration and installation details

4
charts/bitnami/airflow/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/airflow/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/airflow/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

6
charts/bitnami/airflow/charts/redis/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-07T00:54:22.108613108Z" generated: "2023-10-19T12:32:36.790999138Z"

8
charts/bitnami/airflow/charts/redis/Chart.yaml
View File

@ -6,12 +6,12 @@ annotations:
- name: redis-exporter - name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0 image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
- name: redis-sentinel - name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r26 image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0
- name: redis - name: redis
image: docker.io/bitnami/redis:7.2.1-debian-11-r26 image: docker.io/bitnami/redis:7.2.2-debian-11-r0
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 7.2.1 appVersion: 7.2.2
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
@ -33,4 +33,4 @@ maintainers:
name: redis name: redis
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis - https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.1.5 version: 18.1.6

20
charts/bitnami/airflow/charts/redis/README.md
View File

@ -97,15 +97,15 @@ The command removes all the Kubernetes components associated with the chart and
### Redis&reg; Image parameters ### Redis&reg; Image parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | | ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | Redis&reg; image registry | `docker.io` | | `image.registry` | Redis&reg; image registry | `docker.io` |
| `image.repository` | Redis&reg; image repository | `bitnami/redis` | | `image.repository` | Redis&reg; image repository | `bitnami/redis` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` | | `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.2.2-debian-11-r0` |
| `image.digest` | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Redis&reg; image pull policy | `IfNotPresent` | | `image.pullPolicy` | Redis&reg; image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Redis&reg; image pull secrets | `[]` | | `image.pullSecrets` | Redis&reg; image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` | | `image.debug` | Enable image debug mode | `false` |
### Redis&reg; common configuration parameters ### Redis&reg; common configuration parameters
@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.enabled` | Use Redis&reg; Sentinel on Redis&reg; pods. | `false` | | `sentinel.enabled` | Use Redis&reg; Sentinel on Redis&reg; pods. | `false` |
| `sentinel.image.registry` | Redis&reg; Sentinel image registry | `docker.io` | | `sentinel.image.registry` | Redis&reg; Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis&reg; Sentinel image repository | `bitnami/redis-sentinel` | | `sentinel.image.repository` | Redis&reg; Sentinel image repository | `bitnami/redis-sentinel` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` | | `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.2.2-debian-11-r0` |
| `sentinel.image.digest` | Redis&reg; Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.digest` | Redis&reg; Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sentinel.image.pullPolicy` | Redis&reg; Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullPolicy` | Redis&reg; Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis&reg; Sentinel image pull secrets | `[]` | | `sentinel.image.pullSecrets` | Redis&reg; Sentinel image pull secrets | `[]` |

4
charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/airflow/charts/redis/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/airflow/charts/redis/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

4
charts/bitnami/airflow/charts/redis/values.yaml
View File

@ -91,7 +91,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis repository: bitnami/redis
tag: 7.2.1-debian-11-r26 tag: 7.2.2-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1056,7 +1056,7 @@ sentinel:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/redis-sentinel repository: bitnami/redis-sentinel
tag: 7.2.1-debian-11-r26 tag: 7.2.2-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

38
charts/bitnami/airflow/values.yaml
View File

@ -111,9 +111,9 @@ dags:
existingConfigmap: "" existingConfigmap: ""
## OS Shell + Utility image ## OS Shell + Utility image
## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
## @param dags.image.registry Init container load-dags image registry ## @param dags.image.registry [default: REGISTRY_NAME] Init container load-dags image registry
## @param dags.image.repository Init container load-dags image repository ## @param dags.image.repository [default: REPOSITORY_NAME/os-shell] Init container load-dags image repository
## @param dags.image.tag Init container load-dags image tag (immutable tags are recommended) ## @skip dags.image.tag Init container load-dags image tag (immutable tags are recommended)
## @param dags.image.digest Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param dags.image.digest Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param dags.image.pullPolicy Init container load-dags image pull policy ## @param dags.image.pullPolicy Init container load-dags image pull policy
## @param dags.image.pullSecrets Init container load-dags image pull secrets ## @param dags.image.pullSecrets Init container load-dags image pull secrets
@ -178,9 +178,9 @@ extraVolumes: []
web: web:
## Bitnami Airflow image version ## Bitnami Airflow image version
## ref: https://hub.docker.com/r/bitnami/airflow/tags/ ## ref: https://hub.docker.com/r/bitnami/airflow/tags/
## @param web.image.registry Airflow image registry ## @param web.image.registry [default: REGISTRY_NAME] Airflow image registry
## @param web.image.repository Airflow image repository ## @param web.image.repository [default: REPOSITORY_NAME/airflow] Airflow image repository
## @param web.image.tag Airflow image tag (immutable tags are recommended) ## @skip web.image.tag Airflow image tag (immutable tags are recommended)
## @param web.image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param web.image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param web.image.pullPolicy Airflow image pull policy ## @param web.image.pullPolicy Airflow image pull policy
## @param web.image.pullSecrets Airflow image pull secrets ## @param web.image.pullSecrets Airflow image pull secrets
@ -188,7 +188,7 @@ web:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/airflow repository: bitnami/airflow
tag: 2.7.2-debian-11-r0 tag: 2.7.2-debian-11-r1
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -435,9 +435,9 @@ web:
scheduler: scheduler:
## Bitnami Airflow Scheduler image version ## Bitnami Airflow Scheduler image version
## ref: https://hub.docker.com/r/bitnami/airflow-scheduler/tags/ ## ref: https://hub.docker.com/r/bitnami/airflow-scheduler/tags/
## @param scheduler.image.registry Airflow Scheduler image registry ## @param scheduler.image.registry [default: REGISTRY_NAME] Airflow Scheduler image registry
## @param scheduler.image.repository Airflow Scheduler image repository ## @param scheduler.image.repository [default: REPOSITORY_NAME/airflow-scheduler] Airflow Scheduler image repository
## @param scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended) ## @skip scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended)
## @param scheduler.image.digest Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param scheduler.image.digest Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param scheduler.image.pullPolicy Airflow Scheduler image pull policy ## @param scheduler.image.pullPolicy Airflow Scheduler image pull policy
## @param scheduler.image.pullSecrets Airflow Scheduler image pull secrets ## @param scheduler.image.pullSecrets Airflow Scheduler image pull secrets
@ -639,9 +639,9 @@ scheduler:
worker: worker:
## Bitnami Airflow Worker image version ## Bitnami Airflow Worker image version
## ref: https://hub.docker.com/r/bitnami/airflow-worker/tags/ ## ref: https://hub.docker.com/r/bitnami/airflow-worker/tags/
## @param worker.image.registry Airflow Worker image registry ## @param worker.image.registry [default: REGISTRY_NAME] Airflow Worker image registry
## @param worker.image.repository Airflow Worker image repository ## @param worker.image.repository [default: REPOSITORY_NAME/airflow-worker] Airflow Worker image repository
## @param worker.image.tag Airflow Worker image tag (immutable tags are recommended) ## @skip worker.image.tag Airflow Worker image tag (immutable tags are recommended)
## @param worker.image.digest Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param worker.image.digest Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param worker.image.pullPolicy Airflow Worker image pull policy ## @param worker.image.pullPolicy Airflow Worker image pull policy
## @param worker.image.pullSecrets Airflow Worker image pull secrets ## @param worker.image.pullSecrets Airflow Worker image pull secrets
@ -913,9 +913,9 @@ worker:
git: git:
## Bitnami Git image version ## Bitnami Git image version
## ref: https://hub.docker.com/r/bitnami/git/tags/ ## ref: https://hub.docker.com/r/bitnami/git/tags/
## @param git.image.registry Git image registry ## @param git.image.registry [default: REGISTRY_NAME] Git image registry
## @param git.image.repository Git image repository ## @param git.image.repository [default: REPOSITORY_NAME/git] Git image repository
## @param git.image.tag Git image tag (immutable tags are recommended) ## @skip git.image.tag Git image tag (immutable tags are recommended)
## @param git.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param git.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param git.image.pullPolicy Git image pull policy ## @param git.image.pullPolicy Git image pull policy
## @param git.image.pullSecrets Git image pull secrets ## @param git.image.pullSecrets Git image pull secrets
@ -1276,9 +1276,9 @@ metrics:
enabled: false enabled: false
## Bitnami Airflow exporter image ## Bitnami Airflow exporter image
## ref: https://hub.docker.com/r/bitnami/airflow-exporter/tags/ ## ref: https://hub.docker.com/r/bitnami/airflow-exporter/tags/
## @param metrics.image.registry Airflow exporter image registry ## @param metrics.image.registry [default: REGISTRY_NAME] Airflow exporter image registry
## @param metrics.image.repository Airflow exporter image repository ## @param metrics.image.repository [default: REPOSITORY_NAME/airflow-exporter] Airflow exporter image repository
## @param metrics.image.tag Airflow exporter image tag (immutable tags are recommended) ## @skip metrics.image.tag Airflow exporter image tag (immutable tags are recommended)
## @param metrics.image.digest Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.digest Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy Airflow exporter image pull policy ## @param metrics.image.pullPolicy Airflow exporter image pull policy
## @param metrics.image.pullSecrets Airflow exporter image pull secrets ## @param metrics.image.pullSecrets Airflow exporter image pull secrets

2
charts/bitnami/mariadb/Chart.yaml
View File

@ -37,4 +37,4 @@ maintainers:
name: mariadb name: mariadb
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb - https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 14.0.3 version: 14.1.0

10
charts/bitnami/mariadb/README.md
View File

@ -24,7 +24,7 @@ MariaDB is developed as open source software and as a relational database it pro
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | | `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | | `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | | `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` | | `primary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | | `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` | | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | | `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | | `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` | | `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | | `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | | `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | | `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | | `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | | `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | | `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |

22
charts/bitnami/mariadb/values.yaml
View File

@ -325,6 +325,8 @@ primary:
## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
@ -332,6 +334,10 @@ primary:
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB primary container's resource requests and limits ## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -721,6 +727,8 @@ secondary:
## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
@ -728,6 +736,10 @@ secondary:
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB secondary container's resource requests and limits ## MariaDB secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -1104,8 +1116,12 @@ metrics:
## MariaDB metrics container Security Context ## MariaDB metrics container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## Example: ## Example:
## containerSecurityContext: ## containerSecurityContext:
## enabled: true ## enabled: true
@ -1116,7 +1132,13 @@ metrics:
containerSecurityContext: containerSecurityContext:
enabled: false enabled: false
privileged: false privileged: false
runAsNonRoot: true
runAsUser: 1001
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Mysqld Prometheus exporter resource requests and limits ## Mysqld Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious

6
charts/bitnami/mysql/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2 version: 2.13.3
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-12T15:20:38.409783798Z" generated: "2023-10-25T13:36:31.889996785Z"

6
charts/bitnami/mysql/Chart.yaml
View File

@ -6,14 +6,14 @@ annotations:
category: Database category: Database
images: | images: |
- name: mysql - name: mysql
image: docker.io/bitnami/mysql:8.0.34-debian-11-r75 image: docker.io/bitnami/mysql:8.0.35-debian-11-r0
- name: mysqld-exporter - name: mysqld-exporter
image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70 image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90 image: docker.io/bitnami/os-shell:11-debian-11-r90
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 8.0.34 appVersion: 8.0.35
dependencies: dependencies:
- name: common - name: common
repository: file://./charts/common repository: file://./charts/common
@ -36,4 +36,4 @@ maintainers:
name: mysql name: mysql
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql - https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 9.13.0 version: 9.14.1

352
charts/bitnami/mysql/README.md
View File

@ -110,182 +110,188 @@ The command removes all the Kubernetes components associated with the chart and
### MySQL Primary parameters ### MySQL Primary parameters
| Name | Description | Value | | Name | Description | Value |
| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- | | ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | | `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | | `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | | `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` |
| `primary.lifecycleHooks` | for the MySQL Primary container(s) to automate configuration before or after startup | `{}` | | `primary.lifecycleHooks` | for the MySQL Primary container(s) to automate configuration before or after startup | `{}` |
| `primary.hostAliases` | Deployment pod host aliases | `[]` | | `primary.hostAliases` | Deployment pod host aliases | `[]` |
| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | | `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` |
| `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | | `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` |
| `primary.updateStrategy.type` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | | `primary.updateStrategy.type` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` |
| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | | `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` |
| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | | `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` |
| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | | `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | | `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` |
| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | | `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` |
| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | | `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` |
| `primary.priorityClassName` | MySQL primary pods' priorityClassName | `""` | | `primary.priorityClassName` | MySQL primary pods' priorityClassName | `""` |
| `primary.runtimeClassName` | MySQL primary pods' runtimeClassName | `""` | | `primary.runtimeClassName` | MySQL primary pods' runtimeClassName | `""` |
| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | | `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `primary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL primary pod needs to terminate gracefully | `""` | | `primary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL primary pod needs to terminate gracefully | `""` |
| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | | `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL primary pods | `""` | | `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL primary pods | `""` |
| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | | `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` |
| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | | `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | | `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` |
| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | | `primary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | | `primary.containerSecurityContext.seccompProfile.type` | Set Client container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | | `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` |
| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` |
| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | | `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | | `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | | `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | | `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | | `primary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | | `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `primary.startupProbe.enabled` | Enable startupProbe | `true` | | `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | | `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `primary.startupProbe.enabled` | Enable startupProbe | `true` |
| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | | `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` |
| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | | `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | | `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | | `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `primary.extraFlags` | MySQL primary additional command line flags | `""` | | `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` |
| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | | `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` |
| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | | `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` |
| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | | `primary.extraFlags` | MySQL primary additional command line flags | `""` |
| `primary.extraPorts` | Extra ports to expose | `[]` | | `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` |
| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | | `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` |
| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` | | `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` |
| `primary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | | `primary.extraPorts` | Extra ports to expose | `[]` |
| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` | | `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` |
| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | | `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` |
| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` | | `primary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` |
| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | | `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` |
| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | | `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` |
| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | | `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` |
| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | | `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` |
| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | | `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | | `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` |
| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | | `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` |
| `primary.service.ports.mysql` | MySQL Primary K8s service port | `3306` | | `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` |
| `primary.service.nodePorts.mysql` | MySQL Primary K8s service node port | `""` | | `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` |
| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | | `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` |
| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | | `primary.service.ports.mysql` | MySQL Primary K8s service port | `3306` |
| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | | `primary.service.nodePorts.mysql` | MySQL Primary K8s service node port | `""` |
| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | | `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` |
| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | | `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `primary.service.annotations` | Additional custom annotations for MySQL primary service | `{}` | | `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | | `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` |
| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `primary.service.headless.annotations` | Additional custom annotations for headless MySQL primary service. | `{}` | | `primary.service.annotations` | Additional custom annotations for MySQL primary service | `{}` |
| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | | `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | | `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | | `primary.service.headless.annotations` | Additional custom annotations for headless MySQL primary service. | `{}` |
| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | | `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` |
| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` |
| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` |
| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` |
### MySQL Secondary parameters ### MySQL Secondary parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- | | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | | `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | | `secondary.replicaCount` | Number of MySQL secondary replicas | `1` |
| `secondary.hostAliases` | Deployment pod host aliases | `[]` | | `secondary.hostAliases` | Deployment pod host aliases | `[]` |
| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | | `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | | `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` |
| `secondary.lifecycleHooks` | for the MySQL Secondary container(s) to automate configuration before or after startup | `{}` | | `secondary.lifecycleHooks` | for the MySQL Secondary container(s) to automate configuration before or after startup | `{}` |
| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | | `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` |
| `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | | `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` |
| `secondary.updateStrategy.type` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | | `secondary.updateStrategy.type` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` |
| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | | `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` |
| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | | `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` |
| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | | `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` |
| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | | `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` |
| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | | `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` |
| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | | `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` |
| `secondary.priorityClassName` | MySQL secondary pods' priorityClassName | `""` | | `secondary.priorityClassName` | MySQL secondary pods' priorityClassName | `""` |
| `secondary.runtimeClassName` | MySQL secondary pods' runtimeClassName | `""` | | `secondary.runtimeClassName` | MySQL secondary pods' runtimeClassName | `""` |
| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | | `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `secondary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL secondary pod needs to terminate gracefully | `""` | | `secondary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL secondary pod needs to terminate gracefully | `""` |
| `secondary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | | `secondary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL secondary pods | `""` | | `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL secondary pods | `""` |
| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | | `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` |
| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | | `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` |
| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | | `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | | `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` |
| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | | `secondary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | | `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | | `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` |
| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | | `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` |
| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | | `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | | `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | | `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | | `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | | `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | | `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | | `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | | `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | | `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | | `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | | `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | | `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | | `secondary.startupProbe.enabled` | Enable startupProbe | `true` |
| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | | `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` |
| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | | `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | | `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | | `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | | `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` |
| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | | `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` |
| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | | `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` |
| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | | `secondary.extraFlags` | MySQL secondary additional command line flags | `""` |
| `secondary.extraPorts` | Extra ports to expose | `[]` | | `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` |
| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | | `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` |
| `secondary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas | `""` | | `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` |
| `secondary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | | `secondary.extraPorts` | Extra ports to expose | `[]` |
| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` | | `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` |
| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | | `secondary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas | `""` |
| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` | | `secondary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` |
| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | | `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` |
| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | | `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` |
| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | | `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` |
| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | | `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` |
| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | | `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` |
| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | | `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` |
| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | | `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` |
| `secondary.service.ports.mysql` | MySQL secondary Kubernetes service port | `3306` | | `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` |
| `secondary.service.nodePorts.mysql` | MySQL secondary Kubernetes service node port | `""` | | `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` |
| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | | `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` |
| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | | `secondary.service.ports.mysql` | MySQL secondary Kubernetes service port | `3306` |
| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | | `secondary.service.nodePorts.mysql` | MySQL secondary Kubernetes service node port | `""` |
| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | | `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` |
| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | | `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` |
| `secondary.service.annotations` | Additional custom annotations for MySQL secondary service | `{}` | | `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | | `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` |
| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `secondary.service.headless.annotations` | Additional custom annotations for headless MySQL secondary service. | `{}` | | `secondary.service.annotations` | Additional custom annotations for MySQL secondary service | `{}` |
| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | | `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | | `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | | `secondary.service.headless.annotations` | Additional custom annotations for headless MySQL secondary service. | `{}` |
| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | | `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` |
| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` |
| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` |
| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` |
### RBAC parameters ### RBAC parameters

4
charts/bitnami/mysql/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.13.2 appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.13.2 version: 2.13.3

4
charts/bitnami/mysql/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites ## Prerequisites
- Kubernetes 1.19+ - Kubernetes 1.23+
- Helm 3.2.0+ - Helm 3.8.0+
## Parameters ## Parameters

4
charts/bitnami/mysql/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/* {{/*
Returns true if AdmissionConfiguration is supported Returns true if AdmissionConfiguration is supported
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.supported" -}} {{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}} {{- true -}}
{{- end -}} {{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/* {{/*
Return the appropriate apiVersion for AdmissionConfiguration. Return the appropriate apiVersion for AdmissionConfiguration.
*/}} */}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} {{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}} {{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} {{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

18
charts/bitnami/mysql/values.yaml
View File

@ -85,7 +85,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/mysql repository: bitnami/mysql
tag: 8.0.34-debian-11-r75 tag: 8.0.35-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -320,11 +320,19 @@ primary:
## @param primary.containerSecurityContext.enabled MySQL primary container securityContext ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext
## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container
## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
## @param primary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.seccompProfile.type Set Client container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MySQL primary container's resource requests and limits ## MySQL primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -698,11 +706,19 @@ secondary:
## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container
## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
## @param secondary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
runAsNonRoot: true runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MySQL secondary container's resource requests and limits ## MySQL secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious

6
charts/bitnami/wordpress/Chart.lock
View File

@ -4,9 +4,9 @@ dependencies:
version: 6.6.7 version: 6.6.7
- name: mariadb - name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 14.0.3 version: 14.1.0
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3 version: 2.13.3
digest: sha256:71a3286fadd425374117a24310d8b00d17a64ed43220b1a05492df31bee54036 digest: sha256:33dedb4663f9ae749ac6e28fd296a17b61104270ebdfd7f3aa17f6a08d32c963
generated: "2023-10-24T00:18:57.948707298Z" generated: "2023-10-25T15:16:14.675651715Z"

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90 image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: wordpress - name: wordpress
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r1 image: docker.io/bitnami/wordpress:6.3.2-debian-11-r3
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 6.3.2 appVersion: 6.3.2
@ -47,4 +47,4 @@ maintainers:
name: wordpress name: wordpress
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 18.0.8 version: 18.0.10

2
charts/bitnami/wordpress/charts/mariadb/Chart.yaml
View File

@ -33,4 +33,4 @@ maintainers:
name: mariadb name: mariadb
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb - https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 14.0.3 version: 14.1.0

10
charts/bitnami/wordpress/charts/mariadb/README.md
View File

@ -24,7 +24,7 @@ MariaDB is developed as open source software and as a relational database it pro
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites ## Prerequisites
@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | | `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | | `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | | `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` | | `primary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | | `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` | | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | | `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | | `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` | | `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | | `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | | `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | | `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | | `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | | `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | | `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |

22
charts/bitnami/wordpress/charts/mariadb/values.yaml
View File

@ -325,6 +325,8 @@ primary:
## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
@ -332,6 +334,10 @@ primary:
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB primary container's resource requests and limits ## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -721,6 +727,8 @@ secondary:
## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## ##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
@ -728,6 +736,10 @@ secondary:
runAsNonRoot: true runAsNonRoot: true
privileged: false privileged: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB secondary container's resource requests and limits ## MariaDB secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious
@ -1104,8 +1116,12 @@ metrics:
## MariaDB metrics container Security Context ## MariaDB metrics container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## Example: ## Example:
## containerSecurityContext: ## containerSecurityContext:
## enabled: true ## enabled: true
@ -1116,7 +1132,13 @@ metrics:
containerSecurityContext: containerSecurityContext:
enabled: false enabled: false
privileged: false privileged: false
runAsNonRoot: true
runAsUser: 1001
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Mysqld Prometheus exporter resource requests and limits ## Mysqld Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious ## We usually recommend not to specify default resources and to leave this as a conscious

2
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/wordpress repository: bitnami/wordpress
tag: 6.3.2-debian-11-r1 tag: 6.3.2-debian-11-r3
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

12
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,17 @@
# Datadog changelog # Datadog changelog
## 3.42.0
* Allow enabling SBOM collection for host and container images.
## 3.41.0
* Enable container lifecycle events collection by default.
## 3.40.4
* Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService`
## 3.40.3 ## 3.40.3
* Default `Agent` and `Cluster-Agent` to `7.48.1` version. * Default `Agent` and `Cluster-Agent` to `7.48.1` version.

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources: sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes - https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent - https://github.com/DataDog/datadog-agent
version: 3.40.3 version: 3.42.0

7
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog # Datadog
![Version: 3.40.3](https://img.shields.io/badge/Version-3.40.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) ![Version: 3.42.0](https://img.shields.io/badge/Version-3.42.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -520,6 +520,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
| clusterAgent.metricsProvider.enabled | bool | `false` | Set this to true to enable Metrics Provider | | clusterAgent.metricsProvider.enabled | bool | `false` | Set this to true to enable Metrics Provider |
| clusterAgent.metricsProvider.endpoint | string | `nil` | Override the external metrics provider endpoint. If not set, the cluster-agent defaults to `datadog.site` | | clusterAgent.metricsProvider.endpoint | string | `nil` | Override the external metrics provider endpoint. If not set, the cluster-agent defaults to `datadog.site` |
| clusterAgent.metricsProvider.registerAPIService | bool | `true` | Set this to false to disable external metrics registration as an APIService |
| clusterAgent.metricsProvider.service.port | int | `8443` | Set port of cluster-agent metrics server service (Kubernetes >= 1.15) | | clusterAgent.metricsProvider.service.port | int | `8443` | Set port of cluster-agent metrics server service (Kubernetes >= 1.15) |
| clusterAgent.metricsProvider.service.type | string | `"ClusterIP"` | Set type of cluster-agent metrics server service | | clusterAgent.metricsProvider.service.type | string | `"ClusterIP"` | Set type of cluster-agent metrics server service |
| clusterAgent.metricsProvider.useDatadogMetrics | bool | `false` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries | | clusterAgent.metricsProvider.useDatadogMetrics | bool | `false` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries |
@ -611,9 +612,11 @@ helm install <RELEASE_NAME> \
| datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list | | datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list |
| datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list | | datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list |
| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata |
| datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in the Autodiscovery | | datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in the Autodiscovery |
| datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list |
| datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list | | datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list |
| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection |
| datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. |
| datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) |
| datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL |
@ -693,6 +696,8 @@ helm install <RELEASE_NAME> \
| datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. |
| datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. |
| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead |
| datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images |
| datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems |
| datadog.secretAnnotations | object | `{}` | | | datadog.secretAnnotations | object | `{}` | |
| datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). |
| datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. | | datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. |

20
charts/datadog/datadog/templates/_container-agent.yaml
View File

@ -150,12 +150,32 @@
- name: DD_CHECKS_TAG_CARDINALITY - name: DD_CHECKS_TAG_CARDINALITY
value: {{ .Values.datadog.checksCardinality | quote }} value: {{ .Values.datadog.checksCardinality | quote }}
{{- end }} {{- end }}
{{- if .Values.datadog.containerLifecycle.enabled }}
- name: DD_CONTAINER_LIFECYCLE_ENABLED
value: {{ .Values.datadog.containerLifecycle.enabled | quote }}
{{- end }}
- name: DD_ORCHESTRATOR_EXPLORER_ENABLED - name: DD_ORCHESTRATOR_EXPLORER_ENABLED
value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }}
- name: DD_EXPVAR_PORT - name: DD_EXPVAR_PORT
value: {{ .Values.datadog.expvarPort | quote }} value: {{ .Values.datadog.expvarPort | quote }}
- name: DD_COMPLIANCE_CONFIG_ENABLED - name: DD_COMPLIANCE_CONFIG_ENABLED
value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }}
{{- if eq (include "should-enable-container-image-collection" .) "true" }}
- name: DD_CONTAINER_IMAGE_ENABLED
value: "true"
{{- end }}
{{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }}
- name: DD_SBOM_ENABLED
value: "true"
{{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }}
- name: DD_SBOM_CONTAINER_IMAGE_ENABLED
value: "true"
{{- end }}
{{- if .Values.datadog.sbom.host.enabled }}
- name: DD_SBOM_HOST_ENABLED
value: "true"
{{- end }}
{{- end }}
{{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }}
{{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }}
volumeMounts: volumeMounts:

29
charts/datadog/datadog/templates/_helpers.tpl
View File

@ -846,4 +846,33 @@ Create RBACs for custom resources
- list - list
- watch - watch
{{- end }} {{- end }}
{{- end }}
{{/*
Return true if container image collection is enabled
*/}}
{{- define "should-enable-container-image-collection" -}}
{{- if and (not .Values.datadog.containerRuntimeSupport.enabled)
(or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}}
{{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}}
{{- end -}}
{{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}
{{/*
Return true if SBOM collection for container image is enabled
*/}}
{{- define "should-enable-sbom-container-image-collection" -}}
{{- if .Values.datadog.sbom.containerImage.enabled -}}
{{- if not (eq (include "should-enable-container-image-collection" .) "true") -}}
{{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}}
{{- end -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}} {{- end -}}

2
charts/datadog/datadog/templates/agent-apiservice.yaml
View File

@ -1,4 +1,4 @@
{{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled -}} {{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.registerAPIService -}}
apiVersion: apiregistration.k8s.io/v1 apiVersion: apiregistration.k8s.io/v1
kind: APIService kind: APIService
metadata: metadata:

2
charts/datadog/datadog/templates/hpa-external-metrics-rbac.yaml
View File

@ -1,4 +1,4 @@
{{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}} {{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.registerAPIService .Values.clusterAgent.metricsProvider.createReaderRbac -}}
apiVersion: {{ template "rbac.apiVersion" . }} apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRole kind: ClusterRole
metadata: metadata:

22
charts/datadog/datadog/values.yaml
View File

@ -629,6 +629,11 @@ datadog:
# datadog.systemProbe.enableDefaultKernelHeadersPaths -- Enable mount of default paths where kernel headers are stored # datadog.systemProbe.enableDefaultKernelHeadersPaths -- Enable mount of default paths where kernel headers are stored
enableDefaultKernelHeadersPaths: true enableDefaultKernelHeadersPaths: true
containerImageCollection:
# datadog.containerImageCollection.enabled -- Enable collection of container image metadata
enabled: false
orchestratorExplorer: orchestratorExplorer:
# datadog.orchestratorExplorer.enabled -- Set this to false to disable the orchestrator explorer # datadog.orchestratorExplorer.enabled -- Set this to false to disable the orchestrator explorer
@ -675,6 +680,16 @@ datadog:
# datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring
enabled: false enabled: false
# Software Bill of Materials configuration
sbom:
containerImage:
# datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images
enabled: false
host:
# datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems
enabled: false
## Enable security agent and provide custom configs ## Enable security agent and provide custom configs
securityAgent: securityAgent:
compliance: compliance:
@ -824,6 +839,10 @@ datadog:
## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#pause-containers ## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#pause-containers
excludePauseContainer: true excludePauseContainer: true
containerLifecycle:
# datadog.containerLifecycle.enabled -- Enable container lifecycle events collection
enabled: true
## This is the Datadog Cluster Agent implementation that handles cluster-wide ## This is the Datadog Cluster Agent implementation that handles cluster-wide
## metrics more cleanly, separates concerns for better rbac, and implements ## metrics more cleanly, separates concerns for better rbac, and implements
## the external metrics API so you can autoscale HPAs based on datadog metrics ## the external metrics API so you can autoscale HPAs based on datadog metrics
@ -926,6 +945,9 @@ clusterAgent:
# clusterAgent.metricsProvider.enabled -- Set this to true to enable Metrics Provider # clusterAgent.metricsProvider.enabled -- Set this to true to enable Metrics Provider
enabled: false enabled: false
# clusterAgent.metricsProvider.registerAPIService -- Set this to false to disable external metrics registration as an APIService
registerAPIService: true
# clusterAgent.metricsProvider.wpaController -- Enable informer and controller of the watermark pod autoscaler # clusterAgent.metricsProvider.wpaController -- Enable informer and controller of the watermark pod autoscaler
## Note: You need to install the `WatermarkPodAutoscaler` CRD before ## Note: You need to install the `WatermarkPodAutoscaler` CRD before

4
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,8 +1,8 @@
# JFrog Artifactory-ha Chart Changelog # JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file All changes to this chart will be documented in this file
## [107.68.14] - Sep 20, 2023 ## [107.71.3] - Sep 18, 2023
* Fixed rtfs context * Adjust rtfs context
* Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815) * Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)
## [107.68.8] - Sep 18, 2023 ## [107.68.8] - Sep 18, 2023

4
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2 apiVersion: v2
appVersion: 7.68.14 appVersion: 7.71.3
dependencies: dependencies:
- condition: postgresql.enabled - condition: postgresql.enabled
name: postgresql name: postgresql
@ -26,4 +26,4 @@ name: artifactory-ha
sources: sources:
- https://github.com/jfrog/charts - https://github.com/jfrog/charts
type: application type: application
version: 107.68.14 version: 107.71.3

44
charts/jfrog/artifactory-ha/values.yaml
View File

@ -41,7 +41,7 @@ global:
## String to fully override artifactory-ha.fullname template ## String to fully override artifactory-ha.fullname template
## ##
# fullnameOverride: # fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691 initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717
installer: installer:
type: type:
platform: platform:
@ -181,12 +181,12 @@ postgresql:
capabilities: capabilities:
drop: drop:
- ALL - ALL
# requests: # requests:
# memory: "512Mi" # memory: "512Mi"
# cpu: "100m" # cpu: "100m"
# limits: # limits:
# memory: "1Gi" # memory: "1Gi"
# cpu: "500m" # cpu: "500m"
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you MUST specify custom database details here or Artifactory will NOT start ## you MUST specify custom database details here or Artifactory will NOT start
database: database:
@ -214,7 +214,7 @@ logger:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal repository: ubi9/ubi-minimal
tag: 9.2.691 tag: 9.2.717
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` ## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws: aws:
@ -239,7 +239,7 @@ router:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: jfrog/router repository: jfrog/router
tag: 7.77.0 tag: 7.81.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
serviceRegistry: serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled ## Service registry (Access) TLS verification skipped if enabled
@ -266,9 +266,9 @@ router:
preStop: preStop:
exec: exec:
command: ["sh", "-c", "while [[ $(curl --fail --silent --connect-timeout 2 http://localhost:8081/artifactory/api/v1/system/liveness) =~ OK ]]; do echo Artifactory is still alive; sleep 2; done"] command: ["sh", "-c", "while [[ $(curl --fail --silent --connect-timeout 2 http://localhost:8081/artifactory/api/v1/system/liveness) =~ OK ]]; do echo Artifactory is still alive; sleep 2; done"]
# postStart: # postStart:
# exec: # exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"]
## Add custom volumesMounts ## Add custom volumesMounts
customVolumeMounts: "" customVolumeMounts: ""
# - name: custom-script # - name: custom-script
@ -904,16 +904,16 @@ artifactory:
## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }}
dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data"
backupDir: "/var/opt/jfrog/artifactory-backup" backupDir: "/var/opt/jfrog/artifactory-backup"
## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes.
## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1)
## Create PVCs with ReadWriteMany that match the naming convetions: ## Create PVCs with ReadWriteMany that match the naming convetions:
## {{ template "artifactory-ha.fullname" . }}-data-pvc-<claim-ordinal> ## {{ template "artifactory-ha.fullname" . }}-data-pvc-<claim-ordinal>
## {{ template "artifactory-ha.fullname" . }}-backup-pvc ## {{ template "artifactory-ha.fullname" . }}-backup-pvc
## Example (using numberOfExistingClaims: 2) ## Example (using numberOfExistingClaims: 2)
## myexample-data-pvc-0 ## myexample-data-pvc-0
## myexample-data-pvc-1 ## myexample-data-pvc-1
## myexample-backup-pvc ## myexample-backup-pvc
## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive.
## For artifactory.persistence.type nfs ## For artifactory.persistence.type nfs
## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes
## cluster nodes. ## cluster nodes.

2
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog # JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file. All changes to this chart will be documented in this file.
## [107.68.14] - Jul 20, 2023 ## [107.71.3] - Jul 20, 2023
* Disabled federation services when splitServicesToContainers=true * Disabled federation services when splitServicesToContainers=true
## [107.45.0] - Aug 25, 2022 ## [107.45.0] - Aug 25, 2022

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2 apiVersion: v2
appVersion: 7.68.14 appVersion: 7.71.3
dependencies: dependencies:
- name: artifactory - name: artifactory
repository: file://./charts/artifactory repository: file://./charts/artifactory
version: 107.68.14 version: 107.71.3
description: JFrog Container Registry description: JFrog Container Registry
home: https://jfrog.com/container-registry/ home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources: sources:
- https://github.com/jfrog/charts - https://github.com/jfrog/charts
type: application type: application
version: 107.68.14 version: 107.71.3

4
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,8 +1,8 @@
# JFrog Artifactory Chart Changelog # JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file. All changes to this chart will be documented in this file.
## [107.68.14] - Sep 20, 2023 ## [107.71.3] - Sep 18, 2023
* Fixed rtfs context * Adjust rtfs context
* Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815) * Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)
## [107.68.8] - Sep 18, 2023 ## [107.68.8] - Sep 18, 2023

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 7.68.14 appVersion: 7.71.3
dependencies: dependencies:
- condition: postgresql.enabled - condition: postgresql.enabled
name: postgresql name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources: sources:
- https://github.com/jfrog/charts - https://github.com/jfrog/charts
type: application type: application
version: 107.68.14 version: 107.71.3

24
charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
View File

@ -42,7 +42,7 @@ global:
## String to fully override artifactory.fullname template ## String to fully override artifactory.fullname template
## ##
# fullnameOverride: # fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691 initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717
# Init containers # Init containers
initContainers: initContainers:
resources: resources:
@ -162,7 +162,7 @@ logger:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal repository: ubi9/ubi-minimal
tag: 9.2.691 tag: 9.2.717
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` ## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws: aws:
@ -187,7 +187,7 @@ router:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: jfrog/router repository: jfrog/router
tag: 7.77.0 tag: 7.81.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
serviceRegistry: serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled ## Service registry (Access) TLS verification skipped if enabled
@ -214,9 +214,9 @@ router:
preStop: preStop:
exec: exec:
command: ["sh", "-c", "while [[ $(curl --fail --silent --connect-timeout 2 http://localhost:8081/artifactory/api/v1/system/liveness) =~ OK ]]; do echo Artifactory is still alive; sleep 2; done"] command: ["sh", "-c", "while [[ $(curl --fail --silent --connect-timeout 2 http://localhost:8081/artifactory/api/v1/system/liveness) =~ OK ]]; do echo Artifactory is still alive; sleep 2; done"]
# postStart: # postStart:
# exec: # exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"]
## Add custom volumesMounts ## Add custom volumesMounts
customVolumeMounts: "" customVolumeMounts: ""
# - name: custom-script # - name: custom-script
@ -1861,12 +1861,12 @@ postgresql:
capabilities: capabilities:
drop: drop:
- ALL - ALL
# requests: # requests:
# memory: "512Mi" # memory: "512Mi"
# cpu: "100m" # cpu: "100m"
# limits: # limits:
# memory: "1Gi" # memory: "1Gi"
# cpu: "500m" # cpu: "500m"
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## specify custom database details here or leave empty and Artifactory will use embedded derby ## specify custom database details here or leave empty and Artifactory will use embedded derby
database: database:

6
charts/jfrog/artifactory-jcr/values.yaml
View File

@ -69,4 +69,8 @@ postgresql:
enabled: true enabled: true
router: router:
image: image:
tag: 7.77.0 tag: 7.81.0
logger:
image:
tag: 9.2.717
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717

6
charts/kasten/k10/Chart.lock
View File

@ -1,9 +1,9 @@
dependencies: dependencies:
- name: grafana - name: grafana
repository: "" repository: ""
version: 6.59.4 version: 6.60.6
- name: prometheus - name: prometheus
repository: "" repository: ""
version: 23.3.0 version: 23.3.0
digest: sha256:498161c215e2844ce0a26e96cb5c430fcd3e9a5db225a7ab06ec88d5445eee42 digest: sha256:742c8bb60a7bdc54588a1823848e117fe9498fb841eb11270f486a297534997c
generated: "2023-10-10T16:10:31.808394604Z" generated: "2023-10-25T10:10:45.774911186Z"

6
charts/kasten/k10/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10 catalog.cattle.io/release-name: k10
apiVersion: v2 apiVersion: v2
appVersion: 6.0.9 appVersion: 6.0.11
dependencies: dependencies:
- name: grafana - name: grafana
repository: file://./charts/grafana repository: file://./charts/grafana
version: 6.59.4 version: 6.60.6
- name: prometheus - name: prometheus
repository: file://./charts/prometheus repository: file://./charts/prometheus
version: 23.3.0 version: 23.3.0
@ -19,4 +19,4 @@ maintainers:
- email: contact@kasten.io - email: contact@kasten.io
name: kastenIO name: kastenIO
name: k10 name: k10
version: 6.0.901 version: 6.0.1101

4
charts/kasten/k10/charts/grafana/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
- name: Upstream Project - name: Upstream Project
url: https://github.com/grafana/grafana url: https://github.com/grafana/grafana
apiVersion: v2 apiVersion: v2
appVersion: 10.1.1 appVersion: 10.1.5
description: The leading tool for querying and visualizing time series and metrics. description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net home: https://grafana.net
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@ -30,4 +30,4 @@ sources:
- https://github.com/grafana/grafana - https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts - https://github.com/grafana/helm-charts
type: application type: application
version: 6.59.4 version: 6.60.6

24
charts/kasten/k10/charts/grafana/templates/_helpers.tpl
View File

@ -201,3 +201,27 @@ Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Checks whether or not the configSecret secret has to be created
*/}}
{{- define "grafana.shouldCreateConfigSecret" -}}
{{- $secretFound := false -}}
{{- range $key, $value := .Values.datasources }}
{{- if hasKey $value "secret" }}
{{- $secretFound = true}}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if hasKey $value "secret" }}
{{- $secretFound = true}}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{- if (or (hasKey $value "secret") (hasKey $value "secretFile")) }}
{{- $secretFound = true}}
{{- end }}
{{- end }}
{{- $secretFound}}
{{- end -}}

2
charts/kasten/k10/charts/grafana/templates/clusterrole.yaml
View File

@ -1,5 +1,5 @@
{{- if .Values.enabled -}} {{- if .Values.enabled -}}
{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingRole) }} {{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }}
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:

4
charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml
View File

@ -16,8 +16,8 @@ subjects:
namespace: {{ include "grafana.namespace" . }} namespace: {{ include "grafana.namespace" . }}
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
{{- if .Values.rbac.useExistingRole }} {{- if .Values.rbac.useExistingClusterRole }}
name: {{ .Values.rbac.useExistingRole }} name: {{ .Values.rbac.useExistingClusterRole }}
{{- else }} {{- else }}
name: {{ include "grafana.fullname" . }}-clusterrole name: {{ include "grafana.fullname" . }}-clusterrole
{{- end }} {{- end }}

43
charts/kasten/k10/charts/grafana/templates/configSecret.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}}
{{- if and .Values.createConfigmap $createConfigSecret }}
{{- $files := .Files }}
{{- $root := . -}}
apiVersion: v1
kind: Secret
metadata:
name: "{{ include "grafana.fullname" . }}-config-secret"
namespace: {{ include "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "secretFile") }}
{{- $key | nindent 2 }}:
{{- toYaml ( $files.Get $value.secretFile ) | b64enc | nindent 4}}
{{/* as of https://helm.sh/docs/chart_template_guide/accessing_files/ this will only work if you fork this chart and add files to it*/}}
{{- end }}
{{- end }}
stringData:
{{- range $key, $value := .Values.datasources }}
{{- if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{ if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value.secret | nindent 4) $root }}
{{- end }}
{{- end }}
{{- end }}

6
charts/kasten/k10/charts/grafana/templates/configmap.yaml
View File

@ -45,19 +45,25 @@ data:
{{- end }} {{- end }}
{{- range $key, $value := .Values.datasources }} {{- range $key, $value := .Values.datasources }}
{{- if not (hasKey $value "secret") }}
{{- $key | nindent 2 }}: | {{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }} {{- tpl (toYaml $value | nindent 4) $root }}
{{- end }} {{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }} {{- range $key, $value := .Values.notifiers }}
{{- if not (hasKey $value "secret") }}
{{- $key | nindent 2 }}: | {{- $key | nindent 2 }}: |
{{- toYaml $value | nindent 4 }} {{- toYaml $value | nindent 4 }}
{{- end }} {{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }} {{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "file") }} {{- if (hasKey $value "file") }}
{{- $key | nindent 2 }}: {{- $key | nindent 2 }}:
{{- toYaml ( $files.Get $value.file ) | nindent 4}} {{- toYaml ( $files.Get $value.file ) | nindent 4}}
{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
{{/* will be stored inside secret generated by "configSecret.yaml"*/}}
{{- else }} {{- else }}
{{- $key | nindent 2 }}: | {{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }} {{- tpl (toYaml $value | nindent 4) $root }}

3
charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml
View File

@ -10,6 +10,9 @@ metadata:
labels: labels:
{{- include "grafana.labels" $ | nindent 4 }} {{- include "grafana.labels" $ | nindent 4 }}
dashboard-provider: {{ $provider }} dashboard-provider: {{ $provider }}
{{- if $.Values.sidecar.dashboards.enabled }}
{{ $.Values.sidecar.dashboards.label }}: {{ $.Values.sidecar.dashboards.labelValue | quote }}
{{- end }}
{{- if $dashboards }} {{- if $dashboards }}
data: data:
{{- $dashboardFound := false }} {{- $dashboardFound := false }}

36
charts/kasten/k10/charts/grafana/values.yaml
View File

@ -16,7 +16,8 @@ global:
rbac: rbac:
create: true create: true
## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
# useExistingRole: name-of-some-(cluster)role # useExistingRole: name-of-some-role
# useExistingClusterRole: name-of-some-clusterRole
pspEnabled: false pspEnabled: false
pspUseAppArmor: false pspUseAppArmor: false
namespaced: false namespaced: false
@ -203,7 +204,7 @@ serviceMonitor:
path: /metrics path: /metrics
# namespace: monitoring (defaults to use the namespace this chart is deployed to) # namespace: monitoring (defaults to use the namespace this chart is deployed to)
labels: {} labels: {}
interval: 1m interval: 30s
scheme: http scheme: http
tlsConfig: {} tlsConfig: {}
scrapeTimeout: 30s scrapeTimeout: 30s
@ -617,21 +618,22 @@ alerting: {}
# labels: # labels:
# team: sre_team_1 # team: sre_team_1
# contactpoints.yaml: # contactpoints.yaml:
# apiVersion: 1 # secret:
# contactPoints: # apiVersion: 1
# - orgId: 1 # contactPoints:
# name: cp_1 # - orgId: 1
# receivers: # name: cp_1
# - uid: first_uid # receivers:
# type: pagerduty # - uid: first_uid
# settings: # type: pagerduty
# integrationKey: XXX # settings:
# severity: critical # integrationKey: XXX
# class: ping failure # severity: critical
# component: Grafana # class: ping failure
# group: app-stack # component: Grafana
# summary: | # group: app-stack
# {{ `{{ include "default.message" . }}` }} # summary: |
# {{ `{{ include "default.message" . }}` }}
## Configure notifiers ## Configure notifiers
## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels ## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels

7
charts/kasten/k10/templates/NOTES.txt
View File

@ -42,7 +42,6 @@ To establish a connection to it use the following `kubectl` command:
`kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.service.externalPort }}` `kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.service.externalPort }}`
The Kasten dashboard will be available at: `http{{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}s{{ end }}://127.0.0.1:8080/{{ .Release.Name }}/#/` The Kasten dashboard will be available at: `http{{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}s{{ end }}://127.0.0.1:8080/{{ .Release.Name }}/#/`
{{ if and ( .Values.metering.awsManagedLicense ) ( not .Values.metering.licenseConfigSecretName ) }} {{ if and ( .Values.metering.awsManagedLicense ) ( not .Values.metering.licenseConfigSecretName ) }}
IAM Role created during installation need to have permissions that allow K10 to IAM Role created during installation need to have permissions that allow K10 to
@ -57,3 +56,9 @@ Refer to `https://docs.kasten.io/latest/install/aws-containers-anywhere/aws-cont
for more information. for more information.
{{ end }} {{ end }}
{{- if .Values.auth.dex.enabled }}
--------------------
Deprecation warning: The `auth.dex` block of values will be deprecated in favor of `auth.openshift` and `auth.ldap` in version 6.5.
--------------------
{{- end }}

2
charts/kasten/k10/templates/_definitions.tpl
View File

@ -210,5 +210,5 @@ state-svc:
{{- define "k10.multiClusterVersion" -}}2{{- end -}} {{- define "k10.multiClusterVersion" -}}2{{- end -}}
{{- define "k10.mcExternalPort" -}}18000{{- end -}} {{- define "k10.mcExternalPort" -}}18000{{- end -}}
{{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}} {{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.97.0{{- end -}} {{- define "k10.kanisterToolsImageTag" -}}0.98.0{{- end -}}
{{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}} {{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}}

138
charts/kasten/k10/templates/_helpers.tpl
View File

@ -110,6 +110,20 @@
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "k10.capabilities" -}}
{{- /* Internal capabilities enabled by other Helm values are added here */ -}}
{{- $internal_capabilities := list -}}
{{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
{{- end -}}
{{- define "k10.capabilities_mask" -}}
{{- /* Internal capabilities masked by other Helm values are added here */ -}}
{{- $internal_capabilities_mask := list -}}
{{- concat $internal_capabilities_mask (.Values.capabilitiesMask | default list) | join " " -}}
{{- end -}}
{{/* Check if basic auth is needed */}} {{/* Check if basic auth is needed */}}
{{- define "basicauth.check" -}} {{- define "basicauth.check" -}}
{{- if .Values.auth.basicAuth.enabled }} {{- if .Values.auth.basicAuth.enabled }}
@ -430,16 +444,6 @@ Check if AWS creds are specified
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Check if kanister-tools image has k10- in name
this means we need to overwrite kanister image in the system
*/}}
{{- define "overwite.kanisterToolsImage" -}}
{{- if or .Values.global.airgapped.repository .Values.global.rhMarketPlace -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Check if Azure MSI with Default ID is specified Check if Azure MSI with Default ID is specified
*/}} */}}
@ -480,25 +484,32 @@ Checks and enforces only 1 set of azure creds is specified
{{- end -}} {{- end -}}
{{/* {{/*
Figure out the kanisterToolsImage.image based on Get the kanister-tools image.
the value of airgapped.repository value
The details on how these image are being generated
is in below issue
https://kasten.atlassian.net/browse/K10-4036
Using substr to remove repo from kanisterToolsImage
*/}} */}}
{{- define "get.kanisterToolsImage" }} {{- define "get.kanisterToolsImage" -}}
{{- if not .Values.global.rhMarketPlace }} {{- (get .Values.global.images (include "kan.kanisterToolsImageName" .)) | default (include "kan.kanisterToolsImage" .) }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s:k10-%s" (.Values.global.airgapped.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
{{- else }}
{{- printf "%s/%s/%s:%s" (.Values.kanisterToolsImage.registry) (.Values.kanisterToolsImage.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
{{- end }}
{{- else }}
{{- printf "%s" (get .Values.global.images "kanister-tools") -}}
{{- end }}
{{- end }} {{- end }}
{{- define "kan.kanisterToolsImage" -}}
{{- printf "%s:%s" (include "kan.kanisterToolsImageRepo" .) (include "kan.kanisterToolsImageTag" .) }}
{{- end -}}
{{- define "kan.kanisterToolsImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "kan.kanisterToolsImageName" .) }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "kan.kanisterToolsImageName" .) }}
{{- end }}
{{- end -}}
{{- define "kan.kanisterToolsImageName" -}}
{{- printf "kanister-tools" }}
{{- end -}}
{{- define "kan.kanisterToolsImageTag" -}}
{{- include "get.k10ImageTag" . }}
{{- end -}}
{{/* {{/*
Check if Google creds are specified Check if Google creds are specified
*/}} */}}
@ -869,6 +880,13 @@ running in the same cluster.
{{- end }} {{- end }}
{{- end -}} {{- end -}}
{{/* Used to verify if Ironbank is enabled */}}
{{- define "ironbank.enabled" -}}
{{- if (.Values.global.ironbank | default dict).enabled -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/* Get the K10 image tag. Fails if not set correctly */}} {{/* Get the K10 image tag. Fails if not set correctly */}}
{{- define "get.k10ImageTag" -}} {{- define "get.k10ImageTag" -}}
{{- $imageTag := coalesce .Values.global.image.tag (include "k10.imageTag" .) }} {{- $imageTag := coalesce .Values.global.image.tag (include "k10.imageTag" .) }}
@ -899,6 +917,26 @@ running in the same cluster.
{{- printf "init" }} {{- printf "init" }}
{{- end -}} {{- end -}}
{{- define "k10.cephtool.getImage" -}}
{{- (get .Values.global.images (include "k10.cephtool.ImageName" .)) | default (include "k10.cephtool.Image" .) }}
{{- end -}}
{{- define "k10.cephtool.Image" -}}
{{- printf "%s:%s" (include "k10.cephtool.ImageRepo" .) (include "get.k10ImageTag" .) }}
{{- end -}}
{{- define "k10.cephtool.ImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.cephtool.ImageName" .) }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "k10.cephtool.ImageName" .) }}
{{- end }}
{{- end -}}
{{- define "k10.cephtool.ImageName" -}}
{{- printf "cephtool" }}
{{- end -}}
{{- define "k10.splitImage" -}} {{- define "k10.splitImage" -}}
{{- $split_repo_tag_and_hash := .image | splitList "@" -}} {{- $split_repo_tag_and_hash := .image | splitList "@" -}}
{{- $split_repo_and_tag := $split_repo_tag_and_hash | first | splitList ":" -}} {{- $split_repo_and_tag := $split_repo_tag_and_hash | first | splitList ":" -}}
@ -930,3 +968,51 @@ running in the same cluster.
) | toJson ) | toJson
-}} -}}
{{- end -}} {{- end -}}
{{/* Fail if Ironbank is enabled and images we don't support are turned on */}}
{{- define "k10.fail.ironbankRHMarketplace" -}}
{{- if and (include "ironbank.enabled" .) (.Values.global.rhMarketPlace) -}}
{{- fail "global.ironbank.enabled and global.rhMarketPlace cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if Ironbank is enabled and images we don't support are turned on */}}
{{- define "k10.fail.ironbankGrafana" -}}
{{- if (include "ironbank.enabled" .) -}}
{{- range $key, $value := .Values.grafana.sidecar -}}
{{/*
https://go.dev/doc/go1.18: the "and" used to evaluate all conditions and not terminate early
if a predicate was met, so we must have the below as their own conditional for any customers
used go version < 1.18.
*/}}
{{- if kindIs "map" $value -}}
{{- if hasKey $value "enabled" -}}
{{- if $value.enabled -}}
{{- fail (printf "Ironbank deployment does not support grafana sidecar %s" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Fail if Ironbank is enabled and images we don't support are turned on */}}
{{- define "k10.fail.ironbankPrometheus" -}}
{{- if (include "ironbank.enabled" .) -}}
{{- $prometheusDict := pick .Values.prometheus "alertmanager" "kube-state-metrics" "prometheus-node-exporter" "prometheus-pushgateway" -}}
{{- range $key, $value := $prometheusDict -}}
{{/*
https://go.dev/doc/go1.18: the "and" used to evaluate all conditions and not terminate early
if a predicate was met, so we must have the below as their own conditional for any customers
used go version < 1.18.
*/}}
{{- if kindIs "map" $value -}}
{{- if hasKey $value "enabled" -}}
{{- if $value.enabled -}}
{{- fail (printf "Ironbank deployment does not support prometheus %s" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

15
charts/kasten/k10/templates/_k10_container.tpl
View File

@ -224,6 +224,14 @@ stating that types are not same for the equality check
name: k10-config name: k10-config
key: clustername key: clustername
{{- end }} {{- end }}
{{- with $capabilities := include "k10.capabilities" . }}
- name: K10_CAPABILITIES
value: {{ $capabilities | quote }}
{{- end }}
{{- with $capabilities_mask := include "k10.capabilities_mask" . }}
- name: K10_CAPABILITIES_MASK
value: {{ $capabilities_mask | quote }}
{{- end }}
{{- if eq $service "controllermanager" }} {{- if eq $service "controllermanager" }}
- name: K10_STATEFUL - name: K10_STATEFUL
value: "{{ .Values.global.persistence.enabled }}" value: "{{ .Values.global.persistence.enabled }}"
@ -512,13 +520,11 @@ stating that types are not same for the equality check
name: k10-token-auth name: k10-token-auth
key: auth key: auth
{{- end }} {{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
- name: KANISTER_TOOLS - name: KANISTER_TOOLS
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
name: k10-config name: k10-config
key: overwriteKanisterTools key: KanisterToolsImage
{{- end }}
{{- if eq (include "check.cacertconfigmap" .) "true" }} {{- if eq (include "check.cacertconfigmap" .) "true" }}
- name: CACERT_CONFIGMAP_NAME - name: CACERT_CONFIGMAP_NAME
value: {{ .Values.cacertconfigmap.name }} value: {{ .Values.cacertconfigmap.name }}
@ -658,8 +664,9 @@ stating that types are not same for the equality check
{{- if .Values.toolsImage.enabled }} {{- if .Values.toolsImage.enabled }}
{{- if eq $service "executor" }} {{- if eq $service "executor" }}
- name: tools - name: tools
{{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
imagePullPolicy: {{ .Values.toolsImage.pullPolicy }} imagePullPolicy: {{ .Values.toolsImage.pullPolicy }}
{{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
command: ["tail", "-f", "/dev/null"]
{{- $podName := (printf "%s-svc" $service) }} {{- $podName := (printf "%s-svc" $service) }}
{{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "tools" | include "k10.resource.request" | indent 8}} {{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "tools" | include "k10.resource.request" | indent 8}}
{{- end }} {{- end }}

2
charts/kasten/k10/templates/_k10_image_tag.tpl
View File

@ -1 +1 @@
{{- define "k10.imageTag" -}}6.0.9{{- end -}} {{- define "k10.imageTag" -}}6.0.11{{- end -}}

20
charts/kasten/k10/templates/_k10_metering.tpl
View File

@ -170,6 +170,11 @@ spec:
configMapKeyRef: configMapKeyRef:
name: k10-config name: k10-config
key: version key: version
- name: KANISTER_TOOLS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterToolsImage
{{- if .Values.clusterName }} {{- if .Values.clusterName }}
- name: CLUSTER_NAME - name: CLUSTER_NAME
valueFrom: valueFrom:
@ -177,6 +182,14 @@ spec:
name: k10-config name: k10-config
key: clustername key: clustername
{{- end }} {{- end }}
{{- with $capabilities := include "k10.capabilities" . }}
- name: K10_CAPABILITIES
value: {{ $capabilities | quote }}
{{- end }}
{{- with $capabilities_mask := include "k10.capabilities_mask" . }}
- name: K10_CAPABILITIES_MASK
value: {{ $capabilities_mask | quote }}
{{- end }}
- name: LOG_LEVEL - name: LOG_LEVEL
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
@ -207,13 +220,6 @@ spec:
- name: NODE_USAGE_STORE - name: NODE_USAGE_STORE
value: /tmp/reports/node_usage_history value: /tmp/reports/node_usage_history
{{- end }} {{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
- name: KANISTER_TOOLS
valueFrom:
configMapKeyRef:
name: k10-config
key: overwriteKanisterTools
{{- end }}
{{- if .Values.metering.awsRegion }} {{- if .Values.metering.awsRegion }}
- name: AWS_REGION - name: AWS_REGION
value: {{ .Values.metering.awsRegion }} value: {{ .Values.metering.awsRegion }}

10
charts/kasten/k10/templates/_k10_serviceimage.tpl
View File

@ -3,7 +3,6 @@ Helper to get k10 service image
The details on how these image are being generated The details on how these image are being generated
is in below issue is in below issue
https://kasten.atlassian.net/browse/K10-4036 https://kasten.atlassian.net/browse/K10-4036
Using substr to remove repo from ambassadorImage
*/}} */}}
{{- define "serviceImage" -}} {{- define "serviceImage" -}}
{{/* {{/*
@ -20,13 +19,14 @@ value that is specified.
{{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.airgapped.repository "/" .k10_service ":" }} {{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.airgapped.repository "/" .k10_service ":" }}
{{- else }} {{- else }}
{{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.image.registry "/" .k10_service ":" }} {{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.image.registry "/" .k10_service ":" }}
{{- if eq .k10_service "cephtool"}}
{{- $serviceImage = include "k10.cephtool.getImage" .main }}
{{- end }}
{{- end }}{{/* if .main.Values.global.airgapped.repository */}} {{- end }}{{/* if .main.Values.global.airgapped.repository */}}
{{- $serviceImageKey := print (replace "-" "" .k10_service) "Image" }} {{- $serviceImageKey := print (replace "-" "" .k10_service) "Image" }}
{{- if eq $serviceImageKey "ambassadorImage" }} {{- if eq $serviceImageKey "dexImage" }}
{{- $tagFromDefs = (include "k10.ambassadorImageTag" .) }}
{{- else if eq $serviceImageKey "dexImage" }}
{{- $tagFromDefs = (include "dex.dexImageTag" .) }} {{- $tagFromDefs = (include "dex.dexImageTag" .) }}
{{- end }}{{/* if eq $serviceImageKey "ambassadorImage" */}} {{- end }}{{/* if eq $serviceImageKey "dexImage" */}}
{{- if index .main.Values $serviceImageKey }} {{- if index .main.Values $serviceImageKey }}
{{- $service_values := index .main.Values $serviceImageKey }} {{- $service_values := index .main.Values $serviceImageKey }}
{{- if .main.Values.global.airgapped.repository }} {{- if .main.Values.global.airgapped.repository }}

7
charts/kasten/k10/templates/ironbank.tpl Normal file
View File

@ -0,0 +1,7 @@
{{/*
This file is used to fail the helm deployment if certain values are set which are
not compatible with an Ironbank deployment.
*/}}
{{- include "k10.fail.ironbankRHMarketplace" . -}}
{{- include "k10.fail.ironbankGrafana" . -}}
{{- include "k10.fail.ironbankPrometheus" . -}}

6
charts/kasten/k10/templates/k10-config.yaml
View File

@ -35,6 +35,7 @@ data:
KanisterPodMetricSidecarEnabled: {{ .Values.kanisterPodMetricSidecar.enabled | quote }} KanisterPodMetricSidecarEnabled: {{ .Values.kanisterPodMetricSidecar.enabled | quote }}
KanisterPodMetricSidecarMetricLifetime: {{ .Values.kanisterPodMetricSidecar.metricLifetime | quote }} KanisterPodMetricSidecarMetricLifetime: {{ .Values.kanisterPodMetricSidecar.metricLifetime | quote }}
KanisterPodPushgatewayMetricsInterval: {{ .Values.kanisterPodMetricSidecar.pushGatewayInterval | quote }} KanisterPodPushgatewayMetricsInterval: {{ .Values.kanisterPodMetricSidecar.pushGatewayInterval | quote }}
KanisterToolsImage: {{ include "get.kanisterToolsImage" . | quote }}
K10MutatingWebhookTLSCertDir: "/etc/ssl/certs/webhook" K10MutatingWebhookTLSCertDir: "/etc/ssl/certs/webhook"
K10LimiterGenericVolumeSnapshots: {{ default (include "k10.defaultK10LimiterGenericVolumeSnapshots" .) .Values.limiter.genericVolumeSnapshots | quote }} K10LimiterGenericVolumeSnapshots: {{ default (include "k10.defaultK10LimiterGenericVolumeSnapshots" .) .Values.limiter.genericVolumeSnapshots | quote }}
@ -79,11 +80,6 @@ data:
{{- else }} {{- else }}
kanisterFunctionVersion: {{ quote "v1.0.0-alpha" }} kanisterFunctionVersion: {{ quote "v1.0.0-alpha" }}
{{- end }} {{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
{{- if (include "get.kanisterToolsImage" .) }}
overwriteKanisterTools: {{ include "get.kanisterToolsImage" .}}
{{- end }}
{{- end }}
{{- include "kanisterToolsResources" . | indent 2 }} {{- include "kanisterToolsResources" . | indent 2 }}
{{ if .Values.features }} {{ if .Values.features }}

6
charts/kasten/k10/values.schema.json
View File

@ -236,12 +236,6 @@
"title": "Aggregatedapis service container image", "title": "Aggregatedapis service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'" "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
}, },
"ambassador": {
"type": "string",
"default": "",
"title": "Ambassador service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"auth": { "auth": {
"type": "string", "type": "string",
"default": "", "default": "",

2
charts/kasten/k10/values.yaml
View File

@ -61,7 +61,6 @@ global:
images: images:
admin: '' admin: ''
aggregatedapis: '' aggregatedapis: ''
ambassador: ''
auth: '' auth: ''
bloblifecyclemanager: '' bloblifecyclemanager: ''
catalog: '' catalog: ''
@ -100,7 +99,6 @@ global:
network: network:
enable_ipv6: false enable_ipv6: false
## OpenShift route configuration. ## OpenShift route configuration.
route: route:
enabled: false enabled: false

4
charts/kubecost/cost-analyzer/Chart.yaml
View File

@ -7,7 +7,7 @@ annotations:
catalog.cattle.io/featured: "1" catalog.cattle.io/featured: "1"
catalog.cattle.io/release-name: cost-analyzer catalog.cattle.io/release-name: cost-analyzer
apiVersion: v2 apiVersion: v2
appVersion: 1.106.3 appVersion: 1.106.4
dependencies: dependencies:
- condition: global.grafana.enabled - condition: global.grafana.enabled
name: grafana name: grafana
@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni
cloud costs. cloud costs.
icon: https://partner-charts.rancher.io/assets/logos/kubecost.png icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
name: cost-analyzer name: cost-analyzer
version: 1.106.3 version: 1.106.4

4
charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml
View File

@ -20,6 +20,10 @@ spec:
metadata: metadata:
labels: labels:
app: awsstore app: awsstore
{{- with .Values.global.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
serviceAccountName: awsstore-serviceaccount serviceAccountName: awsstore-serviceaccount
{{- if .Values.awsstore.priorityClassName }} {{- if .Values.awsstore.priorityClassName }}

8
charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
View File

@ -44,12 +44,10 @@ spec:
{{- if and .Values.kubecostDeployment .Values.kubecostDeployment.labels }} {{- if and .Values.kubecostDeployment .Values.kubecostDeployment.labels }}
{{- toYaml .Values.kubecostDeployment.labels | nindent 8 }} {{- toYaml .Values.kubecostDeployment.labels | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.global.podAnnotations}} {{- with .Values.global.podAnnotations}}
annotations: annotations:
{{- with .Values.global.podAnnotations }} {{- toYaml . | nindent 8 }}
{{ toYaml . | indent 8 }} {{- end }}
{{- end }}
{{- end }}
spec: spec:
{{- if .Values.kubecostFrontend.tls }} {{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }} {{- if .Values.kubecostFrontend.tls.enabled }}

4
charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml
View File

@ -19,6 +19,10 @@ spec:
metadata: metadata:
labels: labels:
{{- include "federator.selectorLabels" . | nindent 8 }} {{- include "federator.selectorLabels" . | nindent 8 }}
{{- with .Values.global.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
containers: containers:
- name: federator - name: federator

8
charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml
View File

@ -32,12 +32,10 @@ spec:
{{- with .Values.kubecostMetrics.exporter.labels }} {{- with .Values.kubecostMetrics.exporter.labels }}
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.global.podAnnotations }} {{- with .Values.global.podAnnotations}}
annotations: annotations:
{{- with .Values.global.podAnnotations }} {{- toYaml . | nindent 8 }}
{{ toYaml . | indent 8 }} {{- end }}
{{- end }}
{{- end }}
spec: spec:
{{- if .Values.kubecostFrontend.tls }} {{- if .Values.kubecostFrontend.tls }}
{{- if .Values.kubecostFrontend.tls.enabled }} {{- if .Values.kubecostFrontend.tls.enabled }}

4
charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml
View File

@ -38,6 +38,10 @@ spec:
app.kubernetes.io/name: query-service app.kubernetes.io/name: query-service
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app: query-service app: query-service
{{- with .Values.global.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
restartPolicy: Always restartPolicy: Always

2
charts/loft/loft/Chart.yaml
View File

@ -28,4 +28,4 @@ name: loft
sources: sources:
- https://github.com/loft-sh/loft - https://github.com/loft-sh/loft
type: application type: application
version: 3.2.4 version: 3.3.0

64
charts/loft/loft/templates/_helpers.tpl
View File

@ -1,10 +1,4 @@
{{/* vim: set filetype=mustache: */}} {{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "loft.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
@ -12,38 +6,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
If release name contains chart name it will be used as a full name. If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "loft.fullname" -}} {{- define "loft.fullname" -}}
{{- if .Values.fullnameOverride -}} {{- printf "loft" -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "loft.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "loft.labels" -}}
app.kubernetes.io/name: {{ include "loft.name" . }}
helm.sh/chart: {{ include "loft.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- else }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}} {{- end -}}
{{/* {{/*
@ -58,17 +21,22 @@ Create the name of the service account to use
{{- end -}} {{- end -}}
{{/* {{/*
Get access key for invite link Default image name for a given product
*/}} */}}
{{- $}} {{- define "loft.defaultImage" -}}
{{- define "loft.admin.accessKey" -}} {{- printf "ghcr.io/loft-sh/loft:%s" .Chart.Version -}}
{{- now | unixEpoch | toString | trunc 8 | sha256sum -}}
{{- end -}} {{- end -}}
{{/* {{- define "loft.image" -}}
Get loft admin user username {{- if .Values.product -}}
*/}} {{- if eq .Values.product "vcluster-pro" -}}
{{- $}} {{- printf "ghcr.io/loft-sh/vcluster-control-plane:%s" .Chart.Version -}}
{{- define "loft.admin.name" -}} {{- else if eq .Values.product "devpod-pro" -}}
admin {{- printf "ghcr.io/loft-sh/devpod-pro:%s" .Chart.Version -}}
{{- else -}}
{{ include "loft.defaultImage" . }}
{{- end -}}
{{- else -}}
{{ include "loft.defaultImage" . }}
{{- end -}}
{{- end -}} {{- end -}}

24
charts/loft/loft/templates/apiservice.yaml
View File

@ -1,5 +1,6 @@
{{- if .Values.apiservice }} {{- if .Values.apiservice }}
{{- if .Values.apiservice.create }} {{- if .Values.apiservice.create }}
{{- if not .Values.agentOnly }}
apiVersion: apiregistration.k8s.io/v1 apiVersion: apiregistration.k8s.io/v1
kind: APIService kind: APIService
metadata: metadata:
@ -32,5 +33,26 @@ spec:
selector: selector:
app: {{ template "loft.fullname" . }} app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
---
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: loft-apiservice-agent
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
ports:
- name: apiservice
port: 443
targetPort: 9444
protocol: TCP
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}
{{- end }}
{{- end }} {{- end }}
{{- end }}

68
charts/loft/loft/templates/deployment.yaml
View File

@ -54,28 +54,31 @@ spec:
{{- if .Values.volumes }} {{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }} {{ toYaml .Values.volumes | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.audit }} {{- if or (and .Values.persistence .Values.persistence.enabled) (and .Values.audit .Values.audit.persistence.enabled) }}
{{- if .Values.audit.persistence.enabled }} - name: loft-data
- name: audit-log persistentVolumeClaim:
persistentVolumeClaim: claimName: {{ template "loft.fullname" . }}-audit
claimName: {{ template "loft.fullname" . }}-audit {{- else }}
{{- else if .Values.audit.enableSideCar }} - name: loft-data
- name: audit-log emptyDir: {}
emptyDir: {}
{{- end }}
{{- end }} {{- end }}
containers: containers:
- name: manager - name: manager
{{- if .Values.image }} {{- if .Values.agentOnly }}
image: "{{ .Values.image }}" command: ["loft", "agent"]
{{- else }}
image: "ghcr.io/loft-sh/loft:{{ .Chart.Version }}"
{{- end }} {{- end }}
image: {{ default (include "loft.image" .) .Values.image }}
ports: ports:
- name: http {{- if not .Values.agentOnly }}
containerPort: 8080 - name: http
- name: https containerPort: 8080
containerPort: 10443 - name: https
containerPort: 10443
{{- end }}
- name: https-webhook
containerPort: 9443
- name: http-wakeup
containerPort: 9090
{{- if .Values.livenessProbe }} {{- if .Values.livenessProbe }}
{{- if .Values.livenessProbe.enabled }} {{- if .Values.livenessProbe.enabled }}
livenessProbe: livenessProbe:
@ -105,6 +108,10 @@ spec:
- name: ADMIN_PASSWORD_HASH - name: ADMIN_PASSWORD_HASH
value: {{ .Values.admin.password | sha256sum | quote }} value: {{ .Values.admin.password | sha256sum | quote }}
{{- end }} {{- end }}
{{- if (gt (int .Values.replicaCount) 1) }}
- name: LEADER_ELECTION_ENABLED
value: "true"
{{- end }}
{{- range $key, $value := .Values.envValueFrom }} {{- range $key, $value := .Values.envValueFrom }}
- name: {{ $key | quote }} - name: {{ $key | quote }}
valueFrom: valueFrom:
@ -124,6 +131,12 @@ spec:
key: {{ .Values.tls.keyKey }} key: {{ .Values.tls.keyKey }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.logging }}
- name: LOFT_LOG_ENCODING
value: {{ default "console" .Values.logging.encoding }}
- name: LOFT_LOG_LEVEL
value: {{ default "info" .Values.logging.level }}
{{- end }}
{{- range $key, $value := .Values.env }} {{- range $key, $value := .Values.env }}
- name: {{ $key | quote }} - name: {{ $key | quote }}
value: {{ $value | quote }} value: {{ $value | quote }}
@ -132,12 +145,8 @@ spec:
{{- if .Values.volumeMounts }} {{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 10 }} {{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }} {{- end }}
{{- if .Values.audit }} - mountPath: /var/lib/loft
{{- if or .Values.audit.enableSideCar .Values.audit.persistence.enabled }} name: loft-data
- mountPath: /var/log/loft
name: audit-log
{{- end }}
{{- end }}
resources: resources:
{{ toYaml .Values.resources | indent 10 }} {{ toYaml .Values.resources | indent 10 }}
{{- if .Values.securityContext }} {{- if .Values.securityContext }}
@ -147,18 +156,23 @@ spec:
capabilities: capabilities:
drop: drop:
- ALL - ALL
{{- if .Values.securityContext.runAsRoot }}
runAsUser: 0
runAsGroup: 0
{{- else }}
runAsNonRoot: true runAsNonRoot: true
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.audit }} {{- if .Values.audit }}
{{- if .Values.audit.enableSideCar }} {{- if .Values.audit.enableSideCar }}
- name: audit - name: audit
image: "{{ .Values.audit.image }}" image: "{{ .Values.audit.image }}"
command: ["sh"] command: ["sh"]
args: ["-c", "touch /var/log/loft/audit.log && tail -F /var/log/loft/audit.log"] args: ["-c", "touch /var/lib/loft/audit.log && tail -F /var/lib/loft/audit.log"]
volumeMounts: volumeMounts:
- mountPath: /var/log/loft - mountPath: /var/lib/loft
name: audit-log name: loft-data
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.nodeSelector }} {{- if .Values.nodeSelector }}
@ -172,4 +186,4 @@ spec:
{{- if .Values.tolerations }} {{- if .Values.tolerations }}
tolerations: tolerations:
{{ toYaml .Values.tolerations | indent 8 }} {{ toYaml .Values.tolerations | indent 8 }}
{{- end }} {{- end }}

25
charts/loft/loft/templates/ingress-wakeup-service.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
name: loft-ingress-wakeup-agent
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
loft.sh/service: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
{{- if .Values.agentOnly }}
type: {{ .Values.service.type }}
{{- else }}
type: ClusterIP
{{- end }}
ports:
- name: http-wakeup
port: 9090
targetPort: 9090
protocol: TCP
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}

4
charts/loft/loft/templates/ingress.yaml
View File

@ -17,7 +17,6 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
annotations: annotations:
kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }}
nginx.ingress.kubernetes.io/proxy-read-timeout: "43200" nginx.ingress.kubernetes.io/proxy-read-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-send-timeout: "43200" nginx.ingress.kubernetes.io/proxy-send-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k" nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k"
@ -30,6 +29,7 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
ingressClassName: {{ .Values.ingress.ingressClass }}
rules: rules:
- host: {{ .Values.ingress.host }} - host: {{ .Values.ingress.host }}
http: http:
@ -53,4 +53,4 @@ spec:
- {{ .Values.ingress.host }} - {{ .Values.ingress.host }}
secretName: {{ .Values.ingress.tls.secret }} secretName: {{ .Values.ingress.tls.secret }}
{{- end }} {{- end }}
{{- end }} {{- end }}

24
charts/loft/loft/templates/pvc.yaml
View File

@ -1,5 +1,4 @@
{{- if .Values.audit }} {{- if and .Values.audit .Values.audit.persistence.enabled }}
{{- if .Values.audit.persistence.enabled }}
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
@ -19,5 +18,24 @@ spec:
resources: resources:
requests: requests:
storage: {{ .Values.audit.persistence.size }} storage: {{ .Values.audit.persistence.size }}
{{- else if and .Values.persistence .Values.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "loft.fullname" . }}-audit
{{- if .Values.commonAnnotations }}
annotations:
{{- toYaml .Values.commonAnnotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.persistence.accessModes }}
accessModes:
{{ toYaml .Values.persistence.accessModes | indent 4 }}
{{- else }}
accessModes: ["ReadWriteOnce"]
{{- end }}
storageClassName: {{ .Values.persistence.storageClassName }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- end }} {{- end }}
{{- end }}

6
charts/loft/loft/templates/service.yaml
View File

@ -1,3 +1,4 @@
{{- if not .Values.agentOnly }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -6,7 +7,7 @@ metadata:
labels: labels:
app: {{ template "loft.fullname" . }} app: {{ template "loft.fullname" . }}
loft.sh/service: {{ template "loft.fullname" . }} loft.sh/service: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" chart: "{{ .Chart.Name }}"
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}" heritage: "{{ .Release.Service }}"
{{- with .Values.service.labels }} {{- with .Values.service.labels }}
@ -36,4 +37,5 @@ spec:
protocol: TCP protocol: TCP
selector: selector:
app: {{ template "loft.fullname" . }} app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More