andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  aquarist-labs/s3gw:
    - 0.22.0
  bitnami/airflow:
    - 16.0.7
  bitnami/mariadb:
    - 14.1.0
  bitnami/mysql:
    - 9.14.1
  bitnami/wordpress:
    - 18.0.10
  datadog/datadog:
    - 3.42.0
  jfrog/artifactory-ha:
    - 107.71.3
  jfrog/artifactory-jcr:
    - 107.71.3
  kasten/k10:
    - 6.0.11
  kubecost/cost-analyzer:
    - 1.106.4
  loft/loft:
    - 3.3.0
  new-relic/nri-bundle:
    - 5.0.42
  speedscale/speedscale-operator:
    - 1.3.44
  sysdig/sysdig:
    - 1.16.19
  yugabyte/yugabyte:
    - 2.18.4
  yugabyte/yugaware:
    - 2.18.4
```
pull/927/head
github-actions[bot] 2023-10-26 13:22:48 +00:00
parent 5ac54c92b8
commit b93e180bdd
129 changed files with 2023 additions and 874 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/aquarist-labs/s3gw-0.22.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/airflow-16.0.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-14.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.14.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-18.0.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.42.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.71.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.71.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-6.0.1101.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.3.tgz
View File

Binary file not shown.

BIN
assets/kubecost/cost-analyzer-1.106.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/loft/loft-3.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.42.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.3.44.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.16.19.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.18.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2.18.4.tgz Normal file
View File

Binary file not shown.

2
charts/aquarist-labs/s3gw/Chart.yaml
View File

@ -35,4 +35,4 @@ sources:
- https://github.com/aquarist-labs/s3gw-cosi-driver
- https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar
type: application
version: 0.21.0
version: 0.22.0

8
charts/bitnami/airflow/Chart.lock
View File

@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.1.5
version: 18.1.6
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.1.5
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2
digest: sha256:5b0157324635d8a3daca94e01d702a13f41b14d81250b29486b5512db2d6b2e5
generated: "2023-10-14T17:55:52.376439601Z"
version: 2.13.3
digest: sha256:997c8924637ccceb54891a37f5a10b84c97192f805079f1407d704ccaa64ed41
generated: "2023-10-24T20:41:28.772039309Z"

6
charts/bitnami/airflow/Chart.yaml
View File

@ -10,9 +10,9 @@ annotations:
- name: airflow-scheduler
image: docker.io/bitnami/airflow-scheduler:2.7.2-debian-11-r0
- name: airflow-worker
image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r0
image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r1
- name: airflow
image: docker.io/bitnami/airflow:2.7.2-debian-11-r0
image: docker.io/bitnami/airflow:2.7.2-debian-11-r1
- name: git
image: docker.io/bitnami/git:2.42.0-debian-11-r45
- name: os-shell
@ -50,4 +50,4 @@ maintainers:
name: airflow
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
version: 16.0.6
version: 16.0.7

59
charts/bitnami/airflow/README.md
View File

@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/airflow
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
## Introduction
This chart bootstraps an [Apache Airflow](https://github.com/bitnami/containers/tree/main/bitnami/airflow) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use Apache Airflow in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use Apache Airflow in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -32,9 +34,11 @@ Looking to use Apache Airflow in production? Try [VMware Application Catalog](ht
To install the chart with the release name `my-release`:
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/airflow
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
These commands deploy Airflow on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@ -77,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow common parameters
| Name | Description | Value |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `auth.username` | Username to access web UI | `user` |
| `auth.password` | Password to access web UI | `""` |
| `auth.fernetKey` | Fernet key to secure connections | `""` |
@ -88,9 +92,8 @@ The command removes all the Kubernetes components associated with the chart and
| `configuration` | Specify content for Airflow config file (auto-generated based on other env. vars otherwise) | `""` |
| `existingConfigmap` | Name of an existing ConfigMap with the Airflow config file | `""` |
| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` |
| `dags.image.registry` | Init container load-dags image registry | `docker.io` |
| `dags.image.repository` | Init container load-dags image repository | `bitnami/os-shell` |
| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `dags.image.registry` | Init container load-dags image registry | `REGISTRY_NAME` |
| `dags.image.repository` | Init container load-dags image repository | `REPOSITORY_NAME/os-shell` |
| `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` |
| `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` |
@ -106,10 +109,9 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow web parameters
| Name | Description | Value |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- |
| `web.image.registry` | Airflow image registry | `docker.io` |
| `web.image.repository` | Airflow image repository | `bitnami/airflow` |
| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
@ -181,10 +183,9 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow scheduler parameters
| Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` |
| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
@ -235,10 +236,9 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow worker parameters
| Name | Description | Value |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
| `worker.image.registry` | Airflow Worker image registry | `docker.io` |
| `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` |
| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.7.2-debian-11-r1` |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
@ -315,10 +315,9 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow git sync parameters
| Name | Description | Value |
| ------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------- |
| `git.image.registry` | Git image registry | `docker.io` |
| `git.image.repository` | Git image repository | `bitnami/git` |
| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.42.0-debian-11-r45` |
| ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
| `git.image.registry` | Git image registry | `REGISTRY_NAME` |
| `git.image.repository` | Git image repository | `REPOSITORY_NAME/git` |
| `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
| `git.image.pullSecrets` | Git image pull secrets | `[]` |
@ -406,11 +405,10 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow metrics parameters
| Name | Description | Value |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------- |
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
| `metrics.image.registry` | Airflow exporter image registry | `docker.io` |
| `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` |
| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r438` |
| `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
| `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
@ -491,9 +489,11 @@ helm install my-release \
--set auth.password=my-passsword \
--set auth.fernetKey=my-fernet-key \
--set auth.secretKey=my-secret-key \
oci://registry-1.docker.io/bitnamicharts/airflow
oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The above command sets the credentials to access the Airflow web UI.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@ -501,9 +501,10 @@ The above command sets the credentials to access the Airflow web UI.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/airflow
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/airflow
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details

4
charts/bitnami/airflow/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.2
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.2
version: 2.13.3

4
charts/bitnami/airflow/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- Kubernetes 1.23+
- Helm 3.8.0+
## Parameters

4
charts/bitnami/airflow/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/*
Returns true if AdmissionConfiguration is supported
*/}}
{{- define "common.capabilities.admisionConfiguration.supported" -}}
{{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/*
Return the appropriate apiVersion for AdmissionConfiguration.
*/}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

6
charts/bitnami/airflow/charts/redis/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
generated: "2023-10-07T00:54:22.108613108Z"
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-19T12:32:36.790999138Z"

8
charts/bitnami/airflow/charts/redis/Chart.yaml
View File

@ -6,12 +6,12 @@ annotations:
- name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
- name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r26
image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0
- name: redis
image: docker.io/bitnami/redis:7.2.1-debian-11-r26
image: docker.io/bitnami/redis:7.2.2-debian-11-r0
licenses: Apache-2.0
apiVersion: v2
appVersion: 7.2.1
appVersion: 7.2.2
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
@ -33,4 +33,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.1.5
version: 18.1.6

6
charts/bitnami/airflow/charts/redis/README.md
View File

@ -98,10 +98,10 @@ The command removes all the Kubernetes components associated with the chart and
### Redis&reg; Image parameters
| Name | Description | Value |
| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
| ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | Redis&reg; image registry | `docker.io` |
| `image.repository` | Redis&reg; image repository | `bitnami/redis` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` |
| `image.tag` | Redis&reg; image tag (immutable tags are recommended) | `7.2.2-debian-11-r0` |
| `image.digest` | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Redis&reg; image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Redis&reg; image pull secrets | `[]` |
@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.enabled` | Use Redis&reg; Sentinel on Redis&reg; pods. | `false` |
| `sentinel.image.registry` | Redis&reg; Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis&reg; Sentinel image repository | `bitnami/redis-sentinel` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` |
| `sentinel.image.tag` | Redis&reg; Sentinel image tag (immutable tags are recommended) | `7.2.2-debian-11-r0` |
| `sentinel.image.digest` | Redis&reg; Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sentinel.image.pullPolicy` | Redis&reg; Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis&reg; Sentinel image pull secrets | `[]` |

4
charts/bitnami/airflow/charts/redis/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.2
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.2
version: 2.13.3

4
charts/bitnami/airflow/charts/redis/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- Kubernetes 1.23+
- Helm 3.8.0+
## Parameters

4
charts/bitnami/airflow/charts/redis/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/*
Returns true if AdmissionConfiguration is supported
*/}}
{{- define "common.capabilities.admisionConfiguration.supported" -}}
{{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/*
Return the appropriate apiVersion for AdmissionConfiguration.
*/}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

4
charts/bitnami/airflow/charts/redis/values.yaml
View File

@ -91,7 +91,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
tag: 7.2.1-debian-11-r26
tag: 7.2.2-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1056,7 +1056,7 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
tag: 7.2.1-debian-11-r26
tag: 7.2.2-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

38
charts/bitnami/airflow/values.yaml
View File

@ -111,9 +111,9 @@ dags:
existingConfigmap: ""
## OS Shell + Utility image
## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
## @param dags.image.registry Init container load-dags image registry
## @param dags.image.repository Init container load-dags image repository
## @param dags.image.tag Init container load-dags image tag (immutable tags are recommended)
## @param dags.image.registry [default: REGISTRY_NAME] Init container load-dags image registry
## @param dags.image.repository [default: REPOSITORY_NAME/os-shell] Init container load-dags image repository
## @skip dags.image.tag Init container load-dags image tag (immutable tags are recommended)
## @param dags.image.digest Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param dags.image.pullPolicy Init container load-dags image pull policy
## @param dags.image.pullSecrets Init container load-dags image pull secrets
@ -178,9 +178,9 @@ extraVolumes: []
web:
## Bitnami Airflow image version
## ref: https://hub.docker.com/r/bitnami/airflow/tags/
## @param web.image.registry Airflow image registry
## @param web.image.repository Airflow image repository
## @param web.image.tag Airflow image tag (immutable tags are recommended)
## @param web.image.registry [default: REGISTRY_NAME] Airflow image registry
## @param web.image.repository [default: REPOSITORY_NAME/airflow] Airflow image repository
## @skip web.image.tag Airflow image tag (immutable tags are recommended)
## @param web.image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param web.image.pullPolicy Airflow image pull policy
## @param web.image.pullSecrets Airflow image pull secrets
@ -188,7 +188,7 @@ web:
image:
registry: docker.io
repository: bitnami/airflow
tag: 2.7.2-debian-11-r0
tag: 2.7.2-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -435,9 +435,9 @@ web:
scheduler:
## Bitnami Airflow Scheduler image version
## ref: https://hub.docker.com/r/bitnami/airflow-scheduler/tags/
## @param scheduler.image.registry Airflow Scheduler image registry
## @param scheduler.image.repository Airflow Scheduler image repository
## @param scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended)
## @param scheduler.image.registry [default: REGISTRY_NAME] Airflow Scheduler image registry
## @param scheduler.image.repository [default: REPOSITORY_NAME/airflow-scheduler] Airflow Scheduler image repository
## @skip scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended)
## @param scheduler.image.digest Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param scheduler.image.pullPolicy Airflow Scheduler image pull policy
## @param scheduler.image.pullSecrets Airflow Scheduler image pull secrets
@ -639,9 +639,9 @@ scheduler:
worker:
## Bitnami Airflow Worker image version
## ref: https://hub.docker.com/r/bitnami/airflow-worker/tags/
## @param worker.image.registry Airflow Worker image registry
## @param worker.image.repository Airflow Worker image repository
## @param worker.image.tag Airflow Worker image tag (immutable tags are recommended)
## @param worker.image.registry [default: REGISTRY_NAME] Airflow Worker image registry
## @param worker.image.repository [default: REPOSITORY_NAME/airflow-worker] Airflow Worker image repository
## @skip worker.image.tag Airflow Worker image tag (immutable tags are recommended)
## @param worker.image.digest Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param worker.image.pullPolicy Airflow Worker image pull policy
## @param worker.image.pullSecrets Airflow Worker image pull secrets
@ -913,9 +913,9 @@ worker:
git:
## Bitnami Git image version
## ref: https://hub.docker.com/r/bitnami/git/tags/
## @param git.image.registry Git image registry
## @param git.image.repository Git image repository
## @param git.image.tag Git image tag (immutable tags are recommended)
## @param git.image.registry [default: REGISTRY_NAME] Git image registry
## @param git.image.repository [default: REPOSITORY_NAME/git] Git image repository
## @skip git.image.tag Git image tag (immutable tags are recommended)
## @param git.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param git.image.pullPolicy Git image pull policy
## @param git.image.pullSecrets Git image pull secrets
@ -1276,9 +1276,9 @@ metrics:
enabled: false
## Bitnami Airflow exporter image
## ref: https://hub.docker.com/r/bitnami/airflow-exporter/tags/
## @param metrics.image.registry Airflow exporter image registry
## @param metrics.image.repository Airflow exporter image repository
## @param metrics.image.tag Airflow exporter image tag (immutable tags are recommended)
## @param metrics.image.registry [default: REGISTRY_NAME] Airflow exporter image registry
## @param metrics.image.repository [default: REPOSITORY_NAME/airflow-exporter] Airflow exporter image repository
## @skip metrics.image.tag Airflow exporter image tag (immutable tags are recommended)
## @param metrics.image.digest Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy Airflow exporter image pull policy
## @param metrics.image.pullSecrets Airflow exporter image pull secrets

2
charts/bitnami/mariadb/Chart.yaml
View File

@ -37,4 +37,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 14.0.3
version: 14.1.0

10
charts/bitnami/mariadb/README.md
View File

@ -24,7 +24,7 @@ MariaDB is developed as open source software and as a relational database it pro
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |

22
charts/bitnami/mariadb/values.yaml
View File

@ -325,6 +325,8 @@ primary:
## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
@ -332,6 +334,10 @@ primary:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -721,6 +727,8 @@ secondary:
## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
@ -728,6 +736,10 @@ secondary:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -1104,8 +1116,12 @@ metrics:
## MariaDB metrics container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## Example:
## containerSecurityContext:
## enabled: true
@ -1116,7 +1132,13 @@ metrics:
containerSecurityContext:
enabled: false
privileged: false
runAsNonRoot: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Mysqld Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious

6
charts/bitnami/mysql/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.2
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
generated: "2023-10-12T15:20:38.409783798Z"
version: 2.13.3
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
generated: "2023-10-25T13:36:31.889996785Z"

6
charts/bitnami/mysql/Chart.yaml
View File

@ -6,14 +6,14 @@ annotations:
category: Database
images: |
- name: mysql
image: docker.io/bitnami/mysql:8.0.34-debian-11-r75
image: docker.io/bitnami/mysql:8.0.35-debian-11-r0
- name: mysqld-exporter
image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90
licenses: Apache-2.0
apiVersion: v2
appVersion: 8.0.34
appVersion: 8.0.35
dependencies:
- name: common
repository: file://./charts/common
@ -36,4 +36,4 @@ maintainers:
name: mysql
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mysql
version: 9.13.0
version: 9.14.1

10
charts/bitnami/mysql/README.md
View File

@ -111,7 +111,7 @@ The command removes all the Kubernetes components associated with the chart and
### MySQL Primary parameters
| Name | Description | Value |
| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- |
| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` |
| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` |
@ -140,6 +140,9 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` |
| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` |
| `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set Client container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` |
| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` |
@ -200,7 +203,7 @@ The command removes all the Kubernetes components associated with the chart and
### MySQL Secondary parameters
| Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` |
| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` |
| `secondary.hostAliases` | Deployment pod host aliases | `[]` |
@ -230,6 +233,9 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` |
| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` |
| `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` |
| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` |

4
charts/bitnami/mysql/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.13.2
appVersion: 2.13.3
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.13.2
version: 2.13.3

4
charts/bitnami/mysql/charts/common/README.md
View File

@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- Kubernetes 1.23+
- Helm 3.8.0+
## Parameters

4
charts/bitnami/mysql/charts/common/templates/_capabilities.tpl
View File

@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
{{/*
Returns true if AdmissionConfiguration is supported
*/}}
{{- define "common.capabilities.admisionConfiguration.supported" -}}
{{- define "common.capabilities.admissionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
{{/*
Return the appropriate apiVersion for AdmissionConfiguration.
*/}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}

18
charts/bitnami/mysql/values.yaml
View File

@ -85,7 +85,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/mysql
tag: 8.0.34-debian-11-r75
tag: 8.0.35-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -320,11 +320,19 @@ primary:
## @param primary.containerSecurityContext.enabled MySQL primary container securityContext
## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container
## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
## @param primary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.seccompProfile.type Set Client container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MySQL primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -698,11 +706,19 @@ secondary:
## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext
## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container
## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
## @param secondary.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MySQL secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious

6
charts/bitnami/wordpress/Chart.lock
View File

@ -4,9 +4,9 @@ dependencies:
version: 6.6.7
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.0.3
version: 14.1.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3
digest: sha256:71a3286fadd425374117a24310d8b00d17a64ed43220b1a05492df31bee54036
generated: "2023-10-24T00:18:57.948707298Z"
digest: sha256:33dedb4663f9ae749ac6e28fd296a17b61104270ebdfd7f3aa17f6a08d32c963
generated: "2023-10-25T15:16:14.675651715Z"

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: wordpress
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r1
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r3
licenses: Apache-2.0
apiVersion: v2
appVersion: 6.3.2
@ -47,4 +47,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 18.0.8
version: 18.0.10

2
charts/bitnami/wordpress/charts/mariadb/Chart.yaml
View File

@ -33,4 +33,4 @@ maintainers:
name: mariadb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 14.0.3
version: 14.1.0

10
charts/bitnami/wordpress/charts/mariadb/README.md
View File

@ -24,7 +24,7 @@ MariaDB is developed as open source software and as a relational database it pro
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
Looking to use MariaDB in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and
| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` |
| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` |
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` |
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` |
| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` |
| `primary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and
| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` |
| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` |
| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` |
| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` |
| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` |
| `secondary.startupProbe.enabled` | Enable startupProbe | `false` |
@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` |
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` |
| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` |
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |

22
charts/bitnami/wordpress/charts/mariadb/values.yaml
View File

@ -325,6 +325,8 @@ primary:
## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
@ -332,6 +334,10 @@ primary:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB primary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -721,6 +727,8 @@ secondary:
## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot
## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged
## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation
## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
@ -728,6 +736,10 @@ secondary:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MariaDB secondary container's resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@ -1104,8 +1116,12 @@ metrics:
## MariaDB metrics container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container
## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
## Example:
## containerSecurityContext:
## enabled: true
@ -1116,7 +1132,13 @@ metrics:
containerSecurityContext:
enabled: false
privileged: false
runAsNonRoot: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Mysqld Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious

2
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.3.2-debian-11-r1
tag: 6.3.2-debian-11-r3
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

12
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,17 @@
# Datadog changelog
## 3.42.0
* Allow enabling SBOM collection for host and container images.
## 3.41.0
* Enable container lifecycle events collection by default.
## 3.40.4
* Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService`
## 3.40.3
* Default `Agent` and `Cluster-Agent` to `7.48.1` version.

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.40.3
version: 3.42.0

7
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.40.3](https://img.shields.io/badge/Version-3.40.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.42.0](https://img.shields.io/badge/Version-3.42.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -520,6 +520,7 @@ helm install <RELEASE_NAME> \
| clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
| clusterAgent.metricsProvider.enabled | bool | `false` | Set this to true to enable Metrics Provider |
| clusterAgent.metricsProvider.endpoint | string | `nil` | Override the external metrics provider endpoint. If not set, the cluster-agent defaults to `datadog.site` |
| clusterAgent.metricsProvider.registerAPIService | bool | `true` | Set this to false to disable external metrics registration as an APIService |
| clusterAgent.metricsProvider.service.port | int | `8443` | Set port of cluster-agent metrics server service (Kubernetes >= 1.15) |
| clusterAgent.metricsProvider.service.type | string | `"ClusterIP"` | Set type of cluster-agent metrics server service |
| clusterAgent.metricsProvider.useDatadogMetrics | bool | `false` | Enable usage of DatadogMetric CRD to autoscale on arbitrary Datadog queries |
@ -611,9 +612,11 @@ helm install <RELEASE_NAME> \
| datadog.containerExclude | string | `nil` | Exclude containers from the Agent Autodiscovery, as a space-sepatered list |
| datadog.containerExcludeLogs | string | `nil` | Exclude logs from the Agent Autodiscovery, as a space-separated list |
| datadog.containerExcludeMetrics | string | `nil` | Exclude metrics from the Agent Autodiscovery, as a space-separated list |
| datadog.containerImageCollection.enabled | bool | `false` | Enable collection of container image metadata |
| datadog.containerInclude | string | `nil` | Include containers in the Agent Autodiscovery, as a space-separated list. If a container matches an include rule, its always included in the Autodiscovery |
| datadog.containerIncludeLogs | string | `nil` | Include logs in the Agent Autodiscovery, as a space-separated list |
| datadog.containerIncludeMetrics | string | `nil` | Include metrics in the Agent Autodiscovery, as a space-separated list |
| datadog.containerLifecycle.enabled | bool | `true` | Enable container lifecycle events collection |
| datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. |
| datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) |
| datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL |
@ -693,6 +696,8 @@ helm install <RELEASE_NAME> \
| datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. |
| datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. |
| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead |
| datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images |
| datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems |
| datadog.secretAnnotations | object | `{}` | |
| datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). |
| datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. |

20
charts/datadog/datadog/templates/_container-agent.yaml
View File

@ -150,12 +150,32 @@
- name: DD_CHECKS_TAG_CARDINALITY
value: {{ .Values.datadog.checksCardinality | quote }}
{{- end }}
{{- if .Values.datadog.containerLifecycle.enabled }}
- name: DD_CONTAINER_LIFECYCLE_ENABLED
value: {{ .Values.datadog.containerLifecycle.enabled | quote }}
{{- end }}
- name: DD_ORCHESTRATOR_EXPLORER_ENABLED
value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }}
- name: DD_EXPVAR_PORT
value: {{ .Values.datadog.expvarPort | quote }}
- name: DD_COMPLIANCE_CONFIG_ENABLED
value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }}
{{- if eq (include "should-enable-container-image-collection" .) "true" }}
- name: DD_CONTAINER_IMAGE_ENABLED
value: "true"
{{- end }}
{{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }}
- name: DD_SBOM_ENABLED
value: "true"
{{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }}
- name: DD_SBOM_CONTAINER_IMAGE_ENABLED
value: "true"
{{- end }}
{{- if .Values.datadog.sbom.host.enabled }}
- name: DD_SBOM_HOST_ENABLED
value: "true"
{{- end }}
{{- end }}
{{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }}
{{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }}
volumeMounts:

29
charts/datadog/datadog/templates/_helpers.tpl
View File

@ -846,4 +846,33 @@ Create RBACs for custom resources
- list
- watch
{{- end }}
{{- end }}
{{/*
Return true if container image collection is enabled
*/}}
{{- define "should-enable-container-image-collection" -}}
{{- if and (not .Values.datadog.containerRuntimeSupport.enabled)
(or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}}
{{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}}
{{- end -}}
{{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}
{{/*
Return true if SBOM collection for container image is enabled
*/}}
{{- define "should-enable-sbom-container-image-collection" -}}
{{- if .Values.datadog.sbom.containerImage.enabled -}}
{{- if not (eq (include "should-enable-container-image-collection" .) "true") -}}
{{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}}
{{- end -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}

2
charts/datadog/datadog/templates/agent-apiservice.yaml
View File

@ -1,4 +1,4 @@
{{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled -}}
{{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.registerAPIService -}}
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:

2
charts/datadog/datadog/templates/hpa-external-metrics-rbac.yaml
View File

@ -1,4 +1,4 @@
{{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}}
{{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.registerAPIService .Values.clusterAgent.metricsProvider.createReaderRbac -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRole
metadata:

22
charts/datadog/datadog/values.yaml
View File

@ -629,6 +629,11 @@ datadog:
# datadog.systemProbe.enableDefaultKernelHeadersPaths -- Enable mount of default paths where kernel headers are stored
enableDefaultKernelHeadersPaths: true
containerImageCollection:
# datadog.containerImageCollection.enabled -- Enable collection of container image metadata
enabled: false
orchestratorExplorer:
# datadog.orchestratorExplorer.enabled -- Set this to false to disable the orchestrator explorer
@ -675,6 +680,16 @@ datadog:
# datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring
enabled: false
# Software Bill of Materials configuration
sbom:
containerImage:
# datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images
enabled: false
host:
# datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems
enabled: false
## Enable security agent and provide custom configs
securityAgent:
compliance:
@ -824,6 +839,10 @@ datadog:
## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#pause-containers
excludePauseContainer: true
containerLifecycle:
# datadog.containerLifecycle.enabled -- Enable container lifecycle events collection
enabled: true
## This is the Datadog Cluster Agent implementation that handles cluster-wide
## metrics more cleanly, separates concerns for better rbac, and implements
## the external metrics API so you can autoscale HPAs based on datadog metrics
@ -926,6 +945,9 @@ clusterAgent:
# clusterAgent.metricsProvider.enabled -- Set this to true to enable Metrics Provider
enabled: false
# clusterAgent.metricsProvider.registerAPIService -- Set this to false to disable external metrics registration as an APIService
registerAPIService: true
# clusterAgent.metricsProvider.wpaController -- Enable informer and controller of the watermark pod autoscaler
## Note: You need to install the `WatermarkPodAutoscaler` CRD before

4
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,8 +1,8 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
## [107.68.14] - Sep 20, 2023
* Fixed rtfs context
## [107.71.3] - Sep 18, 2023
* Adjust rtfs context
* Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)
## [107.68.8] - Sep 18, 2023

4
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.68.14
appVersion: 7.71.3
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
version: 107.68.14
version: 107.71.3

6
charts/jfrog/artifactory-ha/values.yaml
View File

@ -41,7 +41,7 @@ global:
## String to fully override artifactory-ha.fullname template
##
# fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717
installer:
type:
platform:
@ -214,7 +214,7 @@ logger:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.2.691
tag: 9.2.717
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws:
@ -239,7 +239,7 @@ router:
image:
registry: releases-docker.jfrog.io
repository: jfrog/router
tag: 7.77.0
tag: 7.81.0
imagePullPolicy: IfNotPresent
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled

2
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [107.68.14] - Jul 20, 2023
## [107.71.3] - Jul 20, 2023
* Disabled federation services when splitServicesToContainers=true
## [107.45.0] - Aug 25, 2022

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.68.14
appVersion: 7.71.3
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.68.14
version: 107.71.3
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
version: 107.68.14
version: 107.71.3

4
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,8 +1,8 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [107.68.14] - Sep 20, 2023
* Fixed rtfs context
## [107.71.3] - Sep 18, 2023
* Adjust rtfs context
* Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)
## [107.68.8] - Sep 18, 2023

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.68.14
appVersion: 7.71.3
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
version: 107.68.14
version: 107.71.3

6
charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
View File

@ -42,7 +42,7 @@ global:
## String to fully override artifactory.fullname template
##
# fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717
# Init containers
initContainers:
resources:
@ -162,7 +162,7 @@ logger:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.2.691
tag: 9.2.717
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws:
@ -187,7 +187,7 @@ router:
image:
registry: releases-docker.jfrog.io
repository: jfrog/router
tag: 7.77.0
tag: 7.81.0
imagePullPolicy: IfNotPresent
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled

6
charts/jfrog/artifactory-jcr/values.yaml
View File

@ -69,4 +69,8 @@ postgresql:
enabled: true
router:
image:
tag: 7.77.0
tag: 7.81.0
logger:
image:
tag: 9.2.717
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717

6
charts/kasten/k10/Chart.lock
View File

@ -1,9 +1,9 @@
dependencies:
- name: grafana
repository: ""
version: 6.59.4
version: 6.60.6
- name: prometheus
repository: ""
version: 23.3.0
digest: sha256:498161c215e2844ce0a26e96cb5c430fcd3e9a5db225a7ab06ec88d5445eee42
generated: "2023-10-10T16:10:31.808394604Z"
digest: sha256:742c8bb60a7bdc54588a1823848e117fe9498fb841eb11270f486a297534997c
generated: "2023-10-25T10:10:45.774911186Z"

6
charts/kasten/k10/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 6.0.9
appVersion: 6.0.11
dependencies:
- name: grafana
repository: file://./charts/grafana
version: 6.59.4
version: 6.60.6
- name: prometheus
repository: file://./charts/prometheus
version: 23.3.0
@ -19,4 +19,4 @@ maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
version: 6.0.901
version: 6.0.1101

4
charts/kasten/k10/charts/grafana/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
- name: Upstream Project
url: https://github.com/grafana/grafana
apiVersion: v2
appVersion: 10.1.1
appVersion: 10.1.5
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
@ -30,4 +30,4 @@ sources:
- https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts
type: application
version: 6.59.4
version: 6.60.6

24
charts/kasten/k10/charts/grafana/templates/_helpers.tpl
View File

@ -201,3 +201,27 @@ Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific
{{- end }}
{{- end }}
{{- end }}
{{/*
Checks whether or not the configSecret secret has to be created
*/}}
{{- define "grafana.shouldCreateConfigSecret" -}}
{{- $secretFound := false -}}
{{- range $key, $value := .Values.datasources }}
{{- if hasKey $value "secret" }}
{{- $secretFound = true}}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if hasKey $value "secret" }}
{{- $secretFound = true}}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{- if (or (hasKey $value "secret") (hasKey $value "secretFile")) }}
{{- $secretFound = true}}
{{- end }}
{{- end }}
{{- $secretFound}}
{{- end -}}

2
charts/kasten/k10/charts/grafana/templates/clusterrole.yaml
View File

@ -1,5 +1,5 @@
{{- if .Values.enabled -}}
{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingRole) }}
{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

4
charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml
View File

@ -16,8 +16,8 @@ subjects:
namespace: {{ include "grafana.namespace" . }}
roleRef:
kind: ClusterRole
{{- if .Values.rbac.useExistingRole }}
name: {{ .Values.rbac.useExistingRole }}
{{- if .Values.rbac.useExistingClusterRole }}
name: {{ .Values.rbac.useExistingClusterRole }}
{{- else }}
name: {{ include "grafana.fullname" . }}-clusterrole
{{- end }}

43
charts/kasten/k10/charts/grafana/templates/configSecret.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}}
{{- if and .Values.createConfigmap $createConfigSecret }}
{{- $files := .Files }}
{{- $root := . -}}
apiVersion: v1
kind: Secret
metadata:
name: "{{ include "grafana.fullname" . }}-config-secret"
namespace: {{ include "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "secretFile") }}
{{- $key | nindent 2 }}:
{{- toYaml ( $files.Get $value.secretFile ) | b64enc | nindent 4}}
{{/* as of https://helm.sh/docs/chart_template_guide/accessing_files/ this will only work if you fork this chart and add files to it*/}}
{{- end }}
{{- end }}
stringData:
{{- range $key, $value := .Values.datasources }}
{{- if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{ if (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value.secret | nindent 4) $root }}
{{- end }}
{{- end }}
{{- end }}

6
charts/kasten/k10/charts/grafana/templates/configmap.yaml
View File

@ -45,19 +45,25 @@ data:
{{- end }}
{{- range $key, $value := .Values.datasources }}
{{- if not (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.notifiers }}
{{- if not (hasKey $value "secret") }}
{{- $key | nindent 2 }}: |
{{- toYaml $value | nindent 4 }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.alerting }}
{{- if (hasKey $value "file") }}
{{- $key | nindent 2 }}:
{{- toYaml ( $files.Get $value.file ) | nindent 4}}
{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
{{/* will be stored inside secret generated by "configSecret.yaml"*/}}
{{- else }}
{{- $key | nindent 2 }}: |
{{- tpl (toYaml $value | nindent 4) $root }}

3
charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml
View File

@ -10,6 +10,9 @@ metadata:
labels:
{{- include "grafana.labels" $ | nindent 4 }}
dashboard-provider: {{ $provider }}
{{- if $.Values.sidecar.dashboards.enabled }}
{{ $.Values.sidecar.dashboards.label }}: {{ $.Values.sidecar.dashboards.labelValue | quote }}
{{- end }}
{{- if $dashboards }}
data:
{{- $dashboardFound := false }}

6
charts/kasten/k10/charts/grafana/values.yaml
View File

@ -16,7 +16,8 @@ global:
rbac:
create: true
## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
# useExistingRole: name-of-some-(cluster)role
# useExistingRole: name-of-some-role
# useExistingClusterRole: name-of-some-clusterRole
pspEnabled: false
pspUseAppArmor: false
namespaced: false
@ -203,7 +204,7 @@ serviceMonitor:
path: /metrics
# namespace: monitoring (defaults to use the namespace this chart is deployed to)
labels: {}
interval: 1m
interval: 30s
scheme: http
tlsConfig: {}
scrapeTimeout: 30s
@ -617,6 +618,7 @@ alerting: {}
# labels:
# team: sre_team_1
# contactpoints.yaml:
# secret:
# apiVersion: 1
# contactPoints:
# - orgId: 1

7
charts/kasten/k10/templates/NOTES.txt
View File

@ -42,7 +42,6 @@ To establish a connection to it use the following `kubectl` command:
`kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.service.externalPort }}`
The Kasten dashboard will be available at: `http{{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}s{{ end }}://127.0.0.1:8080/{{ .Release.Name }}/#/`
{{ if and ( .Values.metering.awsManagedLicense ) ( not .Values.metering.licenseConfigSecretName ) }}
IAM Role created during installation need to have permissions that allow K10 to
@ -57,3 +56,9 @@ Refer to `https://docs.kasten.io/latest/install/aws-containers-anywhere/aws-cont
for more information.
{{ end }}
{{- if .Values.auth.dex.enabled }}
--------------------
Deprecation warning: The `auth.dex` block of values will be deprecated in favor of `auth.openshift` and `auth.ldap` in version 6.5.
--------------------
{{- end }}

2
charts/kasten/k10/templates/_definitions.tpl
View File

@ -210,5 +210,5 @@ state-svc:
{{- define "k10.multiClusterVersion" -}}2{{- end -}}
{{- define "k10.mcExternalPort" -}}18000{{- end -}}
{{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.97.0{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.98.0{{- end -}}
{{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}}

134
charts/kasten/k10/templates/_helpers.tpl
View File

@ -110,6 +110,20 @@
{{- end -}}
{{- end -}}
{{- define "k10.capabilities" -}}
{{- /* Internal capabilities enabled by other Helm values are added here */ -}}
{{- $internal_capabilities := list -}}
{{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
{{- end -}}
{{- define "k10.capabilities_mask" -}}
{{- /* Internal capabilities masked by other Helm values are added here */ -}}
{{- $internal_capabilities_mask := list -}}
{{- concat $internal_capabilities_mask (.Values.capabilitiesMask | default list) | join " " -}}
{{- end -}}
{{/* Check if basic auth is needed */}}
{{- define "basicauth.check" -}}
{{- if .Values.auth.basicAuth.enabled }}
@ -430,16 +444,6 @@ Check if AWS creds are specified
{{- end -}}
{{- end -}}
{{/*
Check if kanister-tools image has k10- in name
this means we need to overwrite kanister image in the system
*/}}
{{- define "overwite.kanisterToolsImage" -}}
{{- if or .Values.global.airgapped.repository .Values.global.rhMarketPlace -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if Azure MSI with Default ID is specified
*/}}
@ -480,24 +484,31 @@ Checks and enforces only 1 set of azure creds is specified
{{- end -}}
{{/*
Figure out the kanisterToolsImage.image based on
the value of airgapped.repository value
The details on how these image are being generated
is in below issue
https://kasten.atlassian.net/browse/K10-4036
Using substr to remove repo from kanisterToolsImage
Get the kanister-tools image.
*/}}
{{- define "get.kanisterToolsImage" }}
{{- if not .Values.global.rhMarketPlace }}
{{- define "get.kanisterToolsImage" -}}
{{- (get .Values.global.images (include "kan.kanisterToolsImageName" .)) | default (include "kan.kanisterToolsImage" .) }}
{{- end }}
{{- define "kan.kanisterToolsImage" -}}
{{- printf "%s:%s" (include "kan.kanisterToolsImageRepo" .) (include "kan.kanisterToolsImageTag" .) }}
{{- end -}}
{{- define "kan.kanisterToolsImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s:k10-%s" (.Values.global.airgapped.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "kan.kanisterToolsImageName" .) }}
{{- else }}
{{- printf "%s/%s/%s:%s" (.Values.kanisterToolsImage.registry) (.Values.kanisterToolsImage.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
{{- end }}
{{- else }}
{{- printf "%s" (get .Values.global.images "kanister-tools") -}}
{{- end }}
{{- printf "%s/%s" .Values.global.image.registry (include "kan.kanisterToolsImageName" .) }}
{{- end }}
{{- end -}}
{{- define "kan.kanisterToolsImageName" -}}
{{- printf "kanister-tools" }}
{{- end -}}
{{- define "kan.kanisterToolsImageTag" -}}
{{- include "get.k10ImageTag" . }}
{{- end -}}
{{/*
Check if Google creds are specified
@ -869,6 +880,13 @@ running in the same cluster.
{{- end }}
{{- end -}}
{{/* Used to verify if Ironbank is enabled */}}
{{- define "ironbank.enabled" -}}
{{- if (.Values.global.ironbank | default dict).enabled -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/* Get the K10 image tag. Fails if not set correctly */}}
{{- define "get.k10ImageTag" -}}
{{- $imageTag := coalesce .Values.global.image.tag (include "k10.imageTag" .) }}
@ -899,6 +917,26 @@ running in the same cluster.
{{- printf "init" }}
{{- end -}}
{{- define "k10.cephtool.getImage" -}}
{{- (get .Values.global.images (include "k10.cephtool.ImageName" .)) | default (include "k10.cephtool.Image" .) }}
{{- end -}}
{{- define "k10.cephtool.Image" -}}
{{- printf "%s:%s" (include "k10.cephtool.ImageRepo" .) (include "get.k10ImageTag" .) }}
{{- end -}}
{{- define "k10.cephtool.ImageRepo" -}}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.cephtool.ImageName" .) }}
{{- else }}
{{- printf "%s/%s" .Values.global.image.registry (include "k10.cephtool.ImageName" .) }}
{{- end }}
{{- end -}}
{{- define "k10.cephtool.ImageName" -}}
{{- printf "cephtool" }}
{{- end -}}
{{- define "k10.splitImage" -}}
{{- $split_repo_tag_and_hash := .image | splitList "@" -}}
{{- $split_repo_and_tag := $split_repo_tag_and_hash | first | splitList ":" -}}
@ -930,3 +968,51 @@ running in the same cluster.
) | toJson
-}}
{{- end -}}
{{/* Fail if Ironbank is enabled and images we don't support are turned on */}}
{{- define "k10.fail.ironbankRHMarketplace" -}}
{{- if and (include "ironbank.enabled" .) (.Values.global.rhMarketPlace) -}}
{{- fail "global.ironbank.enabled and global.rhMarketPlace cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if Ironbank is enabled and images we don't support are turned on */}}
{{- define "k10.fail.ironbankGrafana" -}}
{{- if (include "ironbank.enabled" .) -}}
{{- range $key, $value := .Values.grafana.sidecar -}}
{{/*
https://go.dev/doc/go1.18: the "and" used to evaluate all conditions and not terminate early
if a predicate was met, so we must have the below as their own conditional for any customers
used go version < 1.18.
*/}}
{{- if kindIs "map" $value -}}
{{- if hasKey $value "enabled" -}}
{{- if $value.enabled -}}
{{- fail (printf "Ironbank deployment does not support grafana sidecar %s" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Fail if Ironbank is enabled and images we don't support are turned on */}}
{{- define "k10.fail.ironbankPrometheus" -}}
{{- if (include "ironbank.enabled" .) -}}
{{- $prometheusDict := pick .Values.prometheus "alertmanager" "kube-state-metrics" "prometheus-node-exporter" "prometheus-pushgateway" -}}
{{- range $key, $value := $prometheusDict -}}
{{/*
https://go.dev/doc/go1.18: the "and" used to evaluate all conditions and not terminate early
if a predicate was met, so we must have the below as their own conditional for any customers
used go version < 1.18.
*/}}
{{- if kindIs "map" $value -}}
{{- if hasKey $value "enabled" -}}
{{- if $value.enabled -}}
{{- fail (printf "Ironbank deployment does not support prometheus %s" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

15
charts/kasten/k10/templates/_k10_container.tpl
View File

@ -224,6 +224,14 @@ stating that types are not same for the equality check
name: k10-config
key: clustername
{{- end }}
{{- with $capabilities := include "k10.capabilities" . }}
- name: K10_CAPABILITIES
value: {{ $capabilities | quote }}
{{- end }}
{{- with $capabilities_mask := include "k10.capabilities_mask" . }}
- name: K10_CAPABILITIES_MASK
value: {{ $capabilities_mask | quote }}
{{- end }}
{{- if eq $service "controllermanager" }}
- name: K10_STATEFUL
value: "{{ .Values.global.persistence.enabled }}"
@ -512,13 +520,11 @@ stating that types are not same for the equality check
name: k10-token-auth
key: auth
{{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
- name: KANISTER_TOOLS
valueFrom:
configMapKeyRef:
name: k10-config
key: overwriteKanisterTools
{{- end }}
key: KanisterToolsImage
{{- if eq (include "check.cacertconfigmap" .) "true" }}
- name: CACERT_CONFIGMAP_NAME
value: {{ .Values.cacertconfigmap.name }}
@ -658,8 +664,9 @@ stating that types are not same for the equality check
{{- if .Values.toolsImage.enabled }}
{{- if eq $service "executor" }}
- name: tools
{{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
imagePullPolicy: {{ .Values.toolsImage.pullPolicy }}
{{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
command: ["tail", "-f", "/dev/null"]
{{- $podName := (printf "%s-svc" $service) }}
{{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "tools" | include "k10.resource.request" | indent 8}}
{{- end }}

2
charts/kasten/k10/templates/_k10_image_tag.tpl
View File

@ -1 +1 @@
{{- define "k10.imageTag" -}}6.0.9{{- end -}}
{{- define "k10.imageTag" -}}6.0.11{{- end -}}

20
charts/kasten/k10/templates/_k10_metering.tpl
View File

@ -170,12 +170,25 @@ spec:
configMapKeyRef:
name: k10-config
key: version
- name: KANISTER_TOOLS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterToolsImage
{{- if .Values.clusterName }}
- name: CLUSTER_NAME
valueFrom:
configMapKeyRef:
name: k10-config
key: clustername
{{- end }}
{{- with $capabilities := include "k10.capabilities" . }}
- name: K10_CAPABILITIES
value: {{ $capabilities | quote }}
{{- end }}
{{- with $capabilities_mask := include "k10.capabilities_mask" . }}
- name: K10_CAPABILITIES_MASK
value: {{ $capabilities_mask | quote }}
{{- end }}
- name: LOG_LEVEL
valueFrom:
@ -207,13 +220,6 @@ spec:
- name: NODE_USAGE_STORE
value: /tmp/reports/node_usage_history
{{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
- name: KANISTER_TOOLS
valueFrom:
configMapKeyRef:
name: k10-config
key: overwriteKanisterTools
{{- end }}
{{- if .Values.metering.awsRegion }}
- name: AWS_REGION
value: {{ .Values.metering.awsRegion }}

10
charts/kasten/k10/templates/_k10_serviceimage.tpl
View File

@ -3,7 +3,6 @@ Helper to get k10 service image
The details on how these image are being generated
is in below issue
https://kasten.atlassian.net/browse/K10-4036
Using substr to remove repo from ambassadorImage
*/}}
{{- define "serviceImage" -}}
{{/*
@ -20,13 +19,14 @@ value that is specified.
{{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.airgapped.repository "/" .k10_service ":" }}
{{- else }}
{{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.image.registry "/" .k10_service ":" }}
{{- if eq .k10_service "cephtool"}}
{{- $serviceImage = include "k10.cephtool.getImage" .main }}
{{- end }}
{{- end }}{{/* if .main.Values.global.airgapped.repository */}}
{{- $serviceImageKey := print (replace "-" "" .k10_service) "Image" }}
{{- if eq $serviceImageKey "ambassadorImage" }}
{{- $tagFromDefs = (include "k10.ambassadorImageTag" .) }}
{{- else if eq $serviceImageKey "dexImage" }}
{{- if eq $serviceImageKey "dexImage" }}
{{- $tagFromDefs = (include "dex.dexImageTag" .) }}
{{- end }}{{/* if eq $serviceImageKey "ambassadorImage" */}}
{{- end }}{{/* if eq $serviceImageKey "dexImage" */}}
{{- if index .main.Values $serviceImageKey }}
{{- $service_values := index .main.Values $serviceImageKey }}
{{- if .main.Values.global.airgapped.repository }}

7
charts/kasten/k10/templates/ironbank.tpl Normal file
View File

@ -0,0 +1,7 @@
{{/*
This file is used to fail the helm deployment if certain values are set which are
not compatible with an Ironbank deployment.
*/}}
{{- include "k10.fail.ironbankRHMarketplace" . -}}
{{- include "k10.fail.ironbankGrafana" . -}}
{{- include "k10.fail.ironbankPrometheus" . -}}

6
charts/kasten/k10/templates/k10-config.yaml
View File

@ -35,6 +35,7 @@ data:
KanisterPodMetricSidecarEnabled: {{ .Values.kanisterPodMetricSidecar.enabled | quote }}
KanisterPodMetricSidecarMetricLifetime: {{ .Values.kanisterPodMetricSidecar.metricLifetime | quote }}
KanisterPodPushgatewayMetricsInterval: {{ .Values.kanisterPodMetricSidecar.pushGatewayInterval | quote }}
KanisterToolsImage: {{ include "get.kanisterToolsImage" . | quote }}
K10MutatingWebhookTLSCertDir: "/etc/ssl/certs/webhook"
K10LimiterGenericVolumeSnapshots: {{ default (include "k10.defaultK10LimiterGenericVolumeSnapshots" .) .Values.limiter.genericVolumeSnapshots | quote }}
@ -79,11 +80,6 @@ data:
{{- else }}
kanisterFunctionVersion: {{ quote "v1.0.0-alpha" }}
{{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
{{- if (include "get.kanisterToolsImage" .) }}
overwriteKanisterTools: {{ include "get.kanisterToolsImage" .}}
{{- end }}
{{- end }}
{{- include "kanisterToolsResources" . | indent 2 }}
{{ if .Values.features }}

6
charts/kasten/k10/values.schema.json
View File

@ -236,12 +236,6 @@
"title": "Aggregatedapis service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"ambassador": {
"type": "string",
"default": "",
"title": "Ambassador service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"auth": {
"type": "string",
"default": "",

2
charts/kasten/k10/values.yaml
View File

@ -61,7 +61,6 @@ global:
images:
admin: ''
aggregatedapis: ''
ambassador: ''
auth: ''
bloblifecyclemanager: ''
catalog: ''
@ -100,7 +99,6 @@ global:
network:
enable_ipv6: false
## OpenShift route configuration.
route:
enabled: false

4
charts/kubecost/cost-analyzer/Chart.yaml
View File

@ -7,7 +7,7 @@ annotations:
catalog.cattle.io/featured: "1"
catalog.cattle.io/release-name: cost-analyzer
apiVersion: v2
appVersion: 1.106.3
appVersion: 1.106.4
dependencies:
- condition: global.grafana.enabled
name: grafana
@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni
cloud costs.
icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
name: cost-analyzer
version: 1.106.3
version: 1.106.4

4
charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml
View File

@ -20,6 +20,10 @@ spec:
metadata:
labels:
app: awsstore
{{- with .Values.global.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: awsstore-serviceaccount
{{- if .Values.awsstore.priorityClassName }}

6
charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
View File

@ -44,11 +44,9 @@ spec:
{{- if and .Values.kubecostDeployment .Values.kubecostDeployment.labels }}
{{- toYaml .Values.kubecostDeployment.labels | nindent 8 }}
{{- end }}
{{- if .Values.global.podAnnotations}}
annotations:
{{- with .Values.global.podAnnotations}}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.kubecostFrontend.tls }}

4
charts/kubecost/cost-analyzer/templates/federator-deployment-template.yaml
View File

@ -19,6 +19,10 @@ spec:
metadata:
labels:
{{- include "federator.selectorLabels" . | nindent 8 }}
{{- with .Values.global.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
containers:
- name: federator

6
charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml
View File

@ -32,11 +32,9 @@ spec:
{{- with .Values.kubecostMetrics.exporter.labels }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.global.podAnnotations }}
annotations:
{{- with .Values.global.podAnnotations}}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.kubecostFrontend.tls }}

4
charts/kubecost/cost-analyzer/templates/query-service-deployment-template.yaml
View File

@ -38,6 +38,10 @@ spec:
app.kubernetes.io/name: query-service
app.kubernetes.io/instance: {{ .Release.Name }}
app: query-service
{{- with .Values.global.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Always

2
charts/loft/loft/Chart.yaml
View File

@ -28,4 +28,4 @@ name: loft
sources:
- https://github.com/loft-sh/loft
type: application
version: 3.2.4
version: 3.3.0

64
charts/loft/loft/templates/_helpers.tpl
View File

@ -1,10 +1,4 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "loft.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
@ -12,38 +6,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
If release name contains chart name it will be used as a full name.
*/}}
{{- define "loft.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "loft.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "loft.labels" -}}
app.kubernetes.io/name: {{ include "loft.name" . }}
helm.sh/chart: {{ include "loft.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- else }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- printf "loft" -}}
{{- end -}}
{{/*
@ -58,17 +21,22 @@ Create the name of the service account to use
{{- end -}}
{{/*
Get access key for invite link
Default image name for a given product
*/}}
{{- $}}
{{- define "loft.admin.accessKey" -}}
{{- now | unixEpoch | toString | trunc 8 | sha256sum -}}
{{- define "loft.defaultImage" -}}
{{- printf "ghcr.io/loft-sh/loft:%s" .Chart.Version -}}
{{- end -}}
{{/*
Get loft admin user username
*/}}
{{- $}}
{{- define "loft.admin.name" -}}
admin
{{- define "loft.image" -}}
{{- if .Values.product -}}
{{- if eq .Values.product "vcluster-pro" -}}
{{- printf "ghcr.io/loft-sh/vcluster-control-plane:%s" .Chart.Version -}}
{{- else if eq .Values.product "devpod-pro" -}}
{{- printf "ghcr.io/loft-sh/devpod-pro:%s" .Chart.Version -}}
{{- else -}}
{{ include "loft.defaultImage" . }}
{{- end -}}
{{- else -}}
{{ include "loft.defaultImage" . }}
{{- end -}}
{{- end -}}

22
charts/loft/loft/templates/apiservice.yaml
View File

@ -1,5 +1,6 @@
{{- if .Values.apiservice }}
{{- if .Values.apiservice.create }}
{{- if not .Values.agentOnly }}
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
@ -32,5 +33,26 @@ spec:
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}
---
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: loft-apiservice-agent
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
ports:
- name: apiservice
port: 443
targetPort: 9444
protocol: TCP
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}
{{- end }}
{{- end }}

52
charts/loft/loft/templates/deployment.yaml
View File

@ -54,28 +54,31 @@ spec:
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
{{- if .Values.audit }}
{{- if .Values.audit.persistence.enabled }}
- name: audit-log
{{- if or (and .Values.persistence .Values.persistence.enabled) (and .Values.audit .Values.audit.persistence.enabled) }}
- name: loft-data
persistentVolumeClaim:
claimName: {{ template "loft.fullname" . }}-audit
{{- else if .Values.audit.enableSideCar }}
- name: audit-log
{{- else }}
- name: loft-data
emptyDir: {}
{{- end }}
{{- end }}
containers:
- name: manager
{{- if .Values.image }}
image: "{{ .Values.image }}"
{{- else }}
image: "ghcr.io/loft-sh/loft:{{ .Chart.Version }}"
{{- if .Values.agentOnly }}
command: ["loft", "agent"]
{{- end }}
image: {{ default (include "loft.image" .) .Values.image }}
ports:
{{- if not .Values.agentOnly }}
- name: http
containerPort: 8080
- name: https
containerPort: 10443
{{- end }}
- name: https-webhook
containerPort: 9443
- name: http-wakeup
containerPort: 9090
{{- if .Values.livenessProbe }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
@ -105,6 +108,10 @@ spec:
- name: ADMIN_PASSWORD_HASH
value: {{ .Values.admin.password | sha256sum | quote }}
{{- end }}
{{- if (gt (int .Values.replicaCount) 1) }}
- name: LEADER_ELECTION_ENABLED
value: "true"
{{- end }}
{{- range $key, $value := .Values.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
@ -124,6 +131,12 @@ spec:
key: {{ .Values.tls.keyKey }}
{{- end }}
{{- end }}
{{- if .Values.logging }}
- name: LOFT_LOG_ENCODING
value: {{ default "console" .Values.logging.encoding }}
- name: LOFT_LOG_LEVEL
value: {{ default "info" .Values.logging.level }}
{{- end }}
{{- range $key, $value := .Values.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
@ -132,12 +145,8 @@ spec:
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }}
{{- if .Values.audit }}
{{- if or .Values.audit.enableSideCar .Values.audit.persistence.enabled }}
- mountPath: /var/log/loft
name: audit-log
{{- end }}
{{- end }}
- mountPath: /var/lib/loft
name: loft-data
resources:
{{ toYaml .Values.resources | indent 10 }}
{{- if .Values.securityContext }}
@ -147,18 +156,23 @@ spec:
capabilities:
drop:
- ALL
{{- if .Values.securityContext.runAsRoot }}
runAsUser: 0
runAsGroup: 0
{{- else }}
runAsNonRoot: true
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.audit }}
{{- if .Values.audit.enableSideCar }}
- name: audit
image: "{{ .Values.audit.image }}"
command: ["sh"]
args: ["-c", "touch /var/log/loft/audit.log && tail -F /var/log/loft/audit.log"]
args: ["-c", "touch /var/lib/loft/audit.log && tail -F /var/lib/loft/audit.log"]
volumeMounts:
- mountPath: /var/log/loft
name: audit-log
- mountPath: /var/lib/loft
name: loft-data
{{- end }}
{{- end }}
{{- if .Values.nodeSelector }}

25
charts/loft/loft/templates/ingress-wakeup-service.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
name: loft-ingress-wakeup-agent
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
loft.sh/service: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
{{- if .Values.agentOnly }}
type: {{ .Values.service.type }}
{{- else }}
type: ClusterIP
{{- end }}
ports:
- name: http-wakeup
port: 9090
targetPort: 9090
protocol: TCP
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}

2
charts/loft/loft/templates/ingress.yaml
View File

@ -17,7 +17,6 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }}
nginx.ingress.kubernetes.io/proxy-read-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-send-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k"
@ -30,6 +29,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.ingressClass }}
rules:
- host: {{ .Values.ingress.host }}
http:

22
charts/loft/loft/templates/pvc.yaml
View File

@ -1,5 +1,4 @@
{{- if .Values.audit }}
{{- if .Values.audit.persistence.enabled }}
{{- if and .Values.audit .Values.audit.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@ -19,5 +18,24 @@ spec:
resources:
requests:
storage: {{ .Values.audit.persistence.size }}
{{- else if and .Values.persistence .Values.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "loft.fullname" . }}-audit
{{- if .Values.commonAnnotations }}
annotations:
{{- toYaml .Values.commonAnnotations | nindent 4 }}
{{- end }}
spec:
{{- if .Values.persistence.accessModes }}
accessModes:
{{ toYaml .Values.persistence.accessModes | indent 4 }}
{{- else }}
accessModes: ["ReadWriteOnce"]
{{- end }}
storageClassName: {{ .Values.persistence.storageClassName }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- end }}

4
charts/loft/loft/templates/service.yaml
View File

@ -1,3 +1,4 @@
{{- if not .Values.agentOnly }}
apiVersion: v1
kind: Service
metadata:
@ -6,7 +7,7 @@ metadata:
labels:
app: {{ template "loft.fullname" . }}
loft.sh/service: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
chart: "{{ .Chart.Name }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.service.labels }}
@ -37,3 +38,4 @@ spec:
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More