diff --git a/assets/bitnami/kafka-23.0.1.tgz b/assets/bitnami/kafka-23.0.1.tgz new file mode 100644 index 000000000..a44e794f3 Binary files /dev/null and b/assets/bitnami/kafka-23.0.1.tgz differ diff --git a/assets/bitnami/spark-7.1.0.tgz b/assets/bitnami/spark-7.1.0.tgz new file mode 100644 index 000000000..38327291d Binary files /dev/null and b/assets/bitnami/spark-7.1.0.tgz differ diff --git a/assets/bitnami/wordpress-16.1.20.tgz b/assets/bitnami/wordpress-16.1.20.tgz new file mode 100644 index 000000000..283a7f84f Binary files /dev/null and b/assets/bitnami/wordpress-16.1.20.tgz differ diff --git a/assets/crowdstrike/falcon-sensor-1.20.2.tgz b/assets/crowdstrike/falcon-sensor-1.20.2.tgz new file mode 100644 index 000000000..83788de95 Binary files /dev/null and b/assets/crowdstrike/falcon-sensor-1.20.2.tgz differ diff --git a/assets/datadog/datadog-3.32.7.tgz b/assets/datadog/datadog-3.32.7.tgz new file mode 100644 index 000000000..b9d818ba2 Binary files /dev/null and b/assets/datadog/datadog-3.32.7.tgz differ diff --git a/assets/datadog/datadog-operator-1.0.5.tgz b/assets/datadog/datadog-operator-1.0.5.tgz new file mode 100644 index 000000000..736ac602d Binary files /dev/null and b/assets/datadog/datadog-operator-1.0.5.tgz differ diff --git a/assets/f5/nginx-ingress-0.17.1.tgz b/assets/f5/nginx-ingress-0.17.1.tgz index 0f40adf7c..f08714d60 100644 Binary files a/assets/f5/nginx-ingress-0.17.1.tgz and b/assets/f5/nginx-ingress-0.17.1.tgz differ diff --git a/assets/f5/nginx-ingress-0.18.0.tgz b/assets/f5/nginx-ingress-0.18.0.tgz new file mode 100644 index 000000000..4f25f40ca Binary files /dev/null and b/assets/f5/nginx-ingress-0.18.0.tgz differ diff --git a/assets/gopaddle/gopaddle-4.2.8.tgz b/assets/gopaddle/gopaddle-4.2.8.tgz new file mode 100644 index 000000000..b450a740e Binary files /dev/null and b/assets/gopaddle/gopaddle-4.2.8.tgz differ diff --git a/assets/jenkins/jenkins-4.3.29.tgz b/assets/jenkins/jenkins-4.3.29.tgz new file mode 100644 index 000000000..aa05c120a Binary files /dev/null and b/assets/jenkins/jenkins-4.3.29.tgz differ diff --git a/assets/minio/minio-operator-5.0.6.tgz b/assets/minio/minio-operator-5.0.6.tgz new file mode 100644 index 000000000..08c98482a Binary files /dev/null and b/assets/minio/minio-operator-5.0.6.tgz differ diff --git a/assets/redpanda/redpanda-4.0.48.tgz b/assets/redpanda/redpanda-4.0.48.tgz new file mode 100644 index 000000000..ac34e9079 Binary files /dev/null and b/assets/redpanda/redpanda-4.0.48.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.3.18.tgz b/assets/speedscale/speedscale-operator-1.3.18.tgz new file mode 100644 index 000000000..e2a64432c Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.18.tgz differ diff --git a/assets/sysdig/sysdig-1.16.0.tgz b/assets/sysdig/sysdig-1.16.0.tgz new file mode 100644 index 000000000..8176273b2 Binary files /dev/null and b/assets/sysdig/sysdig-1.16.0.tgz differ diff --git a/assets/yugabyte/yugabyte-2.18.1.tgz b/assets/yugabyte/yugabyte-2.18.1.tgz new file mode 100644 index 000000000..d1cf54859 Binary files /dev/null and b/assets/yugabyte/yugabyte-2.18.1.tgz differ diff --git a/assets/yugabyte/yugaware-2.18.1.tgz b/assets/yugabyte/yugaware-2.18.1.tgz new file mode 100644 index 000000000..fccc9d481 Binary files /dev/null and b/assets/yugabyte/yugaware-2.18.1.tgz differ diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index dd420b19d..5d258ab32 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 11.4.2 + version: 11.4.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.4.0 -digest: sha256:d0d3db738ca58fe404cf471499d6cc66827a3480835f4cab0de5053c9684950e -generated: "2023-06-07T04:12:40.544851481Z" +digest: sha256:33b2935785d886ed0e2f0349c57278481234c71d6db72ec57ba8721d40408aa9 +generated: "2023-06-26T20:59:56.145279557Z" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index e75b52a14..b57b18d68 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.4.1 +appVersion: 3.5.0 dependencies: - condition: zookeeper.enabled name: zookeeper @@ -34,4 +34,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 22.1.6 +version: 23.0.1 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index c2b200847..613c38718 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -20,6 +20,8 @@ This chart bootstraps a [Kafka](https://github.com/bitnami/containers/tree/main/ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use Apache Kafka in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -80,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.1-debian-11-r0` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.0-debian-11-r1` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -254,7 +256,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | | `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | | `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.10-debian-11-r6` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.11-debian-11-r4` | | `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | @@ -310,7 +312,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r123` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r130` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -335,7 +337,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r4` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r11` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -383,7 +385,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r27` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r34` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml index 934ce7047..595255232 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml @@ -21,4 +21,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 11.4.2 +version: 11.4.3 diff --git a/charts/bitnami/kafka/charts/zookeeper/README.md b/charts/bitnami/kafka/charts/zookeeper/README.md index fc1e1e78e..79a780990 100644 --- a/charts/bitnami/kafka/charts/zookeeper/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/README.md @@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r36` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r46` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -246,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r127` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -507,7 +507,7 @@ kubectl delete statefulset zookeeper-zookeeper --cascade=false ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/kafka/charts/zookeeper/values.yaml b/charts/bitnami/kafka/charts/zookeeper/values.yaml index 51ae4470d..d1e00b370 100644 --- a/charts/bitnami/kafka/charts/zookeeper/values.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.1-debian-11-r36 + tag: 3.8.1-debian-11-r46 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r118 + tag: 11-debian-11-r127 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/templates/_helpers.tpl b/charts/bitnami/kafka/templates/_helpers.tpl index adefac6ef..b5823fe29 100644 --- a/charts/bitnami/kafka/templates/_helpers.tpl +++ b/charts/bitnami/kafka/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/kafka/templates/configmap.yaml b/charts/bitnami/kafka/templates/configmap.yaml index 509fd1c4f..0c37ad571 100644 --- a/charts/bitnami/kafka/templates/configmap.yaml +++ b/charts/bitnami/kafka/templates/configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "kafka.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/kafka/templates/extra-list.yaml b/charts/bitnami/kafka/templates/extra-list.yaml index 9ac65f9e1..2d35a580e 100644 --- a/charts/bitnami/kafka/templates/extra-list.yaml +++ b/charts/bitnami/kafka/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/charts/bitnami/kafka/templates/jaas-secret.yaml b/charts/bitnami/kafka/templates/jaas-secret.yaml index bde823f5b..28fd16bb3 100644 --- a/charts/bitnami/kafka/templates/jaas-secret.yaml +++ b/charts/bitnami/kafka/templates/jaas-secret.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- $port := print .Values.service.ports.client }} {{- $host := list }} diff --git a/charts/bitnami/kafka/templates/jmx-configmap.yaml b/charts/bitnami/kafka/templates/jmx-configmap.yaml index d02147efc..4906b382c 100644 --- a/charts/bitnami/kafka/templates/jmx-configmap.yaml +++ b/charts/bitnami/kafka/templates/jmx-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "kafka.metrics.jmx.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/kafka/templates/jmx-metrics-svc.yaml b/charts/bitnami/kafka/templates/jmx-metrics-svc.yaml index 35c79f41f..d9df9921c 100644 --- a/charts/bitnami/kafka/templates/jmx-metrics-svc.yaml +++ b/charts/bitnami/kafka/templates/jmx-metrics-svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.metrics.jmx.enabled }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/kafka/templates/kafka-metrics-deployment.yaml b/charts/bitnami/kafka/templates/kafka-metrics-deployment.yaml index bf731f20b..d5b6c9c99 100644 --- a/charts/bitnami/kafka/templates/kafka-metrics-deployment.yaml +++ b/charts/bitnami/kafka/templates/kafka-metrics-deployment.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.metrics.kafka.enabled }} {{- $replicaCount := int .Values.replicaCount -}} {{- $releaseNamespace := .Release.Namespace -}} diff --git a/charts/bitnami/kafka/templates/kafka-metrics-serviceaccount.yaml b/charts/bitnami/kafka/templates/kafka-metrics-serviceaccount.yaml index f8e3eb305..c798e5cf9 100644 --- a/charts/bitnami/kafka/templates/kafka-metrics-serviceaccount.yaml +++ b/charts/bitnami/kafka/templates/kafka-metrics-serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.kafka.enabled .Values.metrics.kafka.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/kafka/templates/kafka-metrics-svc.yaml b/charts/bitnami/kafka/templates/kafka-metrics-svc.yaml index 9daae4a1a..0c90acdd6 100644 --- a/charts/bitnami/kafka/templates/kafka-metrics-svc.yaml +++ b/charts/bitnami/kafka/templates/kafka-metrics-svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.metrics.kafka.enabled }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/kafka/templates/kafka-provisioning-secret.yaml b/charts/bitnami/kafka/templates/kafka-provisioning-secret.yaml index 0c0fb1bc1..9aaaa2499 100644 --- a/charts/bitnami/kafka/templates/kafka-provisioning-secret.yaml +++ b/charts/bitnami/kafka/templates/kafka-provisioning-secret.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.provisioning.enabled (include "kafka.client.tlsEncryption" .) (not .Values.provisioning.auth.tls.passwordsSecret) }} apiVersion: v1 kind: Secret diff --git a/charts/bitnami/kafka/templates/kafka-provisioning-serviceaccount.yaml b/charts/bitnami/kafka/templates/kafka-provisioning-serviceaccount.yaml index 47614674c..f384dbcfa 100644 --- a/charts/bitnami/kafka/templates/kafka-provisioning-serviceaccount.yaml +++ b/charts/bitnami/kafka/templates/kafka-provisioning-serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.provisioning.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/kafka/templates/kafka-provisioning.yaml b/charts/bitnami/kafka/templates/kafka-provisioning.yaml index 1fe9d7e9f..646de5d5b 100644 --- a/charts/bitnami/kafka/templates/kafka-provisioning.yaml +++ b/charts/bitnami/kafka/templates/kafka-provisioning.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.provisioning.enabled }} {{- $replicaCount := int .Values.replicaCount }} kind: Job diff --git a/charts/bitnami/kafka/templates/log4j-configmap.yaml b/charts/bitnami/kafka/templates/log4j-configmap.yaml index 8f7bc6c14..66c0aa981 100644 --- a/charts/bitnami/kafka/templates/log4j-configmap.yaml +++ b/charts/bitnami/kafka/templates/log4j-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "kafka.log4j.createConfigMap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/kafka/templates/networkpolicy-egress.yaml b/charts/bitnami/kafka/templates/networkpolicy-egress.yaml index 068024a0e..f7c723cc6 100644 --- a/charts/bitnami/kafka/templates/networkpolicy-egress.yaml +++ b/charts/bitnami/kafka/templates/networkpolicy-egress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled .Values.networkPolicy.egressRules.customRules }} kind: NetworkPolicy apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} diff --git a/charts/bitnami/kafka/templates/networkpolicy-ingress.yaml b/charts/bitnami/kafka/templates/networkpolicy-ingress.yaml index fa3824095..a7ee7017e 100644 --- a/charts/bitnami/kafka/templates/networkpolicy-ingress.yaml +++ b/charts/bitnami/kafka/templates/networkpolicy-ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} diff --git a/charts/bitnami/kafka/templates/poddisruptionbudget.yaml b/charts/bitnami/kafka/templates/poddisruptionbudget.yaml index e0a60151d..f991a0c3a 100644 --- a/charts/bitnami/kafka/templates/poddisruptionbudget.yaml +++ b/charts/bitnami/kafka/templates/poddisruptionbudget.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- $replicaCount := int .Values.replicaCount }} {{- if and .Values.pdb.create (gt $replicaCount 1) }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} diff --git a/charts/bitnami/kafka/templates/prometheusrule.yaml b/charts/bitnami/kafka/templates/prometheusrule.yaml index bce728a37..8bbe041a7 100644 --- a/charts/bitnami/kafka/templates/prometheusrule.yaml +++ b/charts/bitnami/kafka/templates/prometheusrule.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and (or .Values.metrics.kafka.enabled .Values.metrics.jmx.enabled) .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.groups }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule diff --git a/charts/bitnami/kafka/templates/role.yaml b/charts/bitnami/kafka/templates/role.yaml index 63215b3b8..4c8a679fb 100644 --- a/charts/bitnami/kafka/templates/role.yaml +++ b/charts/bitnami/kafka/templates/role.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.rbac.create -}} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: Role diff --git a/charts/bitnami/kafka/templates/rolebinding.yaml b/charts/bitnami/kafka/templates/rolebinding.yaml index fb5e3a157..ff7c8e8f9 100644 --- a/charts/bitnami/kafka/templates/rolebinding.yaml +++ b/charts/bitnami/kafka/templates/rolebinding.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: RoleBinding diff --git a/charts/bitnami/kafka/templates/scripts-configmap.yaml b/charts/bitnami/kafka/templates/scripts-configmap.yaml index 3f2604657..6b7f6ef8d 100644 --- a/charts/bitnami/kafka/templates/scripts-configmap.yaml +++ b/charts/bitnami/kafka/templates/scripts-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/bitnami/kafka/templates/serviceaccount.yaml b/charts/bitnami/kafka/templates/serviceaccount.yaml index 73091f5d7..0c9b935a9 100644 --- a/charts/bitnami/kafka/templates/serviceaccount.yaml +++ b/charts/bitnami/kafka/templates/serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/kafka/templates/servicemonitor-jmx-metrics.yaml b/charts/bitnami/kafka/templates/servicemonitor-jmx-metrics.yaml index 1919feebb..b28b3c366 100644 --- a/charts/bitnami/kafka/templates/servicemonitor-jmx-metrics.yaml +++ b/charts/bitnami/kafka/templates/servicemonitor-jmx-metrics.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.jmx.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/bitnami/kafka/templates/servicemonitor-metrics.yaml b/charts/bitnami/kafka/templates/servicemonitor-metrics.yaml index 343194667..a84963fef 100644 --- a/charts/bitnami/kafka/templates/servicemonitor-metrics.yaml +++ b/charts/bitnami/kafka/templates/servicemonitor-metrics.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.kafka.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/bitnami/kafka/templates/statefulset.yaml b/charts/bitnami/kafka/templates/statefulset.yaml index 84544c71c..de7fa5ab7 100644 --- a/charts/bitnami/kafka/templates/statefulset.yaml +++ b/charts/bitnami/kafka/templates/statefulset.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- $replicaCount := int .Values.replicaCount }} {{- $fullname := include "common.names.fullname" . }} {{- $releaseNamespace := .Release.Namespace }} diff --git a/charts/bitnami/kafka/templates/svc-external-access.yaml b/charts/bitnami/kafka/templates/svc-external-access.yaml index 0898756dc..b673714ad 100644 --- a/charts/bitnami/kafka/templates/svc-external-access.yaml +++ b/charts/bitnami/kafka/templates/svc-external-access.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.externalAccess.enabled }} {{- $fullName := include "common.names.fullname" . }} {{- $replicaCount := .Values.replicaCount | int }} diff --git a/charts/bitnami/kafka/templates/svc-headless.yaml b/charts/bitnami/kafka/templates/svc-headless.yaml index e2f0eeb5f..92a51171a 100644 --- a/charts/bitnami/kafka/templates/svc-headless.yaml +++ b/charts/bitnami/kafka/templates/svc-headless.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/kafka/templates/svc.yaml b/charts/bitnami/kafka/templates/svc.yaml index 8e0472a1d..b1c9cbef3 100644 --- a/charts/bitnami/kafka/templates/svc.yaml +++ b/charts/bitnami/kafka/templates/svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/kafka/templates/tls-secrets.yaml b/charts/bitnami/kafka/templates/tls-secrets.yaml index d6b1adc28..167a319e7 100644 --- a/charts/bitnami/kafka/templates/tls-secrets.yaml +++ b/charts/bitnami/kafka/templates/tls-secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "kafka.createTlsSecret" .) }} {{- $replicaCount := int .Values.replicaCount }} {{- $releaseNamespace := .Release.Namespace }} diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index 4920770e6..0fb235f89 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -77,7 +80,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.4.1-debian-11-r0 + tag: 3.5.0-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -781,7 +784,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.25.10-debian-11-r6 + tag: 1.25.11-debian-11-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1030,7 +1033,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r123 + tag: 11-debian-11-r130 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1112,7 +1115,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.7.0-debian-11-r4 + tag: 1.7.0-debian-11-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1348,7 +1351,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.18.0-debian-11-r27 + tag: 0.18.0-debian-11-r34 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index fcd68cdf0..7673d406a 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -27,4 +27,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 7.0.2 +version: 7.1.0 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index 602ebf771..7a976943c 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -137,6 +137,7 @@ The command removes all the Kubernetes components associated with the chart and | `master.lifecycleHooks` | for the master container(s) to automate configuration before or after startup | `{}` | | `master.extraVolumes` | Optionally specify extra list of additional volumes for the master pod(s) | `[]` | | `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` | +| `master.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the master statefulset | `[]` | | `master.resources.limits` | The resources limits for the container | `{}` | | `master.resources.requests` | The requested resources for the container | `{}` | | `master.livenessProbe.enabled` | Enable livenessProbe | `true` | @@ -213,6 +214,7 @@ The command removes all the Kubernetes components associated with the chart and | `worker.lifecycleHooks` | for the worker container(s) to automate configuration before or after startup | `{}` | | `worker.extraVolumes` | Optionally specify extra list of additional volumes for the worker pod(s) | `[]` | | `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` | +| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the worker statefulset | `[]` | | `worker.resources.limits` | The resources limits for the container | `{}` | | `worker.resources.requests` | The requested resources for the container | `{}` | | `worker.livenessProbe.enabled` | Enable livenessProbe | `true` | diff --git a/charts/bitnami/spark/templates/_helpers.tpl b/charts/bitnami/spark/templates/_helpers.tpl index b2d21e681..f9589af44 100644 --- a/charts/bitnami/spark/templates/_helpers.tpl +++ b/charts/bitnami/spark/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- /* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/spark/templates/extra-list.yaml b/charts/bitnami/spark/templates/extra-list.yaml index 9ac65f9e1..2d35a580e 100644 --- a/charts/bitnami/spark/templates/extra-list.yaml +++ b/charts/bitnami/spark/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/charts/bitnami/spark/templates/headless-svc.yaml b/charts/bitnami/spark/templates/headless-svc.yaml index a3164bc40..d7e1882f7 100644 --- a/charts/bitnami/spark/templates/headless-svc.yaml +++ b/charts/bitnami/spark/templates/headless-svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/spark/templates/hpa-worker.yaml b/charts/bitnami/spark/templates/hpa-worker.yaml index afc41d439..7d4242aa5 100644 --- a/charts/bitnami/spark/templates/hpa-worker.yaml +++ b/charts/bitnami/spark/templates/hpa-worker.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.worker.autoscaling.enabled }} apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler diff --git a/charts/bitnami/spark/templates/ingress.yaml b/charts/bitnami/spark/templates/ingress.yaml index 93605a6e5..5c54cf106 100644 --- a/charts/bitnami/spark/templates/ingress.yaml +++ b/charts/bitnami/spark/templates/ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} kind: Ingress diff --git a/charts/bitnami/spark/templates/init-configmap.yaml b/charts/bitnami/spark/templates/init-configmap.yaml index eba9e5492..6c3466e02 100644 --- a/charts/bitnami/spark/templates/init-configmap.yaml +++ b/charts/bitnami/spark/templates/init-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.initScripts }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/spark/templates/podmonitor.yaml b/charts/bitnami/spark/templates/podmonitor.yaml index 5afcdc5a2..1f3e5bc94 100644 --- a/charts/bitnami/spark/templates/podmonitor.yaml +++ b/charts/bitnami/spark/templates/podmonitor.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor diff --git a/charts/bitnami/spark/templates/prometheusrule.yaml b/charts/bitnami/spark/templates/prometheusrule.yaml index 6c065ca51..7467fdab1 100644 --- a/charts/bitnami/spark/templates/prometheusrule.yaml +++ b/charts/bitnami/spark/templates/prometheusrule.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule diff --git a/charts/bitnami/spark/templates/secret.yaml b/charts/bitnami/spark/templates/secret.yaml index 218100051..197f2f55f 100644 --- a/charts/bitnami/spark/templates/secret.yaml +++ b/charts/bitnami/spark/templates/secret.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if not .Values.security.passwordsSecretName }} apiVersion: v1 kind: Secret diff --git a/charts/bitnami/spark/templates/serviceaccount.yaml b/charts/bitnami/spark/templates/serviceaccount.yaml index 035d2e3dc..e868d437d 100644 --- a/charts/bitnami/spark/templates/serviceaccount.yaml +++ b/charts/bitnami/spark/templates/serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/spark/templates/statefulset-master.yaml b/charts/bitnami/spark/templates/statefulset-master.yaml index 2c82430f8..8ae40e987 100644 --- a/charts/bitnami/spark/templates/statefulset-master.yaml +++ b/charts/bitnami/spark/templates/statefulset-master.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: StatefulSet metadata: @@ -344,3 +349,6 @@ spec: secretName: {{ template ".Values.initScriptsSecret" . }} defaultMode: 0755 {{- end }} + {{- if .Values.master.extraVolumeClaimTemplates }} + volumeClaimTemplates: {{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumeClaimTemplates "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/bitnami/spark/templates/statefulset-worker.yaml b/charts/bitnami/spark/templates/statefulset-worker.yaml index dfd7d32b5..a0331f881 100644 --- a/charts/bitnami/spark/templates/statefulset-worker.yaml +++ b/charts/bitnami/spark/templates/statefulset-worker.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: StatefulSet metadata: @@ -368,3 +373,6 @@ spec: secretName: {{ template ".Values.initScriptsSecret" . }} defaultMode: 0755 {{- end }} + {{- if .Values.worker.extraVolumeClaimTemplates }} + volumeClaimTemplates: {{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumeClaimTemplates "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/bitnami/spark/templates/svc-master.yaml b/charts/bitnami/spark/templates/svc-master.yaml index 5e5754a75..62c97c733 100644 --- a/charts/bitnami/spark/templates/svc-master.yaml +++ b/charts/bitnami/spark/templates/svc-master.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/spark/templates/tls-secrets.yaml b/charts/bitnami/spark/templates/tls-secrets.yaml index 08b75a650..bcabd79fb 100644 --- a/charts/bitnami/spark/templates/tls-secrets.yaml +++ b/charts/bitnami/spark/templates/tls-secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} {{- if .Values.ingress.secrets }} {{- range .Values.ingress.secrets }} diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index 405348c86..c1ad31e55 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -277,6 +280,9 @@ master: ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the master container(s) ## extraVolumeMounts: [] + ## @param master.extraVolumeClaimTemplates Optionally specify extra list of volumesClaimTemplates for the master statefulset + ## + extraVolumeClaimTemplates: [] ## Container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -558,6 +564,9 @@ worker: ## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the master container(s) ## extraVolumeMounts: [] + ## @param worker.extraVolumeClaimTemplates Optionally specify extra list of volumesClaimTemplates for the worker statefulset + ## + extraVolumeClaimTemplates: [] ## Container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 1c4c9191b..9b15f925e 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 16.1.19 +version: 16.1.20 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 062ff9635..11716b692 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r19` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r20` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r128` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r130` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r8` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r9` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/templates/_helpers.tpl b/charts/bitnami/wordpress/templates/_helpers.tpl index 6ab5bb318..7483623ea 100644 --- a/charts/bitnami/wordpress/templates/_helpers.tpl +++ b/charts/bitnami/wordpress/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/wordpress/templates/config-secret.yaml b/charts/bitnami/wordpress/templates/config-secret.yaml index 2d2c46962..090406036 100644 --- a/charts/bitnami/wordpress/templates/config-secret.yaml +++ b/charts/bitnami/wordpress/templates/config-secret.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "wordpress.createConfigSecret" .) }} apiVersion: v1 kind: Secret diff --git a/charts/bitnami/wordpress/templates/deployment.yaml b/charts/bitnami/wordpress/templates/deployment.yaml index 39eb4ff3d..0a3d1ac8c 100644 --- a/charts/bitnami/wordpress/templates/deployment.yaml +++ b/charts/bitnami/wordpress/templates/deployment.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: diff --git a/charts/bitnami/wordpress/templates/externaldb-secrets.yaml b/charts/bitnami/wordpress/templates/externaldb-secrets.yaml index a34894f6d..9f46e0ed8 100644 --- a/charts/bitnami/wordpress/templates/externaldb-secrets.yaml +++ b/charts/bitnami/wordpress/templates/externaldb-secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} apiVersion: v1 kind: Secret diff --git a/charts/bitnami/wordpress/templates/extra-list.yaml b/charts/bitnami/wordpress/templates/extra-list.yaml index 9ac65f9e1..2d35a580e 100644 --- a/charts/bitnami/wordpress/templates/extra-list.yaml +++ b/charts/bitnami/wordpress/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/charts/bitnami/wordpress/templates/hpa.yaml b/charts/bitnami/wordpress/templates/hpa.yaml index 4f6a9ab26..5afd8e8dd 100644 --- a/charts/bitnami/wordpress/templates/hpa.yaml +++ b/charts/bitnami/wordpress/templates/hpa.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.autoscaling.enabled }} apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler diff --git a/charts/bitnami/wordpress/templates/httpd-configmap.yaml b/charts/bitnami/wordpress/templates/httpd-configmap.yaml index 2a1ffe47c..2126bc884 100644 --- a/charts/bitnami/wordpress/templates/httpd-configmap.yaml +++ b/charts/bitnami/wordpress/templates/httpd-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "wordpress.apache.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/wordpress/templates/ingress.yaml b/charts/bitnami/wordpress/templates/ingress.yaml index 5b6157f34..bfa2d8d01 100644 --- a/charts/bitnami/wordpress/templates/ingress.yaml +++ b/charts/bitnami/wordpress/templates/ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress diff --git a/charts/bitnami/wordpress/templates/metrics-svc.yaml b/charts/bitnami/wordpress/templates/metrics-svc.yaml index 303fcd836..6c622607e 100644 --- a/charts/bitnami/wordpress/templates/metrics-svc.yaml +++ b/charts/bitnami/wordpress/templates/metrics-svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.metrics.enabled }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/wordpress/templates/networkpolicy-backend-ingress.yaml b/charts/bitnami/wordpress/templates/networkpolicy-backend-ingress.yaml index e69a024e7..56df816f9 100644 --- a/charts/bitnami/wordpress/templates/networkpolicy-backend-ingress.yaml +++ b/charts/bitnami/wordpress/templates/networkpolicy-backend-ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy diff --git a/charts/bitnami/wordpress/templates/networkpolicy-egress.yaml b/charts/bitnami/wordpress/templates/networkpolicy-egress.yaml index d908e9b88..96750ce87 100644 --- a/charts/bitnami/wordpress/templates/networkpolicy-egress.yaml +++ b/charts/bitnami/wordpress/templates/networkpolicy-egress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy diff --git a/charts/bitnami/wordpress/templates/networkpolicy-ingress.yaml b/charts/bitnami/wordpress/templates/networkpolicy-ingress.yaml index 27cbbbb21..fd96c64a0 100644 --- a/charts/bitnami/wordpress/templates/networkpolicy-ingress.yaml +++ b/charts/bitnami/wordpress/templates/networkpolicy-ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy diff --git a/charts/bitnami/wordpress/templates/pdb.yaml b/charts/bitnami/wordpress/templates/pdb.yaml index 2760f3494..b6ddbc225 100644 --- a/charts/bitnami/wordpress/templates/pdb.yaml +++ b/charts/bitnami/wordpress/templates/pdb.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget diff --git a/charts/bitnami/wordpress/templates/postinit-configmap.yaml b/charts/bitnami/wordpress/templates/postinit-configmap.yaml index a07085ef0..ec51435ed 100644 --- a/charts/bitnami/wordpress/templates/postinit-configmap.yaml +++ b/charts/bitnami/wordpress/templates/postinit-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/wordpress/templates/pvc.yaml b/charts/bitnami/wordpress/templates/pvc.yaml index d82b65104..9b465d8c8 100644 --- a/charts/bitnami/wordpress/templates/pvc.yaml +++ b/charts/bitnami/wordpress/templates/pvc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} kind: PersistentVolumeClaim apiVersion: v1 diff --git a/charts/bitnami/wordpress/templates/secrets.yaml b/charts/bitnami/wordpress/templates/secrets.yaml index 7ed022ec7..0e12db0fc 100644 --- a/charts/bitnami/wordpress/templates/secrets.yaml +++ b/charts/bitnami/wordpress/templates/secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} apiVersion: v1 kind: Secret diff --git a/charts/bitnami/wordpress/templates/serviceaccount.yaml b/charts/bitnami/wordpress/templates/serviceaccount.yaml index 60d2fb285..119829202 100644 --- a/charts/bitnami/wordpress/templates/serviceaccount.yaml +++ b/charts/bitnami/wordpress/templates/serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/wordpress/templates/servicemonitor.yaml b/charts/bitnami/wordpress/templates/servicemonitor.yaml index 933f737eb..8fc1bb280 100644 --- a/charts/bitnami/wordpress/templates/servicemonitor.yaml +++ b/charts/bitnami/wordpress/templates/servicemonitor.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/bitnami/wordpress/templates/svc.yaml b/charts/bitnami/wordpress/templates/svc.yaml index dc84dc17b..c95f1408b 100644 --- a/charts/bitnami/wordpress/templates/svc.yaml +++ b/charts/bitnami/wordpress/templates/svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/wordpress/templates/tls-secrets.yaml b/charts/bitnami/wordpress/templates/tls-secrets.yaml index 0805d18eb..57e4fc776 100644 --- a/charts/bitnami/wordpress/templates/tls-secrets.yaml +++ b/charts/bitnami/wordpress/templates/tls-secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.ingress.enabled }} {{- if .Values.ingress.secrets }} {{- range .Values.ingress.secrets }} diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index fb021b1eb..79574674e 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -73,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.2.2-debian-11-r19 + tag: 6.2.2-debian-11-r20 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -763,7 +766,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r128 + tag: 11-debian-11-r130 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -857,7 +860,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.13.4-debian-11-r8 + tag: 0.13.4-debian-11-r9 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/crowdstrike/falcon-sensor/Chart.yaml b/charts/crowdstrike/falcon-sensor/Chart.yaml index 94e9976d8..62dcedf21 100644 --- a/charts/crowdstrike/falcon-sensor/Chart.yaml +++ b/charts/crowdstrike/falcon-sensor/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>1.22.0-0' catalog.cattle.io/release-name: falcon-sensor apiVersion: v2 -appVersion: 1.20.1 +appVersion: 1.20.2 description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. home: https://crowdstrike.com icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg @@ -24,4 +24,4 @@ name: falcon-sensor sources: - https://github.com/CrowdStrike/falcon-helm type: application -version: 1.20.1 +version: 1.20.2 diff --git a/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml b/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml index 26f209ee1..fa63e084d 100644 --- a/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml +++ b/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml @@ -63,7 +63,7 @@ spec: - name: {{ .Values.node.image.pullSecrets }} {{- end }} {{- if .Values.node.image.registryConfigJSON }} - - name: {{ include "falcon-sensor.fullname" . }}-pull-secret + - name: {{ include "falcon-sensor.fullname" . }}-pull-secret-cleanup {{- end }} {{- end }} {{- end }} diff --git a/charts/crowdstrike/falcon-sensor/templates/node_secret_cleanup.yaml b/charts/crowdstrike/falcon-sensor/templates/node_secret_cleanup.yaml new file mode 100644 index 000000000..6dd36721d --- /dev/null +++ b/charts/crowdstrike/falcon-sensor/templates/node_secret_cleanup.yaml @@ -0,0 +1,15 @@ +{{- if .Values.node.enabled }} +{{- if .Values.node.image.registryConfigJSON }} +{{- $registry := .Values.node.image.registryConfigJSON }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "falcon-sensor.fullname" . }}-pull-secret-cleanup + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-delete +data: + .dockerconfigjson: {{ $registry }} +type: kubernetes.io/dockerconfigjson +{{- end }} +{{- end }} diff --git a/charts/datadog/datadog-operator/CHANGELOG.md b/charts/datadog/datadog-operator/CHANGELOG.md index f2f147a0b..6d41f9059 100644 --- a/charts/datadog/datadog-operator/CHANGELOG.md +++ b/charts/datadog/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.0.5 + +* Add AP1 Site Comment in `values.yaml`. + ## 1.0.4 * Update Datadog Operator version to 1.0.3. diff --git a/charts/datadog/datadog-operator/Chart.yaml b/charts/datadog/datadog-operator/Chart.yaml index d3defc9b3..e653ff37b 100644 --- a/charts/datadog/datadog-operator/Chart.yaml +++ b/charts/datadog/datadog-operator/Chart.yaml @@ -26,4 +26,4 @@ name: datadog-operator sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 1.0.4 +version: 1.0.5 diff --git a/charts/datadog/datadog-operator/README.md b/charts/datadog/datadog-operator/README.md index 3dbfbce2f..b072cfd86 100644 --- a/charts/datadog/datadog-operator/README.md +++ b/charts/datadog/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) +![Version: 1.0.5](https://img.shields.io/badge/Version-1.0.5-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) ## Values diff --git a/charts/datadog/datadog-operator/values.yaml b/charts/datadog/datadog-operator/values.yaml index f802c1f1d..85ebefaee 100644 --- a/charts/datadog/datadog-operator/values.yaml +++ b/charts/datadog/datadog-operator/values.yaml @@ -23,6 +23,7 @@ appKey: # ## Set to 'us3.datadoghq.com' to send data to the US3 site. ## Set to 'us5.datadoghq.com' to send data to the US5 site. ## Set to 'ddog-gov.com' to send data to the US1-FED site. +## Set to 'ap1.datadoghq.com' to send data to the AP1 site. site: # datadoghq.com # dd_url -- The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index bfe119215..c057deb0d 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,17 @@ # Datadog changelog +## 3.32.7 + +* Update the cluster agent network policy to allow telemetry submission. + +## 3.32.6 + +* Fix cluster agent pod failing to start when securityContext is set. + +## 3.32.5 + +* Fix comment for datadog.kubernetesEvents.collectedEventTypes in values.yaml. + ## 3.32.4 * Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index af509c6d6..ebed06f3b 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.32.4 +version: 3.32.7 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index b85826841..ad7c0b7e3 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.32.4](https://img.shields.io/badge/Version-3.32.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.32.7](https://img.shields.io/badge/Version-3.32.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -653,7 +653,7 @@ helm install \ | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | -| datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Collects Helm values from a release and uses them as tags (Requires Cluster Agent 7.42.0+). This requires datadog.kubernetesEvents.unbundleEvents to be set to true | +| datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | diff --git a/charts/datadog/datadog/templates/agent-cilium-network-policy.yaml b/charts/datadog/datadog/templates/agent-cilium-network-policy.yaml index faf46ca16..c7d4e1a4d 100644 --- a/charts/datadog/datadog/templates/agent-cilium-network-policy.yaml +++ b/charts/datadog/datadog/templates/agent-cilium-network-policy.yaml @@ -91,6 +91,7 @@ specs: - matchName: "agent-http-intake.logs.{{ $.Values.datadog.site }}" - matchName: "process.{{ $.Values.datadog.site }}" - matchName: "orchestrator.{{ $.Values.datadog.site }}" + - matchName: "instrumentation-telemetry-intake.{{ $.Values.datadog.site }}" {{- else}} - matchPattern: "*-app.agent.datadoghq.com" - matchName: "app.datadoghq.com" @@ -99,6 +100,7 @@ specs: - matchName: "agent-http-intake.logs.datadoghq.com" - matchName: "process.datadoghq.com" - matchName: "orchestrator.datadoghq.com" + - matchName: "instrumentation-telemetry-intake.datadoghq.com" {{- end}} toPorts: - ports: diff --git a/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml b/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml index 772db4322..af98d78de 100644 --- a/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-cilium-network-policy.yaml @@ -53,10 +53,12 @@ specs: - matchName: "app.{{ $.Values.datadog.site }}" - matchPattern: "*-app.agent.{{ $.Values.datadog.site }}" - matchName: "orchestrator.{{ $.Values.datadog.site }}" + - matchName: "instrumentation-telemetry-intake.{{ $.Values.datadog.site }}" {{- else}} - matchName: "app.datadoghq.com" - matchPattern: "*-app.agent.datadoghq.com" - matchName: "orchestrator.datadoghq.com" + - matchName: "instrumentation-telemetry-intake.datadoghq.com" {{- end}} toPorts: - ports: diff --git a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml index c7dfb3531..2b21f5e5b 100644 --- a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml @@ -106,11 +106,12 @@ spec: {{- end }} imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }} command: - - cp + - bash + - -c args: - - -r - - /etc/datadog-agent - - /opt + - | + chmod -R 744 /etc/datadog-agent; + cp -r /etc/datadog-agent /opt volumeMounts: - name: config mountPath: /opt/datadog-agent diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index 809289cde..ab7c1cc80 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -352,8 +352,7 @@ datadog: kubernetesEvents: # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). unbundleEvents: false - # datadog.kubernetesEvents.collectedEventTypes -- Collects Helm values from a release and uses them as tags (Requires Cluster Agent 7.42.0+). - # This requires datadog.kubernetesEvents.unbundleEvents to be set to true + # datadog.kubernetesEvents.collectedEventTypes -- Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. collectedEventTypes: # - kind: # (optional if `source`` is provided) # source: # (optional if `kind`` is provided) diff --git a/charts/f5/nginx-ingress/Chart.yaml b/charts/f5/nginx-ingress/Chart.yaml index 80698038b..98174b187 100644 --- a/charts/f5/nginx-ingress/Chart.yaml +++ b/charts/f5/nginx-ingress/Chart.yaml @@ -5,10 +5,10 @@ annotations: catalog.cattle.io/kube-version: '>= 1.22.0-0' catalog.cattle.io/release-name: nginx-ingress apiVersion: v2 -appVersion: 3.1.1 +appVersion: 3.2.0 description: NGINX Ingress Controller home: https://github.com/nginxinc/kubernetes-ingress -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.1.1/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.2.0/deployments/helm-chart/chart-icon.png keywords: - ingress - nginx @@ -18,6 +18,6 @@ maintainers: name: nginxinc name: nginx-ingress sources: -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.1.1/deployments/helm-chart +- https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.0/deployments/helm-chart type: application -version: 0.17.1 +version: 0.18.0 diff --git a/charts/f5/nginx-ingress/README.md b/charts/f5/nginx-ingress/README.md index 15a4ade5d..998c8cb8e 100644 --- a/charts/f5/nginx-ingress/README.md +++ b/charts/f5/nginx-ingress/README.md @@ -6,14 +6,14 @@ This chart deploys the NGINX Ingress Controller in your Kubernetes cluster. ## Prerequisites - - A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) - - Helm 3.0+. - - If you’d like to use NGINX Plus: - - To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to specify the secret using `controller.serviceAccount.imagePullSecretName` parameter. - - Alternatively, pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image). - - Alternatively, you can build an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image). - - Update the `controller.image.repository` field of the `values-plus.yaml` accordingly. - - If you’d like to use App Protect DoS, please install App Protect DoS Arbitrator [helm chart](https://github.com/nginxinc/nap-dos-arbitrator-helm-chart). Make sure to install in the same namespace as the NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single namespace. +- A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) +- Helm 3.0+. +- If you’d like to use NGINX Plus: + - To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to specify the secret using `controller.serviceAccount.imagePullSecretName` parameter. + - Alternatively, pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image). + - Alternatively, you can build an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image). + - Update the `controller.image.repository` field of the `values-plus.yaml` accordingly. +- If you’d like to use App Protect DoS, please install App Protect DoS Arbitrator [helm chart](https://github.com/nginxinc/nap-dos-arbitrator-helm-chart). Make sure to install in the same namespace as the NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single namespace. ## CRDs @@ -26,8 +26,9 @@ If you do not use the custom resources that require those CRDs (which correspond To upgrade the CRDs, pull the chart sources as described in [Pulling the Chart](#pulling-the-chart) and then run: ```console -$ kubectl apply -f crds/ +kubectl apply -f crds/ ``` + > **Note** > > The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`. @@ -39,26 +40,29 @@ $ kubectl apply -f crds/ To remove the CRDs, pull the chart sources as described in [Pulling the Chart](#pulling-the-chart) and then run: ```console -$ kubectl delete -f crds/ +kubectl delete -f crds/ ``` + > **Note** > > This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other Ingress Controller releases running in the cluster. - ## Managing the Chart via OCI Registry + ### Installing the Chart To install the chart with the release name my-release (my-release is the name that you choose): For NGINX: + ```console -$ helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.17.1 +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.0 ``` For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) + ```console -$ helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.17.1 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.0 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to use Docker Hub, you can replace `ghcr.io/nginxinc/charts/nginx-ingress` with `registry-1.docker.io/nginxcharts/nginx-ingress`. @@ -70,7 +74,7 @@ Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a re To upgrade the release `my-release`: ```console -$ helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.17.1 +helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.18.0 ``` ### Uninstalling the Chart @@ -78,8 +82,9 @@ $ helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version To uninstall/delete the release `my-release`: ```console -$ helm uninstall my-release +helm uninstall my-release ``` + The command removes all the Kubernetes components associated with the release and deletes the release. Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the CRDs](#uninstalling-the-crds). @@ -90,14 +95,13 @@ To test the latest changes in NGINX Ingress Controller before a new release, you You can install the `edge` version by specifying the `--version` flag with the value `0.0.0-edge`: ```console -$ helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.0.0-edge +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.0.0-edge ``` > **Warning** > > The `edge` version is not intended for production use. It is intended for testing and development purposes only. - ## Managing the Chart via Sources ### Pulling the Chart @@ -105,13 +109,15 @@ $ helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version This step is required if you're installing the chart using its sources. Additionally, the step is also required for managing the custom resource definitions (CRDs), which the Ingress Controller requires by default, or for upgrading/deleting the CRDs. 1. Pull the chart sources: + ```console - $ helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 0.17.1 + helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 0.18.0 ``` 2. Change your working directory to nginx-ingress: + ```console - $ cd nginx-ingress + cd nginx-ingress ``` ### Installing the Chart @@ -119,13 +125,15 @@ This step is required if you're installing the chart using its sources. Addition To install the chart with the release name my-release (my-release is the name that you choose): For NGINX: + ```console -$ helm install my-release . +helm install my-release . ``` For NGINX Plus: + ```console -$ helm install my-release -f values-plus.yaml . +helm install my-release -f values-plus.yaml . ``` The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation. @@ -137,7 +145,7 @@ Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a re To upgrade the release `my-release`: ```console -$ helm upgrade my-release . +helm upgrade my-release . ``` ### Uninstalling the Chart @@ -145,7 +153,7 @@ $ helm upgrade my-release . To uninstall/delete the release `my-release`: ```console -$ helm uninstall my-release +helm uninstall my-release ``` The command removes all the Kubernetes components associated with the release and deletes the release. @@ -158,7 +166,6 @@ If you are running multiple Ingress Controller releases in your cluster with ena See [running multiple Ingress Controllers](https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/) for more details. - ## Configuration The following tables lists the configurable parameters of the NGINX Ingress Controller chart and their default values. @@ -174,9 +181,9 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.dnsPolicy` | DNS policy for the Ingress Controller pods. | ClusterFirst | |`controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false | |`controller.logLevel` | The log level of the Ingress Controller. | 1 | -|`controller.image.digest ` | The image digest of the Ingress Controller. | None | +|`controller.image.digest` | The image digest of the Ingress Controller. | None | |`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress | -|`controller.image.tag` | The tag of the Ingress Controller image. | 3.1.1 | +|`controller.image.tag` | The tag of the Ingress Controller image. | 3.2.0 | |`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent | |`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} | |`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" | @@ -293,5 +300,6 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`nginxServiceMesh.enableEgress` | Enable NGINX Service Mesh workloads to route egress traffic through the Ingress Controller. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/#enabling-egress) for more details. Requires `nginxServiceMesh.enable`. | false | ## Notes -* The values-icp.yaml file is used for deploying the Ingress Controller on IBM Cloud Private. See the [blog post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details. -* The values-nsm.yaml file is used for deploying the Ingress Controller with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. + +- The values-icp.yaml file is used for deploying the Ingress Controller on IBM Cloud Private. See the [blog post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details. +- The values-nsm.yaml file is used for deploying the Ingress Controller with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. diff --git a/charts/f5/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml b/charts/f5/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml index b6dffb3f4..029e8dca7 100644 --- a/charts/f5/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml +++ b/charts/f5/nginx-ingress/crds/appprotectdos.f5.com_dosprotectedresources.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: dosprotectedresources.appprotectdos.f5.com spec: group: appprotectdos.f5.com diff --git a/charts/f5/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml b/charts/f5/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml index e48f4a5e3..50aab56c9 100644 --- a/charts/f5/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml +++ b/charts/f5/nginx-ingress/crds/externaldns.nginx.org_dnsendpoints.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: dnsendpoints.externaldns.nginx.org spec: group: externaldns.nginx.org diff --git a/charts/f5/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml b/charts/f5/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml index 317716911..37b852cf9 100644 --- a/charts/f5/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml +++ b/charts/f5/nginx-ingress/crds/k8s.nginx.org_globalconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: globalconfigurations.k8s.nginx.org spec: group: k8s.nginx.org diff --git a/charts/f5/nginx-ingress/crds/k8s.nginx.org_policies.yaml b/charts/f5/nginx-ingress/crds/k8s.nginx.org_policies.yaml index 39c780f17..12321e0d0 100644 --- a/charts/f5/nginx-ingress/crds/k8s.nginx.org_policies.yaml +++ b/charts/f5/nginx-ingress/crds/k8s.nginx.org_policies.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: policies.k8s.nginx.org spec: group: k8s.nginx.org diff --git a/charts/f5/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml b/charts/f5/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml index 3608e27b7..0b994ea42 100644 --- a/charts/f5/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml +++ b/charts/f5/nginx-ingress/crds/k8s.nginx.org_transportservers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: transportservers.k8s.nginx.org spec: group: k8s.nginx.org diff --git a/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml b/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml index 22048b907..679df933c 100644 --- a/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml +++ b/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualserverroutes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: virtualserverroutes.k8s.nginx.org spec: group: k8s.nginx.org @@ -588,6 +588,8 @@ spec: type: string path: type: string + samesite: + type: string secure: type: boolean slow-start: diff --git a/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml b/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml index 968573fae..e15e80429 100644 --- a/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml +++ b/charts/f5/nginx-ingress/crds/k8s.nginx.org_virtualservers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: virtualservers.k8s.nginx.org spec: group: k8s.nginx.org @@ -86,6 +86,8 @@ spec: format: int64 recordType: type: string + gunzip: + type: boolean host: type: string http-snippets: @@ -673,6 +675,8 @@ spec: type: string path: type: string + samesite: + type: string secure: type: boolean slow-start: diff --git a/charts/f5/nginx-ingress/templates/_helpers.tpl b/charts/f5/nginx-ingress/templates/_helpers.tpl index 24262f516..e48513295 100644 --- a/charts/f5/nginx-ingress/templates/_helpers.tpl +++ b/charts/f5/nginx-ingress/templates/_helpers.tpl @@ -33,6 +33,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create a default fully qualified controller service name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "nginx-ingress.controller.service.name" -}} +{{- default (include "nginx-ingress.controller.fullname" .) .Values.serviceNameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/f5/nginx-ingress/templates/controller-daemonset.yaml b/charts/f5/nginx-ingress/templates/controller-daemonset.yaml index 0b8c0d098..b94ff9ad1 100644 --- a/charts/f5/nginx-ingress/templates/controller-daemonset.yaml +++ b/charts/f5/nginx-ingress/templates/controller-daemonset.yaml @@ -42,9 +42,6 @@ spec: securityContext: seccompProfile: type: RuntimeDefault -{{- if .Values.controller.readOnlyRootFilesystem }} - fsGroup: 101 #nginx -{{- end }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if .Values.controller.nodeSelector }} nodeSelector: @@ -171,8 +168,8 @@ spec: - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }} {{- if .Values.controller.appprotectdos.enable }} - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }} - - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxWorkers }} - - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxDaemons }} + - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxDaemons }} + - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxWorkers }} - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }} {{ end }} - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} @@ -207,7 +204,7 @@ spec: {{- else if .Values.controller.reportIngressStatus.externalService }} - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} - - -external-service={{ include "nginx-ingress.controller.fullname" . }} + - -external-service={{ include "nginx-ingress.controller.service.name" . }} {{- end }} {{- end }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} diff --git a/charts/f5/nginx-ingress/templates/controller-deployment.yaml b/charts/f5/nginx-ingress/templates/controller-deployment.yaml index 97d3b49c4..0c1b9ad5d 100644 --- a/charts/f5/nginx-ingress/templates/controller-deployment.yaml +++ b/charts/f5/nginx-ingress/templates/controller-deployment.yaml @@ -80,9 +80,6 @@ spec: securityContext: seccompProfile: type: RuntimeDefault -{{- if .Values.controller.readOnlyRootFilesystem }} - fsGroup: 101 #nginx -{{- end }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} hostNetwork: {{ .Values.controller.hostNetwork }} dnsPolicy: {{ .Values.controller.dnsPolicy }} @@ -176,8 +173,8 @@ spec: - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }} {{- if .Values.controller.appprotectdos.enable }} - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }} - - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxWorkers }} - - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxDaemons }} + - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxDaemons }} + - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxWorkers }} - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }} {{ end }} - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} @@ -212,7 +209,7 @@ spec: {{- else if .Values.controller.reportIngressStatus.externalService }} - -external-service={{ .Values.controller.reportIngressStatus.externalService }} {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} - - -external-service={{ include "nginx-ingress.controller.fullname" . }} + - -external-service={{ include "nginx-ingress.controller.service.name" . }} {{- end }} {{- end }} - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} diff --git a/charts/f5/nginx-ingress/templates/controller-service.yaml b/charts/f5/nginx-ingress/templates/controller-service.yaml index aa02dbf2e..6daa94113 100644 --- a/charts/f5/nginx-ingress/templates/controller-service.yaml +++ b/charts/f5/nginx-ingress/templates/controller-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ default (include "nginx-ingress.controller.fullname" .) .Values.serviceNameOverride }} + name: {{ include "nginx-ingress.controller.service.name" . }} namespace: {{ .Release.Namespace }} labels: {{- include "nginx-ingress.labels" . | nindent 4 }} @@ -20,7 +20,7 @@ spec: {{- end }} {{- end }} {{- if eq .Values.controller.service.type "LoadBalancer" }} - {{- if and (semverCompare ">=1.22.0-0" .Capabilities.KubeVersion.Version) (.Values.controller.service.allocateLoadBalancerNodePorts) }} + {{- if hasKey .Values.controller.service "allocateLoadBalancerNodePorts" }} allocateLoadBalancerNodePorts: {{ .Values.controller.service.allocateLoadBalancerNodePorts }} {{- end }} {{- if .Values.controller.service.loadBalancerIP }} diff --git a/charts/f5/nginx-ingress/values-icp.yaml b/charts/f5/nginx-ingress/values-icp.yaml index 4eb2c6d65..1b68d4321 100644 --- a/charts/f5/nginx-ingress/values-icp.yaml +++ b/charts/f5/nginx-ingress/values-icp.yaml @@ -4,7 +4,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "3.1.1" + tag: "3.2.0" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/charts/f5/nginx-ingress/values-plus.yaml b/charts/f5/nginx-ingress/values-plus.yaml index 60e00179c..210ee505a 100644 --- a/charts/f5/nginx-ingress/values-plus.yaml +++ b/charts/f5/nginx-ingress/values-plus.yaml @@ -3,4 +3,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "3.1.1" + tag: "3.2.0" diff --git a/charts/f5/nginx-ingress/values.yaml b/charts/f5/nginx-ingress/values.yaml index d99ff35b9..32ace3bf9 100644 --- a/charts/f5/nginx-ingress/values.yaml +++ b/charts/f5/nginx-ingress/values.yaml @@ -54,7 +54,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag. - # tag: "3.1.1" + # tag: "3.2.0" ## The digest of the Ingress Controller image. ## If digest is specified it has precedence over tag and will be used instead @@ -142,7 +142,6 @@ controller: # cpu: 1 # memory: 1Gi - ## The tolerations of the Ingress Controller pods. tolerations: [] diff --git a/charts/gopaddle/gopaddle/Chart.yaml b/charts/gopaddle/gopaddle/Chart.yaml index 776736366..5f474274f 100644 --- a/charts/gopaddle/gopaddle/Chart.yaml +++ b/charts/gopaddle/gopaddle/Chart.yaml @@ -14,7 +14,7 @@ annotations: catalog.cattle.io/namespace: gp-lite-4-2 catalog.cattle.io/release-name: gopaddle apiVersion: v2 -appVersion: 4.2.7 +appVersion: 4.2.8 dependencies: - condition: global.installer.chart.gp-core name: gp-core @@ -32,4 +32,4 @@ keywords: - Community Edition kubeVersion: '>=1.21-0' name: gopaddle -version: 4.2.7 +version: 4.2.8 diff --git a/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml b/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml index 575937676..1ec985509 100644 --- a/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml +++ b/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 4.2.7 +appVersion: 4.2.8 description: A Helm chart for Kubernetes name: gp-core type: application -version: 4.2.7 +version: 4.2.8 diff --git a/charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml b/charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml index c27d31442..857246f56 100644 --- a/charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml +++ b/charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml @@ -2,94 +2,95 @@ activitymanager: activitymanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.7 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 alertmanager: alertmanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.38 - imageTagArm: 4.2.6.onprem-arm64.2 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 appscanner: appscanner: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.11 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 appworker: appworker: envMap: NODE_NAME: spec.nodeName rabbitmq_user: admin - imageTag: 4.2.6.onprem.9 - imageTagArm: 4.2.6.onprem-arm64.2 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 cloudmanager: cloudmanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.5 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 clustermanager: clustermanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.9 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 clustertemplatemanager: clustertemplatemanager: - imageTag: 4.2.6.onprem.6 - imageTagArm: 4.2.6.onprem-arm64.2 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 configmanager: configmanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.6 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.2 + imageTagArm: multi-arch-4.2.7.onprem.2 costmanager: costmanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.5 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 deploymentmanager: deploymanager: envMap: NODE_NAME: spec.nodeName rabbitmq_user: admin - imageTag: 4.2.6.onprem.8 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 domainmanager: domainmanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.7 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 esearch: esearch: envMap: discovery.type: single-node - image: elasticsearch + image: elasticsearch:7.12.0 imageTag: 1.7.3 + imageTagArm: 7.8.0 gateway: gateway: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.5 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 gpkubeux: envMap: HOST: 0.0.0.0 - imageTag: 4.2.6.onprem.41 - imageTagArm: 4.2.6.onprem-arm64.1 - gpReleaseVersion: 4.2.6 + imageTag: multi-arch-4.2.7.onprem.2 + imageTagArm: multi-arch-4.2.7.onprem.2 + gpReleaseVersion: 4.2.8 gpcore: core: envMap: NODE_IP: rabbitmq-build-external.$(NAMESPACE).svc.cluster.local NODE_NAME: spec.nodeName NODE_PORT: "5672" - imageTag: 4.2.6.onprem.10 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 influxdb: influxdb: envMap: @@ -112,14 +113,14 @@ nodechecker: nodechecker: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.4 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 paymentmanager: paymentmanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.5 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 rabbitmq: rabbitmq: envMap: @@ -135,8 +136,8 @@ usermanager: usermanager: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.5 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 webhook: webhook: envMap: @@ -144,17 +145,18 @@ webhook: HOST_IP: status.hostIP NODE_NAME: spec.nodeName REPLICA_IP: status.podIP - imageTag: 4.2.6.onprem.9 - imageTagArm: 4.2.6.onprem-arm64.2 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 marketplace: marketplace: envMap: NODE_NAME: spec.nodeName - imageTag: 4.2.6.onprem.5 - imageTagArm: 4.2.6.onprem-arm64.1 + imageTag: multi-arch-4.2.7.onprem.1 + imageTagArm: multi-arch-4.2.7.onprem.1 defaultbackend: defaultbackend: image: defaultbackend + imageArm: defaultbackend-arm64 imageTag: 1.4 nginxIngress: nginxIngress: diff --git a/charts/gopaddle/gopaddle/charts/gp-core/values.yaml b/charts/gopaddle/gopaddle/charts/gp-core/values.yaml index a26c11e26..868434c8a 100644 --- a/charts/gopaddle/gopaddle/charts/gp-core/values.yaml +++ b/charts/gopaddle/gopaddle/charts/gp-core/values.yaml @@ -43,8 +43,8 @@ configmanager: configmanager: envMap: NODE_NAME: spec.nodeName - imageTag: multi-arch-4.2.7.lite.1 - imageTagArm: multi-arch-4.2.7.lite.1 + imageTag: multi-arch-4.2.7.lite.2 + imageTagArm: multi-arch-4.2.7.lite.2 costmanager: costmanager: envMap: @@ -80,9 +80,9 @@ gateway: gpkubeux: envMap: HOST: 0.0.0.0 - imageTag: multi-arch-4.2.7.lite.1 - imageTagArm: multi-arch-4.2.7.lite.1 - gpReleaseVersion: 4.2.7 + imageTag: multi-arch-4.2.7.lite.2 + imageTagArm: multi-arch-4.2.7.lite.2 + gpReleaseVersion: 4.2.8 gpcore: core: envMap: diff --git a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml index c435c710b..3c0d44fcd 100644 --- a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml +++ b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 4.2.7 +appVersion: 4.2.8 description: A Helm chart for Kubernetes name: gp-rabbitmq type: application -version: 4.2.7 +version: 4.2.8 diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index 09226cf8c..babb9d05a 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,11 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 4.3.29 + +Update Jenkins image and appVersion to jenkins lts release version 2.401.2 + + ## 4.3.28 Allow the kubernetes API server URL to be configurable. diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index 3fb9da869..1a3bfc901 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -2,7 +2,7 @@ annotations: artifacthub.io/category: integration-delivery artifacthub.io/images: | - name: jenkins - image: jenkins/jenkins:2.401.1-jdk11 + image: jenkins/jenkins:2.401.2-jdk11 - name: k8s-sidecar image: kiwigrid/k8s-sidecar:1.24.4 - name: inbound-agent @@ -22,7 +22,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.14-0' catalog.cattle.io/release-name: jenkins apiVersion: v2 -appVersion: 2.401.1 +appVersion: 2.401.2 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. @@ -49,4 +49,4 @@ sources: - https://github.com/jenkinsci/docker-inbound-agent - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin -version: 4.3.28 +version: 4.3.29 diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml index a802afba0..a4192d4a1 100644 --- a/charts/jenkins/jenkins/values.yaml +++ b/charts/jenkins/jenkins/values.yaml @@ -22,7 +22,7 @@ controller: # Used for label app.kubernetes.io/component componentName: "jenkins-controller" image: "jenkins/jenkins" - # tag: "2.401.1-jdk11" + # tag: "2.401.2-jdk11" tagLabel: jdk11 imagePullPolicy: "Always" imagePullSecretName: diff --git a/charts/minio/minio-operator/Chart.yaml b/charts/minio/minio-operator/Chart.yaml index 9f1f2427f..6e6257050 100644 --- a/charts/minio/minio-operator/Chart.yaml +++ b/charts/minio/minio-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: minio-operator apiVersion: v2 -appVersion: v5.0.5 +appVersion: v5.0.6 description: A Helm chart for MinIO Operator home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -19,4 +19,4 @@ name: minio-operator sources: - https://github.com/minio/operator type: application -version: 5.0.5 +version: 5.0.6 diff --git a/charts/minio/minio-operator/Chart.yaml-e b/charts/minio/minio-operator/Chart.yaml-e index cc7df9b3d..a10cf38ba 100644 --- a/charts/minio/minio-operator/Chart.yaml-e +++ b/charts/minio/minio-operator/Chart.yaml-e @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.5 -appVersion: v5.0.5 +version: 5.0.6 +appVersion: v5.0.6 keywords: - storage - object-storage diff --git a/charts/minio/minio-operator/templates/NOTES.txt b/charts/minio/minio-operator/templates/NOTES.txt index 53d326f90..47b9aea9e 100644 --- a/charts/minio/minio-operator/templates/NOTES.txt +++ b/charts/minio/minio-operator/templates/NOTES.txt @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: console-sa-secret - namespace: minio-operator + namespace: {{ .Release.Namespace }} annotations: kubernetes.io/service-account.name: console-sa type: kubernetes.io/service-account-token diff --git a/charts/minio/minio-operator/templates/_helpers.tpl b/charts/minio/minio-operator/templates/_helpers.tpl index 5a9694525..ca3bdc469 100644 --- a/charts/minio/minio-operator/templates/_helpers.tpl +++ b/charts/minio/minio-operator/templates/_helpers.tpl @@ -3,7 +3,7 @@ Expand the name of the chart. */}} {{- define "minio-operator.name" -}} -{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}} + {{- default .Chart.Name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -12,19 +12,19 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "minio-operator.fullname" -}} -{{- $name := default .Chart.Name -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} + {{- $name := default .Chart.Name -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} {{- end -}} {{/* Expand the name of the Operator Console. */}} {{- define "minio-operator.console-name" -}} -{{- printf "%s-%s" .Chart.Name "console" | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" .Chart.Name "console" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -33,14 +33,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "minio-operator.console-fullname" -}} -{{- printf "%s-%s" .Release.Name "console" | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" .Release.Name "console" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "minio-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* diff --git a/charts/minio/minio-operator/templates/console-deployment.yaml b/charts/minio/minio-operator/templates/console-deployment.yaml index b7ca5c6e5..a693c6806 100644 --- a/charts/minio/minio-operator/templates/console-deployment.yaml +++ b/charts/minio/minio-operator/templates/console-deployment.yaml @@ -1,49 +1,45 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: "console" - namespace: {{ .Release.Namespace }} - labels: - {{- include "minio-operator.labels" . | nindent 4 }} + name: console + labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: replicas: {{ .Values.console.replicaCount }} selector: - matchLabels: - {{- include "minio-operator.console-selectorLabels" . | nindent 6 }} + matchLabels: {{- include "minio-operator.console-selectorLabels" . | nindent 6 }} template: metadata: - labels: - {{- include "minio-operator.console-selectorLabels" . | nindent 8 }} + labels: {{- include "minio-operator.console-selectorLabels" . | nindent 8 }} spec: - {{- with .Values.operator.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} + {{- with .Values.console.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.console.runtimeClassName }} + runtimeClassName: {{ . }} {{- end }} serviceAccountName: console-sa {{- with .Values.console.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} + securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.console.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} + nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.console.affinity }} - affinity: - {{- toYaml . | nindent 8 }} + affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.console.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} + tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.console.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.console.initContainers }} + initContainers: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.console.image.repository }}:{{ .Values.console.image.tag }}" - imagePullPolicy: {{ .Values.operator.image.pullPolicy }} + imagePullPolicy: {{ .Values.console.image.pullPolicy }} ports: - containerPort: 9090 name: http @@ -52,25 +48,13 @@ spec: args: - ui - --certs-dir=/tmp/certs - resources: - {{- toYaml .Values.console.resources | nindent 12 }} - volumeMounts: - {{- with .Values.console.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: + resources: {{- toYaml .Values.console.resources | nindent 12 }} {{- with .Values.console.containerSecurityContext }} - {{- toYaml . | nindent 12 }} + securityContext: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.console.volumeMounts }} + volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} - volumes: {{- with .Values.console.volumes }} - {{- toYaml . | nindent 8 }} + volumes: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.console.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.operator.runtimeClassName }} - runtimeClassName: - {{- toYaml . | nindent 8 }} - {{- end}} diff --git a/charts/minio/minio-operator/templates/console-ingress.yaml b/charts/minio/minio-operator/templates/console-ingress.yaml index 9262c437b..3a8fd62a0 100644 --- a/charts/minio/minio-operator/templates/console-ingress.yaml +++ b/charts/minio/minio-operator/templates/console-ingress.yaml @@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "minio-operator.console-fullname" . }} - namespace: {{ .Release.Namespace }} {{- with .Values.console.ingress.labels }} labels: {{ toYaml . | nindent 4 }} {{- end }} @@ -11,8 +10,8 @@ metadata: annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: - {{- if .Values.console.ingress.ingressClassName }} - ingressClassName: {{ .Values.console.ingress.ingressClassName }} + {{- with .Values.console.ingress.ingressClassName }} + ingressClassName: {{ . }} {{- end }} {{- if .Values.console.ingress.tls }} tls: @@ -35,4 +34,4 @@ spec: name: "console" port: name: http -{{ end }} +{{- end }} diff --git a/charts/minio/minio-operator/templates/console-service.yaml b/charts/minio/minio-operator/templates/console-service.yaml index 1677612be..28f8aee9e 100644 --- a/charts/minio/minio-operator/templates/console-service.yaml +++ b/charts/minio/minio-operator/templates/console-service.yaml @@ -2,14 +2,11 @@ apiVersion: v1 kind: Service metadata: name: "console" - namespace: {{ .Release.Namespace }} - labels: - {{- include "minio-operator.labels" . | nindent 4 }} + labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: ports: - name: http port: 9090 - name: https port: 9443 - selector: - {{- include "minio-operator.console-selectorLabels" . | nindent 4 }} + selector: {{- include "minio-operator.console-selectorLabels" . | nindent 4 }} diff --git a/charts/minio/minio-operator/templates/console-ui.yaml b/charts/minio/minio-operator/templates/console-ui.yaml index 4fcb5e7d5..f8a1e7b5c 100644 --- a/charts/minio/minio-operator/templates/console-ui.yaml +++ b/charts/minio/minio-operator/templates/console-ui.yaml @@ -2,13 +2,11 @@ apiVersion: v1 kind: ServiceAccount metadata: name: console-sa - namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: Secret metadata: name: console-sa-secret - namespace: {{ .Release.Namespace }} annotations: kubernetes.io/service-account.name: console-sa type: kubernetes.io/service-account-token @@ -271,4 +269,3 @@ data: kind: ConfigMap metadata: name: console-env - namespace: {{ .Release.Namespace }} diff --git a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml index 6b0eb95b1..b938e4478 100644 --- a/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml +++ b/charts/minio/minio-operator/templates/minio.min.io_tenants.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -216,6 +215,611 @@ spec: type: string type: object x-kubernetes-map-type: atomic + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array kes: properties: affinity: diff --git a/charts/minio/minio-operator/templates/operator-deployment.yaml b/charts/minio/minio-operator/templates/operator-deployment.yaml index af3d6fc2d..c88f02028 100644 --- a/charts/minio/minio-operator/templates/operator-deployment.yaml +++ b/charts/minio/minio-operator/templates/operator-deployment.yaml @@ -2,47 +2,43 @@ apiVersion: apps/v1 kind: Deployment metadata: name: "minio-operator" - namespace: {{ .Release.Namespace }} - labels: - {{- include "minio-operator.labels" . | nindent 4 }} + labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: replicas: {{ .Values.operator.replicaCount }} selector: - matchLabels: - {{- include "minio-operator.selectorLabels" . | nindent 6 }} + matchLabels: {{- include "minio-operator.selectorLabels" . | nindent 6 }} template: metadata: - labels: - {{- include "minio-operator.selectorLabels" . | nindent 8 }} + labels: {{- include "minio-operator.selectorLabels" . | nindent 8 }} spec: {{- with .Values.operator.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} + imagePullSecrets: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.operator.runtimeClassName }} + runtimeClassName: {{ . }} {{- end }} serviceAccountName: minio-operator {{- with .Values.operator.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} + securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.operator.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} + nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.operator.affinity }} - affinity: - {{- toYaml . | nindent 8 }} + affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.operator.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} + tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.operator.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.operator.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.operator.initContainers }} + initContainers: {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" @@ -50,20 +46,9 @@ spec: args: - controller {{- with .Values.operator.env }} - env: - {{ toYaml . | nindent 10 }} + env: {{- toYaml . | nindent 12 }} {{- end }} - resources: - {{- toYaml .Values.operator.resources | nindent 12 }} - securityContext: + resources: {{- toYaml .Values.operator.resources | nindent 12 }} {{- with .Values.operator.containerSecurityContext }} - {{- toYaml . | nindent 12 }} + securityContext: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.operator.initContainers }} - initContainers: - {{- toYaml . | nindent 8 }} - {{- end}} - {{- with .Values.operator.runtimeClassName }} - runtimeClassName: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/minio/minio-operator/templates/operator-service.yaml b/charts/minio/minio-operator/templates/operator-service.yaml index 9ed6a0c26..1e8c3cc04 100644 --- a/charts/minio/minio-operator/templates/operator-service.yaml +++ b/charts/minio/minio-operator/templates/operator-service.yaml @@ -2,9 +2,7 @@ apiVersion: v1 kind: Service metadata: name: "operator" - namespace: {{ .Release.Namespace }} - labels: - {{- include "minio-operator.labels" . | nindent 4 }} + labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: type: ClusterIP ports: @@ -18,13 +16,10 @@ apiVersion: v1 kind: Service metadata: name: "sts" - namespace: {{ .Release.Namespace }} - labels: - {{- include "minio-operator.labels" . | nindent 4 }} + labels: {{- include "minio-operator.labels" . | nindent 4 }} spec: type: ClusterIP ports: - port: 4223 name: https - selector: - {{- include "minio-operator.selectorLabels" . | nindent 4 }} + selector: {{- include "minio-operator.selectorLabels" . | nindent 4 }} diff --git a/charts/minio/minio-operator/templates/serviceaccount.yaml b/charts/minio/minio-operator/templates/serviceaccount.yaml index a8e840cdb..9c118323d 100644 --- a/charts/minio/minio-operator/templates/serviceaccount.yaml +++ b/charts/minio/minio-operator/templates/serviceaccount.yaml @@ -2,6 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: minio-operator - namespace: {{ .Release.Namespace }} - labels: -{{ include "minio-operator.labels" . | nindent 4 }} + labels: {{- include "minio-operator.labels" . | nindent 4 }} diff --git a/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml b/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml index b01576f5b..6ca09bbc1 100644 --- a/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml +++ b/charts/minio/minio-operator/templates/sts.min.io_policybindings.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/charts/minio/minio-operator/values.yaml b/charts/minio/minio-operator/values.yaml index bc8187800..8c44fd3c5 100644 --- a/charts/minio/minio-operator/values.yaml +++ b/charts/minio/minio-operator/values.yaml @@ -11,10 +11,12 @@ operator: # value: "" image: repository: quay.io/minio/operator - tag: v5.0.5 + tag: v5.0.6 pullPolicy: IfNotPresent imagePullSecrets: [ ] - initcontainers: [ ] + runtimeClassName: ~ + initContainers: [ ] + env: [ ] replicaCount: 2 securityContext: runAsUser: 1000 @@ -48,10 +50,11 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.5 + tag: v5.0.6 pullPolicy: IfNotPresent imagePullSecrets: [ ] - initcontainers: [ ] + runtimeClassName: ~ + initContainers: [ ] replicaCount: 1 nodeSelector: { } affinity: { } diff --git a/charts/minio/minio-operator/values.yaml-e b/charts/minio/minio-operator/values.yaml-e index bc8187800..8c44fd3c5 100644 --- a/charts/minio/minio-operator/values.yaml-e +++ b/charts/minio/minio-operator/values.yaml-e @@ -11,10 +11,12 @@ operator: # value: "" image: repository: quay.io/minio/operator - tag: v5.0.5 + tag: v5.0.6 pullPolicy: IfNotPresent imagePullSecrets: [ ] - initcontainers: [ ] + runtimeClassName: ~ + initContainers: [ ] + env: [ ] replicaCount: 2 securityContext: runAsUser: 1000 @@ -48,10 +50,11 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.5 + tag: v5.0.6 pullPolicy: IfNotPresent imagePullSecrets: [ ] - initcontainers: [ ] + runtimeClassName: ~ + initContainers: [ ] replicaCount: 1 nodeSelector: { } affinity: { } diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 8c262d2f5..de69b3258 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.redpanda.com version: 0.6.6 digest: sha256:af20a82c5cb646895892b783bdcfc50ca41f3f67ec14606c40236969c6a166e4 -generated: "2023-06-23T22:15:54.816600035Z" +generated: "2023-06-27T07:42:28.120331986Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 932cf9d51..926170a95 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -17,7 +17,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: redpanda apiVersion: v2 -appVersion: v23.1.12 +appVersion: v23.1.13 dependencies: - condition: console.enabled name: console @@ -33,4 +33,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.47 +version: 4.0.48 diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index fea725d73..ac4a473a3 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.3.122 +appVersion: 1.3.145 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.3.17 +version: 1.3.18 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 0c0e7b4f5..2e77134cb 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.17 +### Upgrade to 1.3.18 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.17/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.18/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 0c0e7b4f5..2e77134cb 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.17 +### Upgrade to 1.3.18 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.17/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.18/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 048a3f95a..cf37063da 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.3.122 + tag: v1.3.145 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 7b23bf80f..784f4a66c 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.16.0 +### New Features +* **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170)) # v1.15.93 ### Chores * **sysdig, node-analyzer** [706d562f](https://github.com/sysdiglabs/charts/commit/706d562f3d473f88fd1d257974cd3a127d672a2a): bump sysdig/vuln-runtime-scanner to v1.5.1 ([#1187](https://github.com/sysdiglabs/charts/issues/1187)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index ea821d754..7988a9e29 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -29,4 +29,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.15.93 +version: 1.16.0 diff --git a/charts/sysdig/sysdig/README.md b/charts/sysdig/sysdig/README.md index 0bb5aae81..b45b371d0 100644 --- a/charts/sysdig/sysdig/README.md +++ b/charts/sysdig/sysdig/README.md @@ -76,6 +76,20 @@ $ helm delete --namespace sysdig-agent sysdig-agent The command removes all the Kubernetes components associated with the chart and deletes the release. +## Verify the integrity and origin +Sysdig Helm Charts are signed so users can verify the integrity and origin of each chart, the steps are as follows: + +### Import the Public Key + +```console +$ curl -o "/tmp/sysdig_public.gpg" "https://charts.sysdig.com/public.gpg" +$ gpg --import /tmp/sysdig_public.gpg +``` + +### Verify the chart + +To check the integrity and the origin of the charts you can now append the `--verify` flag to the `install`, `upgrade` and `pull` helm commands. + ## Configuration The following table lists the configurable parameters of the Sysdig chart and their default values. diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index fe943f162..376ae1786 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,9 +1,6 @@ # What's Changed -### Chores -- **sysdig, node-analyzer** [706d562f](https://github.com/sysdiglabs/charts/commit/706d562f3d473f88fd1d257974cd3a127d672a2a): bump sysdig/vuln-runtime-scanner to v1.5.1 ([#1187](https://github.com/sysdiglabs/charts/issues/1187)) +### New Features +- **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170)) - * Runtimescanner bumped to 1.5.1 -- Fix for CVE-2023-2253 - -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.8.27...sysdig-1.15.93 +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.8.29...sysdig-1.16.0 diff --git a/charts/yugabyte/yugabyte/.helmignore b/charts/yugabyte/yugabyte/.helmignore new file mode 100644 index 000000000..3598c3003 --- /dev/null +++ b/charts/yugabyte/yugabyte/.helmignore @@ -0,0 +1 @@ +tests \ No newline at end of file diff --git a/charts/yugabyte/yugabyte/Chart.yaml b/charts/yugabyte/yugabyte/Chart.yaml index 5c67fab48..34e8c05e8 100644 --- a/charts/yugabyte/yugabyte/Chart.yaml +++ b/charts/yugabyte/yugabyte/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/release-name: yugabyte charts.openshift.io/name: yugabyte apiVersion: v2 -appVersion: 2.16.5.0-b24 +appVersion: 2.18.1.0-b84 description: YugabyteDB is the high-performance distributed SQL database for building global, internet-scale apps. home: https://www.yugabyte.com @@ -19,4 +19,4 @@ maintainers: name: yugabyte sources: - https://github.com/yugabyte/yugabyte-db -version: 2.16.5 +version: 2.18.1 diff --git a/charts/yugabyte/yugabyte/app-readme.md b/charts/yugabyte/yugabyte/app-readme.md index 51169fb38..2d88b33b2 100644 --- a/charts/yugabyte/yugabyte/app-readme.md +++ b/charts/yugabyte/yugabyte/app-readme.md @@ -1 +1 @@ -This chart bootstraps an RF3 YugabyteDB version 2.16.5.0-b24 cluster using the Helm Package Manager. +This chart bootstraps an RF3 YugabyteDB version 2.18.1.0-b84 cluster using the Helm Package Manager. diff --git a/charts/yugabyte/yugabyte/generate_kubeconfig.py b/charts/yugabyte/yugabyte/generate_kubeconfig.py index 3e2e1d5d7..f4c2d14ab 100644 --- a/charts/yugabyte/yugabyte/generate_kubeconfig.py +++ b/charts/yugabyte/yugabyte/generate_kubeconfig.py @@ -87,6 +87,27 @@ def get_secret_data(secret, namespace): return secret_data +def get_secrets_for_sa(sa_name, namespace): + """Returns a list of all service account token secrets associated + with the given sa_name in the namespace. + + """ + secrets = run_command( + [ + "get", + "secret", + "--field-selector", + "type=kubernetes.io/service-account-token", + "-o", + 'jsonpath="{.items[?(@.metadata.annotations.kubernetes\.io/service-account\.name == "' + + sa_name + + '")].metadata.name}"', + ], + as_json=False, + ) + return secrets.strip('"').split() + + parser = argparse.ArgumentParser(description="Generate KubeConfig with Token") parser.add_argument("-s", "--service_account", help="Service Account name", required=True) parser.add_argument("-n", "--namespace", help="Kubernetes namespace", default="kube-system") @@ -120,23 +141,34 @@ tmpdir = tempfile.TemporaryDirectory() # Get the token and ca.crt from service account secret. sa_secrets = list() -# Kubernetes 1.22 onwards doesn't create a token secret, so we create -# it ourselves. -if "secrets" not in service_account_info: - token_secret = create_sa_token_secret(tmpdir.name, args["service_account"], args["namespace"]) - sa_secrets.append(token_secret) -else: - # some ServiceAccounts have multiple secrets, and not all them have a - # ca.crt and a token. + +# Get secrets specified in the service account, there can be multiple +# of them, and not all are service account token secrets. +if "secrets" in service_account_info: sa_secrets = [secret["name"] for secret in service_account_info["secrets"]] +# Find the existing additional service account token secrets +sa_secrets.extend(get_secrets_for_sa(args["service_account"], args["namespace"])) + secret_data = None for secret in sa_secrets: secret_data = get_secret_data(secret, args["namespace"]) if secret_data is not None: break + +# Kubernetes 1.22+ doesn't create the service account token secret by +# default, we have to create one. if secret_data is None: - exit("No usable secret found for '{}'.".format(args["service_account"])) + print("No usable secret found for '{}', creating one.".format(args["service_account"])) + token_secret = create_sa_token_secret(tmpdir.name, args["service_account"], args["namespace"]) + secret_data = get_secret_data(token_secret, args["namespace"]) + if secret_data is None: + exit( + "Failed to generate kubeconfig: No usable credentials found for '{}'.".format( + args["service_account"] + ) + ) + context_name = "{}-{}".format(args["service_account"], cluster_name) kube_config = args["output_file"] diff --git a/charts/yugabyte/yugabyte/templates/_helpers.tpl b/charts/yugabyte/yugabyte/templates/_helpers.tpl index 1d506a432..7206a4270 100644 --- a/charts/yugabyte/yugabyte/templates/_helpers.tpl +++ b/charts/yugabyte/yugabyte/templates/_helpers.tpl @@ -56,6 +56,89 @@ release: {{ .root.Release.Name | quote }} {{- end }} {{- end }} +{{/* +Create secrets in DBNamespace from other namespaces by iterating over envSecrets. +*/}} +{{- define "yugabyte.envsecrets" -}} +{{- range $v := .secretenv }} +{{- if $v.valueFrom.secretKeyRef.namespace }} +{{- $secretObj := (lookup +"v1" +"Secret" +$v.valueFrom.secretKeyRef.namespace +$v.valueFrom.secretKeyRef.name) +| default dict }} +{{- $secretData := (get $secretObj "data") | default dict }} +{{- $secretValue := (get $secretData $v.valueFrom.secretKeyRef.key) | default "" }} +{{- if (and (not $secretValue) (not $v.valueFrom.secretKeyRef.optional)) }} +{{- required (printf "Secret or key missing for %s/%s in namespace: %s" +$v.valueFrom.secretKeyRef.name +$v.valueFrom.secretKeyRef.key +$v.valueFrom.secretKeyRef.namespace) +nil }} +{{- end }} +{{- if $secretValue }} +apiVersion: v1 +kind: Secret +metadata: + {{- $secretfullname := printf "%s-%s-%s-%s" + $.root.Release.Name + $v.valueFrom.secretKeyRef.namespace + $v.valueFrom.secretKeyRef.name + $v.valueFrom.secretKeyRef.key + }} + name: {{ printf "%s-%s-%s-%s-%s-%s" + $.root.Release.Name + ($v.valueFrom.secretKeyRef.namespace | substr 0 5) + ($v.valueFrom.secretKeyRef.name | substr 0 5) + ( $v.valueFrom.secretKeyRef.key | substr 0 5) + (sha256sum $secretfullname | substr 0 4) + ($.suffix) + | lower | replace "." "" | replace "_" "" + }} + namespace: "{{ $.root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $.root | indent 4 }} +type: Opaque # should it be an Opaque secret? +data: + {{ $v.valueFrom.secretKeyRef.key }}: {{ $secretValue | quote }} +{{- end }} +{{- end }} +--- +{{- end }} +{{- end }} + +{{/* +Add env secrets to DB statefulset. +*/}} +{{- define "yugabyte.addenvsecrets" -}} +{{- range $v := .secretenv }} +- name: {{ $v.name }} + valueFrom: + secretKeyRef: + {{- if $v.valueFrom.secretKeyRef.namespace }} + {{- $secretfullname := printf "%s-%s-%s-%s" + $.root.Release.Name + $v.valueFrom.secretKeyRef.namespace + $v.valueFrom.secretKeyRef.name + $v.valueFrom.secretKeyRef.key + }} + name: {{ printf "%s-%s-%s-%s-%s-%s" + $.root.Release.Name + ($v.valueFrom.secretKeyRef.namespace | substr 0 5) + ($v.valueFrom.secretKeyRef.name | substr 0 5) + ($v.valueFrom.secretKeyRef.key | substr 0 5) + (sha256sum $secretfullname | substr 0 4) + ($.suffix) + | lower | replace "." "" | replace "_" "" + }} + {{- else }} + name: {{ $v.valueFrom.secretKeyRef.name }} + {{- end }} + key: {{ $v.valueFrom.secretKeyRef.key }} + optional: {{ $v.valueFrom.secretKeyRef.optional | default "false" }} +{{- end }} +{{- end }} {{/* Create Volume name. */}} @@ -84,18 +167,21 @@ Generate a preflight check script invocation. */}} {{- define "yugabyte.preflight_check" -}} {{- if not .Values.preflight.skipAll -}} +{{- $port := .Preflight.Port -}} +{{- range $addr := split "," .Preflight.Addr -}} if [ -f /home/yugabyte/tools/k8s_preflight.py ]; then PYTHONUNBUFFERED="true" /home/yugabyte/tools/k8s_preflight.py \ dnscheck \ - --addr="{{ .Preflight.Addr }}" \ -{{- if not .Values.preflight.skipBind }} - --port="{{ .Preflight.Port }}" + --addr="{{ $addr }}" \ +{{- if not $.Values.preflight.skipBind }} + --port="{{ $port }}" {{- else }} --skip_bind {{- end }} fi && \ -{{- end -}} -{{- end -}} +{{ end }} +{{- end }} +{{- end }} {{/* Get YugaByte fs data directories. @@ -120,13 +206,13 @@ Get files from fs data directories for readiness / liveness probes. Generate server FQDN. */}} {{- define "yugabyte.server_fqdn" -}} - {{- if (and .Values.istioCompatibility.enabled .Values.multicluster.createServicePerPod) -}} + {{- if .Values.multicluster.createServicePerPod -}} {{- printf "$(HOSTNAME).$(NAMESPACE).svc.%s" .Values.domainName -}} {{- else if (and .Values.oldNamingStyle .Values.multicluster.createServiceExports) -}} {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} {{- printf "$(HOSTNAME).%s.%s.$(NAMESPACE).svc.clusterset.local" $membershipName .Service.name -}} {{- else if .Values.oldNamingStyle -}} - {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} + {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} {{- else -}} {{- if .Values.multicluster.createServiceExports -}} {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} @@ -150,12 +236,20 @@ Generate server RPC bind address. In case of multi-cluster services (MCS), we set it to $(POD_IP) to ensure YCQL uses a resolvable address. See https://github.com/yugabyte/yugabyte-db/issues/16155 + +We use a workaround for above in case of Istio by setting it to +$(POD_IP) and localhost. Master doesn't support that combination, so +we stick to 0.0.0.0, which works for master. */}} {{- define "yugabyte.rpc_bind_address" -}} {{- $port := index .Service.ports "tcp-rpc-port" -}} {{- if .Values.istioCompatibility.enabled -}} - 0.0.0.0:{{ $port }} - {{- else if .Values.multicluster.createServiceExports -}} + {{- if (eq .Service.name "yb-masters") -}} + 0.0.0.0:{{ $port }} + {{- else -}} + $(POD_IP):{{ $port }},127.0.0.1:{{ $port }} + {{- end -}} + {{- else if (or .Values.multicluster.createServiceExports .Values.multicluster.createServicePerPod) -}} $(POD_IP):{{ $port }} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} @@ -173,7 +267,7 @@ Generate server web interface. Generate server CQL proxy bind address. */}} {{- define "yugabyte.cql_proxy_bind_address" -}} - {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports -}} + {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports .Values.multicluster.createServicePerPod -}} 0.0.0.0:{{ index .Service.ports "tcp-yql-port" -}} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} @@ -261,3 +355,51 @@ Set consistent issuer name. {{- end -}} {{- end -}} {{- end -}} + +{{/* + Default nodeAffinity for multi-az deployments +*/}} +{{- define "yugabyte.multiAZNodeAffinity" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: + - {{ .Values.AZ }} + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - {{ .Values.AZ }} +{{- end -}} + +{{/* + Default podAntiAffinity for master and tserver + + This requires "appLabelArgs" to be passed in - defined in service.yaml + we have a .root and a .label in appLabelArgs +*/}} +{{- define "yugabyte.podAntiAffinity" -}} +preferredDuringSchedulingIgnoredDuringExecution: +- weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + {{- if .root.Values.oldNamingStyle }} + - key: app + operator: In + values: + - "{{ .label }}" + {{- else }} + - key: app.kubernetes.io/name + operator: In + values: + - "{{ .label }}" + - key: release + operator: In + values: + - {{ .root.Release.Name | quote }} + {{- end }} + topologyKey: kubernetes.io/hostname +{{- end -}} diff --git a/charts/yugabyte/yugabyte/templates/certificates.yaml b/charts/yugabyte/yugabyte/templates/certificates.yaml index 5c7814de4..07fc2e5f5 100644 --- a/charts/yugabyte/yugabyte/templates/certificates.yaml +++ b/charts/yugabyte/yugabyte/templates/certificates.yaml @@ -107,6 +107,7 @@ spec: {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} - {{$node}} {{- end }} + - {{ printf "%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} uris: [] ipAddresses: [] --- diff --git a/charts/yugabyte/yugabyte/templates/debug_config_map.yaml b/charts/yugabyte/yugabyte/templates/debug_config_map.yaml new file mode 100644 index 000000000..a15c4fc9a --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/debug_config_map.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-master-hooks + namespace: "{{ .Release.Namespace }}" +data: +{{- range $index := until ( int ( .Values.replicas.master ) ) }} + yb-master-{{.}}-pre_debug_hook.sh: "echo 'hello-from-pre' " + yb-master-{{.}}-post_debug_hook.sh: "echo 'hello-from-post' " +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "yugabyte.fullname" . }}-tserver-hooks + namespace: "{{ .Release.Namespace }}" +data: +{{- range $index := until ( int ( .Values.replicas.tserver) ) }} + yb-tserver-{{.}}-pre_debug_hook.sh: "echo 'hello-from-pre' " + yb-tserver-{{.}}-post_debug_hook.sh: "echo 'hello-from-post' " +{{- end }} +--- diff --git a/charts/yugabyte/yugabyte/templates/secrets.yaml b/charts/yugabyte/yugabyte/templates/secrets.yaml new file mode 100644 index 000000000..0bd903457 --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/secrets.yaml @@ -0,0 +1,7 @@ +{{- $root := . -}} +--- # Create secrets from other namespaces for masters. +{{- $data := dict "secretenv" $.Values.master.secretEnv "root" . "suffix" "master"}} +{{- include "yugabyte.envsecrets" $data }} +--- # Create secrets from other namespaces for tservers. +{{- $data := dict "secretenv" $.Values.tserver.secretEnv "root" . "suffix" "tserver" }} +{{- include "yugabyte.envsecrets" $data }} \ No newline at end of file diff --git a/charts/yugabyte/yugabyte/templates/service.yaml b/charts/yugabyte/yugabyte/templates/service.yaml index 8983707f6..1ef30f1e2 100644 --- a/charts/yugabyte/yugabyte/templates/service.yaml +++ b/charts/yugabyte/yugabyte/templates/service.yaml @@ -24,7 +24,7 @@ data: {{- end }} --- {{- end }} - +--- {{- range .Values.Services }} {{- $service := . -}} {{- $appLabelArgs := dict "label" .label "root" $root -}} @@ -52,23 +52,23 @@ data: {{- $nodeNewStyle = printf "%s-%s-%d.%s.%s-%s.%s.svc.clusterset.local" (include "yugabyte.fullname" $root) $service.label $index $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} {{- end -}} -{{- if (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod) -}} +{{- if $root.Values.multicluster.createServicePerPod -}} {{- $nodeOldStyle = printf "%s-%d.%s.svc.%s" $service.label $index $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle = printf "%s-%s-%d.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index $root.Release.Namespace $root.Values.domainName }} {{- end -}} {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} {{- if $root.Values.tls.rootCA.key }} -{{- $dns1 := printf "*.*.%s" $root.Release.Namespace }} +{{- $dns1 := printf "*.%s-%s.%s" (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} {{- $dns2 := printf "%s.svc.%s" $dns1 $root.Values.domainName }} {{- if $root.Values.multicluster.createServiceExports -}} - {{- $dns1 = printf "*.*.*.%s.svc.clusterset.local" $root.Release.Namespace }} + {{- $dns1 = printf "*.%s.%s-%s.%s.svc.clusterset.local" $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} {{- end -}} -{{- if (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod) -}} +{{- if $root.Values.multicluster.createServicePerPod -}} {{- $dns1 = printf "*.%s.svc.%s" $root.Release.Namespace $root.Values.domainName }} {{- end -}} {{- $rootCA := buildCustomCert $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key -}} -{{- $server := genSignedCert $node ( default nil ) (list $dns1 $dns2 ) 3650 $rootCA }} +{{- $server := genSignedCert $node ( default nil ) (list $node $dns1 $dns2 ) 3650 $rootCA }} node.{{$node}}.crt: {{ $server.Cert | b64enc }} node.{{$node}}.key: {{ $server.Key | b64enc }} {{- else }} @@ -98,7 +98,7 @@ spec: selector: {{- include "yugabyte.appselector" ($appLabelArgs) | indent 4 }} -{{ if $root.Values.enableLoadBalancer }} +{{- if $root.Values.enableLoadBalancer }} {{- range $endpoint := $root.Values.serviceEndpoints }} {{- if eq $service.label $endpoint.app }} --- @@ -134,7 +134,7 @@ spec: {{- end }} {{- end}} {{- end}} -{{ end }} +{{- end}} --- apiVersion: apps/v1 @@ -248,49 +248,70 @@ spec: {{- end }} terminationGracePeriodSeconds: 300 affinity: - # Set the anti-affinity selector scope to YB masters. + # Set the anti-affinity selector scope to YB masters and tservers. + {{- $nodeAffinityData := dict}} + {{- if eq .name "yb-masters" -}} + {{- $nodeAffinityData = get $root.Values.master.affinity "nodeAffinity" | default (dict) -}} + {{- else -}} + {{- $nodeAffinityData = get $root.Values.tserver.affinity "nodeAffinity" | default (dict) -}} + {{- end -}} {{ if $root.Values.AZ }} - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: failure-domain.beta.kubernetes.io/zone - operator: In - values: - - {{ $root.Values.AZ }} - - matchExpressions: - - key: topology.kubernetes.io/zone - operator: In - values: - - {{ $root.Values.AZ }} + {{- $userSelectorTerms := dig "requiredDuringSchedulingIgnoredDuringExecution" "nodeSelectorTerms" "" $nodeAffinityData | default (list) -}} + {{- $baseAffinity := include "yugabyte.multiAZNodeAffinity" $root | fromYaml -}} + {{- $requiredSchedule := (list) -}} + {{- if $userSelectorTerms -}} + {{- range $userSelectorTerms -}} + {{- $userTerm := . -}} + {{- range $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms -}} + {{- $matchExpr := concat .matchExpressions $userTerm.matchExpressions | dict "matchExpressions" -}} + {{- $requiredSchedule = mustMerge $matchExpr $userTerm | append $requiredSchedule -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $requiredSchedule = $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms -}} + {{- end -}} + + {{- with $baseAffinity.requiredDuringSchedulingIgnoredDuringExecution -}} + {{- $_ := set . "nodeSelectorTerms" $requiredSchedule -}} + {{- end -}} + {{- $nodeAffinityData = mustMerge $baseAffinity $nodeAffinityData -}} + {{- end -}} + + {{- $podAntiAffinityData := dict -}} + {{- $basePodAntiAffinity := include "yugabyte.podAntiAffinity" ($appLabelArgs) | fromYaml -}} + {{- if eq .name "yb-masters" -}} + {{- with $root.Values.master.affinity -}} + {{- $userPodAntiAffinity := get . "podAntiAffinity" | default (dict) -}} + {{- if $userPodAntiAffinity -}} + {{- $preferredList := dig "preferredDuringSchedulingIgnoredDuringExecution" "" $userPodAntiAffinity | default (list) | concat $basePodAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution}} + {{- $_ := set $basePodAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" $preferredList -}} + {{- end -}} + {{- $podAntiAffinityData = mustMerge $basePodAntiAffinity $userPodAntiAffinity -}} + {{- end -}} + {{- else -}} + {{- with $root.Values.tserver.affinity -}} + {{- $userPodAntiAffinity := get . "podAntiAffinity" | default (dict) -}} + {{- if $userPodAntiAffinity -}} + {{- $preferredList := dig "preferredDuringSchedulingIgnoredDuringExecution" "" $userPodAntiAffinity | default (list) | concat $basePodAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution}} + {{- $_ := set $basePodAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" $preferredList -}} + {{- end -}} + {{- $podAntiAffinityData = mustMerge $basePodAntiAffinity $userPodAntiAffinity -}} + {{- end -}} + {{- end -}} + + {{- if eq .name "yb-masters" -}} + {{- if $nodeAffinityData -}} + {{- $_ := set $root.Values.master.affinity "nodeAffinity" $nodeAffinityData -}} + {{- end -}} + {{- $_ := set $root.Values.master.affinity "podAntiAffinity" $podAntiAffinityData -}} + {{ toYaml $root.Values.master.affinity | nindent 8 }} + {{- else -}} + {{- if $nodeAffinityData -}} + {{- $_ := set $root.Values.tserver.affinity "nodeAffinity" $nodeAffinityData -}} + {{- end -}} + {{- $_ := set $root.Values.tserver.affinity "podAntiAffinity" $podAntiAffinityData -}} + {{ toYaml $root.Values.tserver.affinity | nindent 8 }} {{ end }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - {{- if $root.Values.oldNamingStyle }} - - key: app - operator: In - values: - - "{{ .label }}" - {{- else }} - - key: app.kubernetes.io/name - operator: In - values: - - "{{ .label }}" - - key: release - operator: In - values: - - {{ $root.Release.Name | quote }} - {{- end }} - topologyKey: kubernetes.io/hostname - {{- if eq .name "yb-masters" }} - {{- with $root.Values.master.affinity }}{{ toYaml . | nindent 8 }}{{ end }} - {{- else }} - {{- with $root.Values.tserver.affinity }}{{ toYaml . | nindent 8 }}{{ end }} - {{- end }} containers: - name: "{{ .label }}" image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" @@ -337,18 +358,20 @@ spec: - name: YBDEVOPS_CORECOPY_DIR value: "/mnt/disk0/cores" {{- if eq .name "yb-masters" }} - {{- with $root.Values.master.extraEnv }}{{ toYaml . | nindent 8 }}{{ end }} - {{- with $root.Values.master.secretEnv }}{{ toYaml . | nindent 8 }}{{ end }} + {{- with $root.Values.master.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + {{- $data := dict "secretenv" $root.Values.master.secretEnv "root" $root "suffix" "master"}} + {{- include "yugabyte.addenvsecrets" $data | nindent 8 }} {{- else }} - {{- with $root.Values.tserver.extraEnv }}{{ toYaml . | nindent 8 }}{{ end }} - {{- with $root.Values.tserver.secretEnv }}{{ toYaml . | nindent 8 }}{{ end }} + {{- with $root.Values.tserver.extraEnv }}{{ toYaml . | nindent 8 }}{{- end }} + {{- $data := dict "secretenv" $root.Values.tserver.secretEnv "root" $root "suffix" "tserver" }} + {{- include "yugabyte.addenvsecrets" $data | nindent 8 }} {{- end }} {{- if and $root.Values.tls.enabled $root.Values.tls.clientToServer (ne .name "yb-masters") }} - name: SSL_CERTFILE value: /root/.yugabytedb/root.crt {{- end }} resources: - {{ if eq .name "yb-masters" }} + {{- if eq .name "yb-masters" }} {{ toYaml $root.Values.resource.master | indent 10 }} {{ else }} {{ toYaml $root.Values.resource.tserver | indent 10 }} @@ -379,8 +402,8 @@ spec: {{- $rpcPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $rpcDict) -}} {{- if $rpcPreflight -}}{{ $rpcPreflight | nindent 12 }}{{ end -}} {{- $broadcastAddr := include "yugabyte.server_broadcast_address" $serviceValues -}} - {{/* skip bind check for Istio multi-cluster, we cannot/don't bind to service IP */}} - {{- if (not (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod)) }} + {{/* skip bind check for servicePerPod multi-cluster, we cannot/don't bind to service IP */}} + {{- if not $root.Values.multicluster.createServicePerPod }} {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} @@ -522,6 +545,12 @@ spec: name: {{ $label | quote }} {{- end}} volumeMounts: + {{- if (eq .name "yb-tservers") }} + - name: tserver-tmp + mountPath: /tmp + {{- end }} + - name: debug-hooks-volume + mountPath: /opt/debug_hooks_config {{ if not $root.Values.storage.ephemeral }} {{- range $index := until (int ($storageInfo.count)) }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} @@ -571,7 +600,73 @@ spec: subPath: cores {{- end }} + {{- if and (eq .name "yb-tservers") ($root.Values.ybc.enabled) }} + - name: yb-controller + image: "{{ $root.Values.Image.repository }}:{{ $root.Values.Image.tag }}" + imagePullPolicy: {{ $root.Values.Image.pullPolicy }} + lifecycle: + postStart: + exec: + command: + - "bash" + - "-c" + - > + mkdir -p /mnt/disk0/yw-data/controller/tmp; + mkdir -p /mnt/disk0/yw-data/controller/conf; + mkdir -p /mnt/disk0/ybc-data/controller/logs; + mkdir -p /tmp/yugabyte/controller; + ln -sf /mnt/disk0/ybc-data/controller/logs /tmp/yugabyte/controller; + ln -sf /mnt/disk0/yw-data/controller/bin /tmp/yugabyte/controller; + rm -f /tmp/yugabyte/controller/yb-controller.pid; + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + mkdir -p /opt/certs; + ln -sf /mnt/disk0/certs /opt/certs/yugabyte; + {{- end }} + command: + - "/sbin/tini" + - "--" + args: + - "/bin/bash" + - "-c" + - > + while true; do + sleep 60; + /home/yugabyte/tools/k8s_ybc_parent.py status || /home/yugabyte/tools/k8s_ybc_parent.py start; + done + volumeMounts: + - name: tserver-tmp + mountPath: /tmp + {{- if not $root.Values.storage.ephemeral }} + {{- range $index := until (int ($storageInfo.count)) }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} + mountPath: /mnt/disk{{ $index }} + {{- end }} + {{- end }} + {{- if $root.Values.tls.enabled }} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} + readOnly: true + {{- end }} + {{- if ($root.Values.tserver.extraVolumeMounts) -}} + {{- include "yugabyte.isExtraVolumesMappingExists" $root.Values.tserver -}} + {{- $root.Values.tserver.extraVolumeMounts | toYaml | nindent 10 -}} + {{- end -}} + {{- end}} + volumes: + {{- if (eq .name "yb-masters") }} + - name: debug-hooks-volume + configMap: + name: {{ include "yugabyte.fullname" $root }}-master-hooks + defaultMode: 0755 + {{- else if (eq .name "yb-tservers") }} + - name: debug-hooks-volume + configMap: + name: {{ include "yugabyte.fullname" $root }}-tserver-hooks + defaultMode: 0755 + - name: tserver-tmp + emptyDir: {} + {{- end }} {{ if not $root.Values.storage.ephemeral }} {{- range $index := until (int ($storageInfo.count)) }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "datadir%d" $index) (printf "%s%d" (include "yugabyte.volume_name" $root) $index) }} diff --git a/charts/yugabyte/yugabyte/values.yaml b/charts/yugabyte/yugabyte/values.yaml index d87f56670..648727f6c 100644 --- a/charts/yugabyte/yugabyte/values.yaml +++ b/charts/yugabyte/yugabyte/values.yaml @@ -8,7 +8,7 @@ nameOverride: "" Image: repository: "yugabytedb/yugabyte" - tag: 2.16.5.0-b24 + tag: 2.18.1.0-b84 pullPolicy: IfNotPresent pullSecretName: "" @@ -82,10 +82,10 @@ tls: # It is necessary to provide some external means of restarting the pods. duration: 2160h # 90d renewBefore: 360h # 15d - algorithm: ECDSA # ECDSA or RSA - # Can be 2046, 4096 or 8192 for RSA + algorithm: RSA # ECDSA or RSA + # Can be 2048, 4096 or 8192 for RSA # Or 256, 384 or 521 for ECDSA - keySize: 521 + keySize: 2048 ## When certManager.enabled=false, rootCA.cert and rootCA.key are used to generate TLS certs. ## When certManager.enabled=true and boostrapSelfsigned=true, rootCA is ignored. @@ -116,6 +116,9 @@ PodManagementPolicy: Parallel enableLoadBalancer: true +ybc: + enabled: false + domainName: "cluster.local" serviceEndpoints: @@ -281,6 +284,15 @@ commonLabels: {} master: ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core ## This might override the default affinity from service.yaml + # To successfully merge, we need to follow rules for merging nodeSelectorTerms that kubernentes + # has. Each new node selector term is ORed together, and each match expression or match field in + # a single selector is ANDed together. + # This means, if a pod needs to be scheduled on a label 'custom_label_1' with a value + # 'custom_value_1', we need to add this 'subterm' to each of our pre-defined node affinity + # terms. + # + # Pod anti affinity is a simpler merge. Each term is applied separately, and the weight is tracked. + # The pod that achieves the highest weight is selected. ## Example. # affinity: # podAntiAffinity: @@ -292,6 +304,8 @@ master: # values: # - "yb-master" # topologyKey: kubernetes.io/hostname + # + # For further examples, see examples/yugabyte/affinity_overrides.yaml affinity: {} ## Extra environment variables passed to the Master pods. @@ -352,6 +366,15 @@ master: tserver: ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core ## This might override the default affinity from service.yaml + # To successfully merge, we need to follow rules for merging nodeSelectorTerms that kubernentes + # has. Each new node selector term is ORed together, and each match expression or match field in + # a single selector is ANDed together. + # This means, if a pod needs to be scheduled on a label 'custom_label_1' with a value + # 'custom_value_1', we need to add this 'subterm' to each of our pre-defined node affinity + # terms. + # + # Pod anti affinity is a simpler merge. Each term is applied separately, and the weight is tracked. + # The pod that achieves the highest weight is selected. ## Example. # affinity: # podAntiAffinity: @@ -363,6 +386,7 @@ tserver: # values: # - "yb-tserver" # topologyKey: kubernetes.io/hostname + # For further examples, see examples/yugabyte/affinity_overrides.yaml affinity: {} ## Extra environment variables passed to the TServer pods. @@ -375,13 +399,16 @@ tserver: # fieldPath: status.hostIP extraEnv: [] - # secretEnv variables are used to expose secrets data as env variables in the tserver pods. - # TODO Add namespace also to support copying secrets from other namespace. + ## secretEnv variables are used to expose secrets data as env variables in the tserver pods. + ## If namespace field is not specified we assume that user already + ## created the secret in the same namespace as DB pods. + ## Example # secretEnv: # - name: MYSQL_LDAP_PASSWORD # valueFrom: # secretKeyRef: # name: secretName + # namespace: my-other-namespace-with-ldap-secret # key: password secretEnv: [] diff --git a/charts/yugabyte/yugaware/Chart.yaml b/charts/yugabyte/yugaware/Chart.yaml index e64ec130f..b59882a13 100644 --- a/charts/yugabyte/yugaware/Chart.yaml +++ b/charts/yugabyte/yugaware/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/release-name: yugaware charts.openshift.io/name: yugaware apiVersion: v2 -appVersion: 2.16.5.0-b24 +appVersion: 2.18.1.0-b84 description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB cluster with multiple pods provided by Kubernetes or OpenShift and logically grouped together @@ -19,4 +19,4 @@ maintainers: - email: gjalla@yugabyte.com name: Govardhan Reddy Jalla name: yugaware -version: 2.16.5 +version: 2.18.1 diff --git a/charts/yugabyte/yugaware/openshift.values.yaml b/charts/yugabyte/yugaware/openshift.values.yaml index 22ae952b0..f156a5535 100644 --- a/charts/yugabyte/yugaware/openshift.values.yaml +++ b/charts/yugabyte/yugaware/openshift.values.yaml @@ -23,4 +23,7 @@ rbac: create: false ocpCompatibility: - enabled: true \ No newline at end of file + enabled: true + +securityContext: + enabled: false diff --git a/charts/yugabyte/yugaware/templates/_default_values.tpl b/charts/yugabyte/yugaware/templates/_default_values.tpl new file mode 100644 index 000000000..95ccbdb47 --- /dev/null +++ b/charts/yugabyte/yugaware/templates/_default_values.tpl @@ -0,0 +1,18 @@ +{{/* + The usage of helm upgrade [RELEASE] [CHART] --reuse-values --set [variable]:[value] throws an + error in the event that new entries are inserted to the values chart. + + This is because reuse-values flag uses the values from the last release. If --set (/--set-file/ + --set-string/--values/-f) is applied with the reuse-values flag, the values from the last + release are overridden for those variables alone, and newer changes to the chart are + unacknowledged. + + https://medium.com/@kcatstack/understand-helm-upgrade-flags-reset-values-reuse-values-6e58ac8f127e + + To prevent errors while applying upgrade with --reuse-values and --set flags after introducing + new variables, default values can be specified in this file. +*/}} + +{{- define "get_nginx_proxyReadTimeoutSec" -}} + {{ .Values.nginx.proxyReadTimeoutSec | default 600 }} +{{- end -}} diff --git a/charts/yugabyte/yugaware/templates/_helpers.tpl b/charts/yugabyte/yugaware/templates/_helpers.tpl index ffe8e65cf..232797171 100644 --- a/charts/yugabyte/yugaware/templates/_helpers.tpl +++ b/charts/yugabyte/yugaware/templates/_helpers.tpl @@ -134,3 +134,100 @@ Make list of allowed CORS origins {{- end -}} ] {{- end -}} + +{{/* +Get or generate server cert and key +*/}} +{{- define "getOrCreateServerCert" -}} +{{- $root := .Root -}} +{{- if and $root.Values.tls.certificate $root.Values.tls.key -}} +server.key: {{ $root.Values.tls.key }} +server.crt: {{ $root.Values.tls.certificate }} +{{- else -}} + {{- $result := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $result -}} +server.key: {{ index $result "server.key" }} +server.crt: {{ index $result "server.crt" }} + {{- else -}} + {{- $cert := genSelfSignedCert $root.Values.tls.hostname nil nil 3560 -}} +server.key: {{ $cert.Key | b64enc }} +server.crt: {{ $cert.Cert | b64enc }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Get or generate server key cert in pem format +*/}} +{{- define "getOrCreateServerPem" -}} +{{- $root := .Root -}} +{{- if and $root.Values.tls.certificate $root.Values.tls.key -}} +{{- $decodedKey := $root.Values.tls.key | b64dec -}} +{{- $decodedCert := $root.Values.tls.certificate | b64dec -}} +{{- $serverPemContentTemp := ( printf "%s\n%s" $decodedKey $decodedCert ) -}} +{{- $serverPemContent := $serverPemContentTemp | b64enc -}} +server.pem: {{ $serverPemContent }} +{{- else -}} + {{- $result := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $result -}} +{{- $serverPemContent := ( index $result "server.pem" ) -}} +server.pem: {{ $serverPemContent }} + {{- else -}} + {{- $cert := genSelfSignedCert $root.Values.tls.hostname nil nil 3560 -}} +{{- $serverPemContentTemp := ( printf "%s\n%s" $cert.Key $cert.Cert ) -}} +{{- $serverPemContent := $serverPemContentTemp | b64enc -}} +server.pem: {{ $serverPemContent }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Check export of nss_wrapper environment variables required +*/}} +{{- define "checkNssWrapperExportRequired" -}} + {{- if .Values.securityContext.enabled -}} + {{- if and (ne (int .Values.securityContext.runAsUser) 0) (ne (int .Values.securityContext.runAsUser) 10001) -}} + {{- printf "true" -}} + {{- end -}} + {{- else -}} + {{- printf "false" -}} + {{- end -}} +{{- end -}} + + +{{/* + Verify the extraVolumes and extraVolumeMounts mappings. + Every extraVolumes should have extraVolumeMounts +*/}} +{{- define "yugaware.isExtraVolumesMappingExists" -}} + {{- $lenExtraVolumes := len .extraVolumes -}} + {{- $lenExtraVolumeMounts := len .extraVolumeMounts -}} + + {{- if and (eq $lenExtraVolumeMounts 0) (gt $lenExtraVolumes 0) -}} + {{- fail "You have not provided the extraVolumeMounts for extraVolumes." -}} + {{- else if and (eq $lenExtraVolumes 0) (gt $lenExtraVolumeMounts 0) -}} + {{- fail "You have not provided the extraVolumes for extraVolumeMounts." -}} + {{- else if and (gt $lenExtraVolumes 0) (gt $lenExtraVolumeMounts 0) -}} + {{- $volumeMountsList := list -}} + {{- range .extraVolumeMounts -}} + {{- $volumeMountsList = append $volumeMountsList .name -}} + {{- end -}} + + {{- $volumesList := list -}} + {{- range .extraVolumes -}} + {{- $volumesList = append $volumesList .name -}} + {{- end -}} + + {{- range $volumesList -}} + {{- if not (has . $volumeMountsList) -}} + {{- fail (printf "You have not provided the extraVolumeMounts for extraVolume %s" .) -}} + {{- end -}} + {{- end -}} + + {{- range $volumeMountsList -}} + {{- if not (has . $volumesList) -}} + {{- fail (printf "You have not provided the extraVolumes for extraVolumeMounts %s" .) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/yugabyte/yugaware/templates/certificates.yaml b/charts/yugabyte/yugaware/templates/certificates.yaml new file mode 100644 index 000000000..ff4b7021a --- /dev/null +++ b/charts/yugabyte/yugaware/templates/certificates.yaml @@ -0,0 +1,99 @@ +# Copyright (c) YugaByte, Inc. + +{{- $root := . }} +{{- $tls := $root.Values.tls }} +{{- if and $tls.enabled $tls.certManager.enabled }} +{{- if $tls.certManager.genSelfsigned }} +{{- if $tls.certManager.useClusterIssuer }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ $root.Release.Name }}-yugaware-cluster-issuer +spec: + selfSigned: {} +{{- else }} # useClusterIssuer=false +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ $root.Release.Name }}-yugaware-issuer + namespace: {{ $root.Release.Namespace }} +spec: + selfSigned: {} +--- +{{- end }} # useClusterIssuer +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Release.Name }}-yugaware-ui-root-ca + namespace: {{ $root.Release.Namespace }} +spec: + isCA: true + commonName: Yugaware self signed CA + secretName: {{ .Release.Name }}-yugaware-root-ca + secretTemplate: + labels: + app: "{{ template "yugaware.name" . }}" + chart: "{{ template "yugaware.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + duration: {{ $tls.certManager.configuration.duration | quote }} + renewBefore: {{ $tls.certManager.configuration.renewBefore | quote }} + privateKey: + algorithm: {{ $tls.certManager.configuration.algorithm | quote }} + encoding: PKCS8 + size: {{ $tls.certManager.configuration.keySize }} + rotationPolicy: Always + issuerRef: + {{- if $tls.certManager.useClusterIssuer }} + name: {{ $root.Release.Name }}-yugaware-cluster-issuer + kind: ClusterIssuer + {{- else }} + name: {{ $root.Release.Name }}-yugaware-issuer + kind: Issuer + {{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ $root.Release.Name }}-yugaware-ca-issuer + namespace: {{ $root.Release.Namespace }} +spec: + ca: + secretName: {{ .Release.Name }}-yugaware-root-ca +--- +{{- end }} # genSelfsigned +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $root.Release.Name }}-yugaware-ui-tls + namespace: {{ $root.Release.Namespace }} +spec: + isCA: false + commonName: {{ $tls.hostname }} + secretName: {{ .Release.Name }}-yugaware-tls-cert + secretTemplate: + labels: + app: "{{ template "yugaware.name" . }}" + chart: "{{ template "yugaware.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + duration: {{ $tls.certManager.configuration.duration | quote }} + renewBefore: {{ $tls.certManager.configuration.renewBefore | quote }} + privateKey: + algorithm: {{ $tls.certManager.configuration.algorithm | quote }} + encoding: PKCS8 + size: {{ $tls.certManager.configuration.keySize }} + rotationPolicy: Always + issuerRef: + name: {{ $tls.certManager.genSelfsigned | ternary (printf "%s%s" $root.Release.Name "-yugaware-ca-issuer") ($tls.certManager.useClusterIssuer | ternary $tls.certManager.clusterIssuer $tls.certManager.issuer) }} + {{- if $tls.certManager.useClusterIssuer }} + kind: ClusterIssuer + {{- else }} + kind: Issuer + {{- end }} +--- +{{- end }} diff --git a/charts/yugabyte/yugaware/templates/configs.yaml b/charts/yugabyte/yugaware/templates/configs.yaml index 1c7454945..6c9cd550e 100644 --- a/charts/yugabyte/yugaware/templates/configs.yaml +++ b/charts/yugabyte/yugaware/templates/configs.yaml @@ -31,28 +31,40 @@ data: log.override.path = "/opt/yugabyte/yugaware/data/logs" db { + default.dbname=${POSTGRES_DB} {{ if .Values.postgres.external.host }} default.host="{{ .Values.postgres.external.host }}" default.port={{ .Values.postgres.external.port }} - default.url="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${POSTGRES_DB}${db.default.params} {{ else if eq .Values.ip_version_support "v6_only" }} - default.host="::1" - default.url="jdbc:postgresql://[::1]:"${db.default.port}"/"${POSTGRES_DB}${db.default.params} + default.host="[::1]" {{ else }} default.host="127.0.0.1" - default.url="jdbc:postgresql://127.0.0.1:"${db.default.port}"/"${POSTGRES_DB}${db.default.params} {{ end }} + default.url="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${db.default.dbname}${db.default.params} default.params="{{ .Values.jdbcParams }}" - default.driver=org.postgresql.Driver default.username=${POSTGRES_USER} default.password=${POSTGRES_PASSWORD} - default.logStatements=true - default.migration.initOnMigrate=true - default.migration.auto=true + {{ if .Values.yugaware.cloud.enabled }} + perf_advisor.driver="org.hsqldb.jdbc.JDBCDriver" + perf_advisor.url="jdbc:hsqldb:mem:perf-advisor" + perf_advisor.createDatabaseIfMissing=false + perf_advisor.username="sa" + perf_advisor.password="sa" + perf_advisor.migration.auto=false + perf_advisor.migration.disabled=true + {{ else }} + perf_advisor.url="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${db.perf_advisor.dbname}${db.default.params} + perf_advisor.createDatabaseUrl="jdbc:postgresql://"${db.default.host}":"${db.default.port}"/"${db.default.dbname}${db.default.params} + {{ end }} } - ebean { - default = ["com.yugabyte.yw.models.*"] + + {{- if and (not .Values.useNginxProxy) (.Values.tls.enabled) }} + https.port = 9443 + play.server.https.keyStore { + path = /opt/certs/server.pem + type = PEM } + {{- end }} yb { {{- if .Values.yugaware.universe_boot_script }} @@ -128,7 +140,8 @@ data: {{- range $key, $value := .Values.additionalAppConf.nonStringConf }} {{ $key }} = {{ $value }} {{- end }} -{{- if .Values.tls.enabled }} +{{- if and .Values.tls.enabled (not .Values.tls.certManager.enabled) }} +{{- if .Values.useNginxProxy }} --- apiVersion: v1 kind: Secret @@ -141,10 +154,27 @@ metadata: heritage: {{ .Release.Service | quote }} type: Opaque data: - server.crt: {{ .Values.tls.certificate }} - server.key: {{ .Values.tls.key }} +{{- include "getOrCreateServerCert" (dict "Namespace" .Release.Namespace "Root" . "Name" (printf "%s%s" .Release.Name "-yugaware-tls-cert")) | nindent 2 }} {{- end }} +{{ if not .Values.useNginxProxy }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-yugaware-tls-pem + labels: + app: "{{ template "yugaware.name" . }}" + chart: "{{ template "yugaware.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: +{{- include "getOrCreateServerPem" (dict "Namespace" .Release.Namespace "Root" . "Name" (printf "%s%s" .Release.Name "-yugaware-tls-pem")) | nindent 2 }} +{{ end }} +{{- end }} + +{{- if .Values.useNginxProxy }} --- apiVersion: v1 kind: ConfigMap @@ -200,6 +230,7 @@ data: client_max_body_size {{ .Values.nginx.upload_size }}; } } +{{ end }} --- {{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} apiVersion: v1 @@ -228,6 +259,25 @@ data: echo "host all all all scram-sha-256" >> "${PGDATANEW}/pg_hba.conf"; fi {{- end }} +{{- if .Values.securityContext.enabled }} +--- +apiVersion: "v1" +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-yugaware-pg-prerun + labels: + app: {{ template "yugaware.name" . }} + chart: {{ template "yugaware.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }} +data: + pg-prerun.sh: | + #!/bin/bash + set -x -o errexit + + mkdir -p $PGDATA && chown -R $PG_UID:$PG_GID $PGDATA; +{{- end }} +{{- if .Values.useNginxProxy }} --- apiVersion: v1 kind: ConfigMap @@ -256,7 +306,7 @@ data: uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; - proxy_read_timeout {{ .Values.nginx.proxyReadTimeoutSec }}; + proxy_read_timeout {{ template "get_nginx_proxyReadTimeoutSec" . }}; include /etc/nginx/mime.types; default_type application/octet-stream; @@ -276,6 +326,7 @@ data: include /etc/nginx/conf.d/*.conf; } +{{- end }} {{- if .Values.prometheus.remoteWrite.tls.enabled }} --- apiVersion: v1 @@ -345,7 +396,11 @@ data: - 'container_cpu_usage_seconds_total{pod=~"(.*)yb-(.*)"}' - 'container_memory_working_set_bytes{pod=~"(.*)yb-(.*)"}' # kube-state-metrics - - 'kube_pod_container_resource_requests_cpu_cores{pod=~"(.*)yb-(.*)"}' + # Supports >= OCP v4.4 + # OCP v4.4 has upgraded the KSM from 1.8.0 to 1.9.5. + # https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html#ocp-4-4-cluster-monitoring-version-updates + # - 'kube_pod_container_resource_requests_cpu_cores{pod=~"(.*)yb-(.*)"}' + - 'kube_pod_container_resource_requests{pod=~"(.*)yb-(.*)", unit="core"}' static_configs: - targets: @@ -365,6 +420,12 @@ data: regex: "(.*)" target_label: "container_name" replacement: "$1" + # rename new name of the CPU metric to the old name and label + # ref: https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v200-alpha--2020-09-16 + - source_labels: ["__name__", "unit"] + regex: "kube_pod_container_resource_requests;core" + target_label: "__name__" + replacement: "kube_pod_container_resource_requests_cpu_cores" {{- else }} @@ -415,8 +476,8 @@ data: - targets: ['kube-state-metrics.kube-system.svc.{{.Values.domainName}}:8080'] metric_relabel_configs: # Only keep the metrics which we care about - - source_labels: ["__name__"] - regex: "kube_pod_container_resource_requests_cpu_cores" + - source_labels: ["__name__", "unit"] + regex: "kube_pod_container_resource_requests;core" action: keep # Save the name of the metric so we can group_by since we cannot by __name__ directly... - source_labels: ["__name__"] @@ -435,6 +496,16 @@ data: - source_labels: ["pod_name"] regex: "(.*)yb-(.*)" action: keep + # rename new name of the CPU metric to the old name and label + # ref: https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v200-alpha--2020-09-16 + - source_labels: ["__name__", "unit"] + regex: "kube_pod_container_resource_requests;core" + target_label: "__name__" + replacement: "kube_pod_container_resource_requests_cpu_cores" + # Keep metrics for CPU, discard duplicate metrics + - source_labels: ["__name__"] + regex: "kube_pod_container_resource_requests_cpu_cores" + action: keep - job_name: 'kubernetes-cadvisor' @@ -488,6 +559,12 @@ data: '{{ eq .Values.ip_version_support "v6_only" | ternary "[::1]" "127.0.0.1" }}:9000' ] + - job_name: 'node-agent' + metrics_path: "/metrics" + file_sd_configs: + - files: + - '/opt/yugabyte/prometheus/targets/node-agent.*.json' + - job_name: "node" file_sd_configs: - files: @@ -573,6 +650,8 @@ data: replacement: "$1" - job_name: "yugabyte" + tls_config: + insecure_skip_verify: true metrics_path: "/prometheus-metrics" file_sd_configs: - files: diff --git a/charts/yugabyte/yugaware/templates/rbac.yaml b/charts/yugabyte/yugaware/templates/rbac.yaml index a445885f5..d05dfaeec 100644 --- a/charts/yugabyte/yugaware/templates/rbac.yaml +++ b/charts/yugabyte/yugaware/templates/rbac.yaml @@ -31,15 +31,31 @@ roleRef: apiGroup: rbac.authorization.k8s.io {{- else }} --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: {{ .Release.Name }} - labels: - k8s-app: yugaware - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile rules: +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["get", "create", "delete", "patch"] +- apiGroups: [""] + resources: + - services + verbs: ["get", "delete", "create", "patch", "list", "watch"] +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["get", "delete", "create", "patch", "scale"] +- apiGroups: [""] + resources: + - secrets + verbs: ["create", "list", "get", "delete", "update", "patch"] +- apiGroups: ["cert-manager.io"] + resources: + - certificates + verbs: ["create", "delete", "get", "patch"] - apiGroups: [""] resources: - nodes @@ -48,7 +64,8 @@ rules: - endpoints - pods - pods/exec - verbs: ["get", "list", "watch", "create"] + - configmaps # added configmaps resource + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # added all verbs for configmaps - apiGroups: - extensions resources: @@ -61,13 +78,13 @@ rules: - namespaces - secrets - pods/portforward - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - events # added events resource + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # added all verbs for events - apiGroups: ["", "extensions"] resources: - deployments - services verbs: ["create", "get", "list", "watch", "update", "delete"] - --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/yugabyte/yugaware/templates/service.yaml b/charts/yugabyte/yugaware/templates/service.yaml index fa25427d9..8620cee08 100644 --- a/charts/yugabyte/yugaware/templates/service.yaml +++ b/charts/yugabyte/yugaware/templates/service.yaml @@ -24,14 +24,24 @@ spec: {{- end }} {{- end }} ports: -{{- if .Values.tls.enabled }} +{{- if and (.Values.tls.enabled) (.Values.useNginxProxy) }} - name: ui-tls port: 443 targetPort: 8443 +{{- else if .Values.tls.enabled }} + - name: ui-tls + port: 443 + targetPort: 9443 {{- end }} +{{- if .Values.useNginxProxy }} - name: ui port: 80 targetPort: 8080 +{{- else }} + - name: ui + port: 80 + targetPort: 9000 +{{- end }} - name: metrics port: 9090 selector: diff --git a/charts/yugabyte/yugaware/templates/statefulset.yaml b/charts/yugabyte/yugaware/templates/statefulset.yaml index c6c824ff7..23b0df292 100644 --- a/charts/yugabyte/yugaware/templates/statefulset.yaml +++ b/charts/yugabyte/yugaware/templates/statefulset.yaml @@ -84,6 +84,7 @@ spec: - key: universe_boot_script path: universe-boot-script.sh {{- end }} + {{- if .Values.useNginxProxy }} - name: nginx-config configMap: name: {{ .Release.Name }}-yugaware-nginx-config @@ -96,6 +97,7 @@ spec: items: - key: nginx.conf path: nginx.conf + {{- end }} - name: prometheus-config configMap: name: {{ .Release.Name }}-yugaware-prometheus-config @@ -110,10 +112,25 @@ spec: - key: init-permissions.sh path: init-permissions.sh {{- end }} - {{- if .Values.tls.enabled }} + {{- if and (.Values.tls.enabled) (.Values.useNginxProxy) }} - name: {{ .Release.Name }}-yugaware-tls-cert secret: secretName: {{ .Release.Name }}-yugaware-tls-cert + {{- if .Values.tls.certManager.enabled }} + items: + - key: tls.crt + path: server.crt + - key: tls.key + path: server.key + {{- end }} + {{- end }} + {{- if and (not .Values.useNginxProxy) (.Values.tls.enabled) }} + - name: {{ .Release.Name }}-yugaware-tls-pem + secret: + secretName: {{ .Release.Name }}-yugaware-tls-pem + items: + - key: server.pem + path: server.pem {{- end }} {{- if .Values.prometheus.remoteWrite.tls.enabled }} - name: {{ .Release.Name }}-yugaware-prometheus-remote-write-tls @@ -128,6 +145,16 @@ spec: - key: pg-upgrade-11-to-14.sh path: pg-upgrade-11-to-14.sh {{- end }} + - name: pg-init + configMap: + name: {{ .Release.Name }}-yugaware-pg-prerun + items: + - key: pg-prerun.sh + path: pg-prerun.sh + {{- if .Values.postgres.extraVolumes -}} + {{- include "yugaware.isExtraVolumesMappingExists" .Values.postgres -}} + {{- .Values.postgres.extraVolumes | toYaml | nindent 8 -}} + {{ end }} initContainers: - image: {{ include "full_yugaware_image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -192,6 +219,25 @@ spec: mountPath: /pg_upgrade_logs subPath: postgres_data_14 {{- end }} + {{- if .Values.securityContext.enabled }} + - image: {{ include "full_image" (dict "containerName" "postgres" "root" .) }} + name: postgres-init + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/bash", "/pg_prerun/pg-prerun.sh"] + env: + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: PG_UID + value: {{ .Values.securityContext.runAsUser | quote }} + - name: PG_GID + value: {{ .Values.securityContext.runAsGroup | quote }} + volumeMounts: + - name: yugaware-storage + mountPath: /var/lib/postgresql/data + subPath: postgres_data_14 + - name: pg-init + mountPath: /pg_prerun + {{- end }} containers: {{ if not .Values.postgres.external.host }} - name: postgres @@ -203,6 +249,12 @@ spec: {{- end }} - "-c" - "huge_pages=off" + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ required "runAsUser cannot be empty" .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup | default 0 }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} env: - name: POSTGRES_USER valueFrom: @@ -268,6 +320,10 @@ spec: mountPath: /var/lib/postgresql/data subPath: postgres_data_14 {{- end }} + {{- if .Values.postgres.extraVolumeMounts -}} + {{- include "yugaware.isExtraVolumesMappingExists" .Values.postgres -}} + {{- .Values.postgres.extraVolumeMounts | toYaml | nindent 12 -}} + {{- end -}} {{ end }} - name: prometheus image: {{ include "full_image" (dict "containerName" "prometheus" "root" .) }} @@ -333,12 +389,18 @@ spec: resources: {{ toYaml .Values.yugaware.resources | indent 12 }} {{- end }} - - command: [ "/sbin/tini", "--"] - args: - - "bin/yugaware" - - "-Dconfig.file=/data/application.docker.conf" + args: ["bin/yugaware","-Dconfig.file=/data/application.docker.conf"] env: + # Conditionally set these env variables, if runAsUser is not 0(root) + # or 10001(yugabyte). + {{- if eq (include "checkNssWrapperExportRequired" .) "true" }} + - name: NSS_WRAPPER_GROUP + value: "/tmp/group.template" + - name: NSS_WRAPPER_PASSWD + value: "/tmp/passwd.template" + - name: LD_PRELOAD + value: "/usr/lib64/libnss_wrapper.so" + {{- end }} - name: POSTGRES_USER valueFrom: secretKeyRef: @@ -359,6 +421,7 @@ spec: secretKeyRef: name: {{ .Release.Name }}-yugaware-global-config key: app_secret + {{- with .Values.yugaware.extraEnv }}{{ toYaml . | nindent 12 }}{{ end }} ports: - containerPort: 9000 name: yugaware @@ -391,6 +454,12 @@ spec: - name: yugaware-storage mountPath: /prometheus_configs subPath: prometheus.yml + {{- if and (not .Values.useNginxProxy) (.Values.tls.enabled) }} + - name: {{ .Release.Name }}-yugaware-tls-pem + mountPath: /opt/certs/ + readOnly: true + {{- end }} + {{- if .Values.useNginxProxy }} - name: nginx image: {{ include "full_image" (dict "containerName" "nginx" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -414,6 +483,7 @@ spec: mountPath: /opt/certs/ readOnly: true {{- end }} + {{- end }} {{ if .Values.sidecars }} {{ toYaml .Values.sidecars | indent 8 }} {{ end }} diff --git a/charts/yugabyte/yugaware/values.yaml b/charts/yugabyte/yugaware/values.yaml index 9a90aa4ec..c0a947ad3 100644 --- a/charts/yugabyte/yugaware/values.yaml +++ b/charts/yugabyte/yugaware/values.yaml @@ -5,13 +5,17 @@ fullnameOverride: "" nameOverride: "" +# Cloud team will retain nginx for sometime +# until they start creating a separate pool +useNginxProxy: false + image: commonRegistry: "" # Setting commonRegistry to say, quay.io overrides the registry settings for all images # including the yugaware image repository: quay.io/yugabyte/yugaware - tag: 2.16.5.0-b24 + tag: 2.18.1.0-b84 pullPolicy: IfNotPresent pullSecret: yugabyte-k8s-pull-secret ## Docker config JSON File name @@ -35,12 +39,12 @@ image: prometheus: registry: "" - tag: v2.43.0 + tag: v2.44.0 name: prom/prometheus nginx: registry: "" - tag: 1.23.4 + tag: 1.25.0 name: nginxinc/nginx-unprivileged yugaware: @@ -50,8 +54,8 @@ yugaware: storageAnnotations: {} multiTenant: false ## Name of existing ServiceAccount. When provided, the chart won't create a ServiceAccount. - ## It will attach the required RBAC roles to it. - ## Helpful in Yugabyte Platform GKE App. + ## It will attach the required RBAC roles to it. + ## Helpful in Yugabyte Platform GKE App. serviceAccount: '' serviceMonitor: enabled: false @@ -94,6 +98,8 @@ yugaware: universe_boot_script: "" + extraEnv: [] + ## Configure PostgreSQL part of the application postgres: # DO NOT CHANGE if using OCP Certified helm chart @@ -126,22 +132,65 @@ postgres: ## JDBC connection parameters including the leading `?`. jdbcParams: "" + + ## Extra volumes + ## extraVolumesMounts are mandatory for each extraVolumes. + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core + ## Example: + # extraVolumes: + # - name: custom-nfs-vol + # persistentVolumeClaim: + # claimName: some-nfs-claim + extraVolumes: [] + + ## Extra volume mounts + ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core + ## Example: + # extraVolumeMounts: + # - name: custom-nfs-vol + # mountPath: /home/yugabyte/nfs-backup + extraVolumeMounts: [] + tls: enabled: false hostname: "localhost" - certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDVENDQXZHZ0F3SUJBZ0lVTlhvN2N6T2dyUWQrU09wOWdNdE00b1Vva3hFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZERVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYRFRJeE1EUXdOakExTXpnMU4xb1hEVE14TURRdwpOREExTXpnMU4xb3dGREVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBZzhBTUlJQ0NnS0NBZ0VBMUxsSTFBLzRPOVIzSkNlN1N2MUxYVXhDSmxoTWpIWUoxV1FNVmcvai82RHkKazRTTmY0MkFLQjI0dFJFK2lEWTBNaTJrRWhJcVZ4TFdPN0hkWHVSN0tYNGxSZWFVVkRFTUtYUWNQUC9QWDZkbwpwZVZTUFpSVjVHNHNxTElXUFFkTVdIam9IQWx1aml5dGJsSVJUUWdLU3QrMmpuREFDN0dxRURMREdhNXRUWEM2CktRWkNtOERlaklOUTMzaGU2TDN0Q2hBRnhJM1pwY21sR0twbzdKVXJSUG14Mk9zTHFRcTB5dEVVK0lGZGppWHEKaHJLeFR0NUhHM3M3ZUNWaTRXdlZPelVGUitJbWRlQzBRZTBXeG5iZlZUMnJkVitQL1FaVXhWSEVtWnBPc0k2LwpmczhlK1dsMlduWXY1TTg5MWkxZER3Zi9lMDdiN20xQVRKdDRtTGRldzBtd1V4UGFGT2pDMDh6cU94NmF0cGhLClU1eHNWQmhGNVhyME9DeTQyMzN0MU5URXdWUEFDOFcwQmhHdldTRXBQTXNTKzM1b2lueEFrcFQzL01ibFpjNisKcXhSYUh6MHJhSksvVGIzelVKVWxWZFkxbGl5MVYyVjNxWEU2NWlsOUFHZ2pIaHhBNFBwSktCbzZ0WVRUT3pnTworL25mc0toMk95aE8zUWxBZ0JFUHlYUm5wL0xGSTVuQ2gzdjNiOXlabFNrSk05NkVoWEJ1bHhWUWN3L2p3N2NxCkRLSlBEeHFUQy9rWUs1V0FVZGhkWG1KQkRNMFBLcngzUGVOYjRsYnQzSTFIZW1QRDBoZktiWFd6alhiVTJQdWQKdjZmT0dXTDRLSFpaem9KZ1ljMFovRXRUMEpCR09GM09mMW42N2c5dDRlUnAzbEVSL09NM0FPY1dRbWFvOHlVQwpBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGTU00SjA4WG8wUGY1cTlOSWZiMGYyRzZqc1FoTUI4R0ExVWRJd1FZCk1CYUFGTU00SjA4WG8wUGY1cTlOSWZiMGYyRzZqc1FoTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dJQkFBRmxrWVJkdzA0Zm9vT29BelUyaU5ORGV1aiszemhIeFQ5eU9iSkdwREZIRitoZQpuY1ZRWGZpMitHNjBWY0xuZERsWFhmbDZLOSs4ME55aEg4QjR1UEJNTWhoWG01MjJmYnJac1dFcnR3WE1rM2prClZ5UVA3MGk2NHE1ZGVrZzhoYzI0SXhFUlVsam9XM2lDTTdrb0VxaG15VkpGeDNxMVdobFEwdzNkWVpMQVNRclYKU0RpL2JGWjlqOXVtWVdoc0Y4QjFPSThPVjNlL0YyakU1UCtoTlJJazAzbW9zWE1Rdy9iZ3ZzV0hvSkZ5blB4UApHNGUzUjBob2NnbzI0Q2xOQ21YMWFBUms5c1pyN2h0NlVsM1F1d0dMdzZkK2I5emxrUW56TzFXQzc5ekVNU1R0ClRRRzFNT2ZlL2dTVkR3dThTSnpBOHV1Z0pYTktWWkxCZlpaNW41Tk9sOHdpOVVLa1BVUW4wOHo3VWNYVDR5ZnQKZHdrbnZnWDRvMFloUnNQNHpPWDF6eWxObzhqRDhRNlV1SkdQSksrN1JnUm8zVERPV3k4MEZpUzBxRmxrSFdMKwptT0pUWGxzaEpwdHE5b1c1eGx6N1lxTnFwZFVnRmNyTjJLQWNmaGVlNnV3SUFnOFJteTQvRlhRZjhKdXluSG5oClFhVlFnTEpEeHByZTZVNk5EdWg1Y1VsMUZTcWNCUGFPY0x0Q0ViVWg5ckQxajBIdkRnTUUvTTU2TGp1UGdGZlEKMS9xeXlDUkFjc2NCSnVMYjRxcXRUb25tZVZ3T1BBbzBsNXBjcC9JcjRTcTdwM0NML0kwT0o1SEhjcmY3d3JWSgpQVWgzdU1LbWVHVDRyeDdrWlQzQzBXenhUU0loc0lZOU12MVRtelF4MEprQm93c2NYaUYrcXkvUkl5UVgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" - key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFV1VWpVRC9nNzFIY2sKSjd0Sy9VdGRURUltV0V5TWRnblZaQXhXRCtQL29QS1RoSTEvallBb0hiaTFFVDZJTmpReUxhUVNFaXBYRXRZNwpzZDFlNUhzcGZpVkY1cFJVTVF3cGRCdzgvODlmcDJpbDVWSTlsRlhrYml5b3NoWTlCMHhZZU9nY0NXNk9MSzF1ClVoRk5DQXBLMzdhT2NNQUxzYW9RTXNNWnJtMU5jTG9wQmtLYndONk1nMURmZUY3b3ZlMEtFQVhFamRtbHlhVVkKcW1qc2xTdEUrYkhZNnd1cENyVEswUlQ0Z1YyT0plcUdzckZPM2tjYmV6dDRKV0xoYTlVN05RVkg0aVoxNExSQgo3UmJHZHQ5VlBhdDFYNC85QmxURlVjU1ptazZ3anI5K3p4NzVhWFphZGkva3p6M1dMVjBQQi85N1R0dnViVUJNCm0zaVl0MTdEU2JCVEU5b1U2TUxUek9vN0hwcTJtRXBUbkd4VUdFWGxldlE0TExqYmZlM1UxTVRCVThBTHhiUUcKRWE5WklTazh5eEw3Zm1pS2ZFQ1NsUGY4eHVWbHpyNnJGRm9mUFN0b2tyOU52Zk5RbFNWVjFqV1dMTFZYWlhlcApjVHJtS1gwQWFDTWVIRURnK2trb0dqcTFoTk03T0E3NytkK3dxSFk3S0U3ZENVQ0FFUS9KZEdlbjhzVWptY0tICmUvZHYzSm1WS1FrejNvU0ZjRzZYRlZCekQrUER0eW9Nb2s4UEdwTUwrUmdybFlCUjJGMWVZa0VNelE4cXZIYzkKNDF2aVZ1M2NqVWQ2WThQU0Y4cHRkYk9OZHRUWSs1Mi9wODRaWXZnb2Rsbk9nbUJoelJuOFMxUFFrRVk0WGM1LwpXZnJ1RDIzaDVHbmVVUkg4NHpjQTV4WkNacWp6SlFJREFRQUJBb0lDQUFmY2lScDlOSmxSY3MyOVFpaTFUN0cwCi9jVFpBb3MyV1lxdlZkMWdYUGEzaGY5NXFKa01LNjVQMnVHbUwzOXRNV1NoVnl6cnl2REkyMjM5VnNjSS9wdzcKOHppd0dzODV1TTlYWVN2SDhHd0NqZFdEc2hSZ2hRUWFKa0JkeElDZzRtdHFuSGxjeDk4dE80T1dPTmwxOEp0dgp4UmxpaFZacFRIV295cGtLWHpPN2RNWExXMjdTSStkaGV2Mm5QeXF1eWpIVEFjT1AwbmxVQ0d2dThFMjkvWWxoCkNQZVJTQzhKSEVGYWxNSFNWaGpJd2ZBVWJvVVJwZU1ZSE15RjVTK2JncGZiajhSbVVUR09DbHRkWGJnYjhJai8KN0hROEFlQkIrYVFKTDVEVnFRN1JWN1ppQlMwR2ZyODlHdXdEMUs4em9mcktPdURkdXpjR2hwZk9MeGpGdmhTOApSQ2Y1Z3BFMzg0aWlHc2tWZC9mZDJLK3NhSmk0L09HbHo0aHhhc1hDcTN1TXB5OTZPNFRrMXZzM3BXdWZNVmJXCnR2d1Mrcjhvbk9uOXZqa3lqOU11eUpId1BpSlNGMUt0ZzhPUU5WMlVST0xXcHlYMWk4Z2xoMXdSelRTQ2diQnMKZ3ZxWkFvaU1pWFh3SlVXN3Zpb0RLZjI0TnZvcjViaVNzeUh0MHVKUVZJaW1iK1prTFJwTWdwRlkyTlcrTnd6LwoxOW9DS2ZUVVpWNkJia09IK0NoOUowLy9hTTRGNnUvMTI4V0UxalJQU05mdWQ0b0dpdGVPNXRsRDNWSXRsb1hlCjNyWVMrcTNuYXU1RStWc2FRZGFVNzhrSnpXYmUrWURmQ1JwWGd6TkloSkMyQ1k5d0RSK3hIaVFwbzdLSHV6dngKUkpuRjhIcGwzdWhIdWxEam44dEpBb0lCQVFEeGxhVVIwN1l6TGF2OVZtamZCenpZMjcwOU9tWnhpa3NtRnlhWApKTkJMQVB3SGdXOEVCUHdKOEprSDhXR1NTekp1OXZGd1JDVEVqZ1J5dWUvS05DWnNmUWF2UDg3dzhablJHaEhjCklHUUV1MFN3bmJzZXFJK1VWa0M5amZjaFE4dlowM0dQTGZ6bWpsSW9PNkNLTVM3TlV2Ynk5MksvOHRVVWRtWWgKMmJJa2N4V0J1RDJoenh3K1ZId3ArWktMQ0FPZi9sOG8vQ20xQ1dZSFNGdVYzTkl3T016Z2FKaExJODJNR08zQwpuODZTMXcweGc2MHB5dUV6L0hXZS9JMFZkRGNsWlgyNC9jalVBb01kQlkvSGY4Tkh2ZUNhZExQeXI3eGpRY2NLClAzN0RhdFRyK2RTZ2RoVkxzUDRRRzVVZEZxNUlMSHoxTXBkb2xXZ2pDSlZqcTZMekFvSUJBUURoYXNYdVRzMDIKNEkvYkRlSGRZSmw2Q1NzVUh2NmJXL3dpYlRhd2dpbDh5RUNWS2x6eFY4eENwWnoxWVhRQlY1YnVvQlArbjZCWApnVHgzTTJHc2R5UU1xdGRCWG9qdGp1czB6ekFNQVQzOWNmdWlHMGR0YXF3eWJMVlEwYThDZnFmMDVyUmZ0ekVmCmtTUDk2d01kVUEyTGdCbnU4akwzOU41UkxtK2RpZUdxeDAwYmJTa3l5UE9HNHIvcDl6KzN6TmVmeUhmbm94bTkKUnQza1RpeGhVNkd4UGhOSnZpWEUrWUpwT0dKVXMvK2dUWWpjUE1zRW9ONHIyR215cUs3S21NZExFa3Y1SHliWgprbmNsV2FMVFlhNEpjMjJUaWZJd01NTWMwaCtBMkJVckdjZFZ6MTA0UXluUFZQZDdXcEszenhqcjRPUHh1YnQ2CjZvTWk2REdRSVNlSEFvSUJBUURTK1YyVHFQRDMxczNaU3VvQXc2Qld2ZWVRbmZ5eThSUFpxdVFQb0oycXNxeG0KblpsbXlEZVhNcDloK1dHOVVhQTBtY0dWeWx6VnJqU2lRRkR4cEFOZVFQMWlkSFh6b3ZveVN2TUg2dDJONkVELwpnRy9XUVZ4S0xkMFI3UFhCL2lQN0VaV2RkWXJqaWF5ajZCYTJPR2RuOWlrbFcvZklLM2Y4QzczN2w5TGoxQUVYCkxOL2QvREh0R1BqcDYwTVgyYUxZeVZzdlBxL3BvdENRVVpkeDA4dFhRM05nRXRmVTN1cDFpNXV2bU1IZEtLTWoKOTV0MDRQRTA1aWVOOVgzOEcyYkJhTldYaFVJcUxCdDJiOUgxWmxVU3hQWnR6TGNObkgwSHJYejJMU2MxMzRrYwpueXdhQ2FWbFdhYzJSL0E3Mi8vTmxkUjJpWDBDWDEvM0lGcmVGUmtUQW9JQkFBbGt0S2pRbWRhZWx3QU8zUW1uCm05MnRBaUdOaFJpZVJheDlscGpXWTdveWNoYUZOR2hPTzFIUHF2SEN4TjNGYzZHd0JBVkpTNW81NVhZbUt2elAKM2kyMDlORmhpaDAwSm5NRjZ6K2swWnQ5STNwRzNyd2RoTjE1RURrMDg3RUw3QjNWZTFDOXhvdEZOaFcvdEZxRgpXbnNrdEcvem9kSVpYeVpNNUJQUmloamV3MFRRVUxZd0Q0M2daeFR0MjdiaUQxNDJNV0R5dUFEZU1pTHdhd01IClJDYXBxbzRaSVdQSzdmZEtoVFo0WmIrZFc0V3A5dC9UZ0U2ZGJ4SWwyMXJQOFFZYzFoT2tpNjduWHBXczNZOG4KYytRcTdqY0d1WlB1aEVMd01xWGcyMGozZ3duOVlTb1dDbWo4Wm0rNmY0Q3ZYWjkrdUtEN0YyZncyOVFaanU4dApvb01DZ2dFQkFPbVVHZ1VoT0tUVys1eEpkZlFKRUVXUncyVFF6Z2l6dSt3aVkzaDYrYXNTejRNY0srVGx6bWxVCmFHT013dFhTUzc0RXIxVmlCVXMrZnJKekFPR21IV0ExZWdtaGVlY1BvaE9ybTh5WkVueVJOSkRhWC9UUXBSUnEKaVdoWENBbjJTWFQxcFlsYVBzMjdkbXpFWnQ3UlVUSkJZZ1hHZXQ4dXFjUXZaVDJZK3N6cHFNV3UzaEpWdmIxdgpZNGRJWE12RG1aV1BPVjFwbHJEaTVoc214VW05TDVtWk1IblllNzFOYkhsaEIxK0VUNXZmWFZjOERzU1RRZWRRCitDRHJKNGQ0em85dFNCa2pwYTM5M2RDRjhCSURESUQyWkVJNCtBVW52NWhTNm82NitOLzBONlp3cXkwc2pKY0cKQ21LeS9tNUpqVzFJWDMxSmZ1UU5Ldm9YNkRFN0Zkaz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + ## Expects base 64 encoded values for certificate and key. + certificate: "" + key: "" sslProtocols: "" # if set, override default Nginx SSL protocols setting + ## cert-manager values + ## If cert-manager is enabled: + ## If genSelfsigned: true: + ## Create a self-signed issuer/clusterIssuer + ## Generate a rootCA using the above issuer. + ## Generate a tls certificate with secret name as: {{ .Release.Name }}-yugaware-tls-cert + ## Else if genSelfsigned: false: + ## Expect a clusterIssuer/issuer to be provided by user + ## Generate a tls cert based on above issuer with secret name as: {{ .Release.Name }}-yugaware-tls-cert + certManager: + enabled: false + genSelfsigned: true + useClusterIssuer: false + clusterIssuer: cluster-ca + issuer: yugaware-ca + ## Configuration for the TLS certificate requested from Issuer/ClusterIssuer + configuration: + duration: 8760h # 90d + renewBefore: 240h # 15d + algorithm: RSA # ECDSA or RSA + # Can be 2048, 4096 or 8192 for RSA + # Or 256, 384 or 521 for ECDSA + keySize: 2048 ## yugaware pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: - enabled: false + enabled: true ## fsGroup related values are set at the pod level. fsGroup: 10001 fsGroupChangePolicy: "OnRootMismatch" - ## The following values are set for yugaware and prometheus containers. - ## Setting runAsUser other than 10001 will fail the VM universe deployment flow. + ## Expected to have runAsUser values != 0 when + ## runAsNonRoot is set to true, otherwise container creation fails. runAsUser: 10001 runAsGroup: 10001 runAsNonRoot: true diff --git a/index.yaml b/index.yaml index 18b9d4830..2cc986acc 100644 --- a/index.yaml +++ b/index.yaml @@ -11776,6 +11776,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-06-28T17:16:28.004751096Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: c915fb331878b4e464fe7e3dc5f0db359e043b7e77111dded8707a633747e746 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.32.7.tgz + version: 3.32.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -13499,6 +13536,39 @@ entries: - assets/datadog/datadog-2.4.200.tgz version: 2.4.200 datadog-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog Operator + catalog.cattle.io/release-name: datadog-operator + apiVersion: v2 + appVersion: 1.0.3 + created: "2023-06-28T17:16:28.1542652Z" + dependencies: + - alias: datadogCRDs + condition: installCRDs + name: datadog-crds + repository: file://./charts/datadog-crds + tags: + - install-crds + version: =1.0.1 + description: Datadog Operator + digest: 5000fbc829309246e19f249c7ff26ef1f9d9613cabdd16325dde001e06202533 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog-operator + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-operator-1.0.5.tgz + version: 1.0.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog Operator @@ -14942,6 +15012,38 @@ entries: - assets/f5/f5-bigip-ctlr-0.0.1901.tgz version: 0.0.1901 falcon-sensor: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrowdStrike Falcon Platform + catalog.cattle.io/kube-version: '>1.22.0-0' + catalog.cattle.io/release-name: falcon-sensor + apiVersion: v2 + appVersion: 1.20.2 + created: "2023-06-28T17:16:27.595069158Z" + description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes + clusters. + digest: 6c015963d4293d69f53d78bbb9bac10f9a78ca1c169a8cf8cc1dbf81758a1fbb + home: https://crowdstrike.com + icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg + keywords: + - CrowdStrike + - Falcon + - EDR + - kubernetes + - security + - monitoring + - alerting + kubeVersion: '>1.22.0-0' + maintainers: + - email: integrations@crowdstrike.com + name: CrowdStrike Solutions Architecture + name: falcon-sensor + sources: + - https://github.com/CrowdStrike/falcon-helm + type: application + urls: + - assets/crowdstrike/falcon-sensor-1.20.2.tgz + version: 1.20.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrowdStrike Falcon Platform @@ -16559,6 +16661,45 @@ entries: - assets/gluu/gluu-5.0.10.tgz version: 5.0.10 gopaddle: + - annotations: + artifacthub.io/changes: |- + - kind: added + description: Docker Compose based installer for Docker Desktop extension + - kind: changed + description: Docker Image size optimization for faster installation + - kind: added + description: Gitlab person access token support added + - kind: changed + description: EKS cluster create - UX improvements for Master role ARN, Node role ARN & ALB role + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: gopaddle + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/namespace: gp-lite-4-2 + catalog.cattle.io/release-name: gopaddle + apiVersion: v2 + appVersion: 4.2.8 + created: "2023-06-28T17:16:43.38547537Z" + dependencies: + - condition: global.installer.chart.gp-core + name: gp-core + repository: file://./charts/gp-core + - condition: global.installer.chart.rabbitmq + name: gp-rabbitmq + repository: file://./charts/gp-rabbitmq + description: Simple low-code platform for Kubernetes developers and operators + digest: 5a0a4bcc80ddda800993c19bff1a32921ccd3cdc3a24958ba4432b6c9d3e85ae + home: https://gopaddle.io + icon: https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/gopaddle.png + keywords: + - low-code + - Internal Developer Platform + - PaaS + - Community Edition + kubeVersion: '>=1.21-0' + name: gopaddle + urls: + - assets/gopaddle/gopaddle-4.2.8.tgz + version: 4.2.8 - annotations: artifacthub.io/changes: |- - kind: added @@ -18769,6 +18910,62 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/images: | + - name: jenkins + image: jenkins/jenkins:2.401.2-jdk11 + - name: k8s-sidecar + image: kiwigrid/k8s-sidecar:1.24.4 + - name: inbound-agent + image: jenkins/inbound-agent:3107.v665000b_51092-15 + - name: backup + image: maorfr/kube-tasks:0.2.0 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.401.2 + created: "2023-06-28T17:16:43.831493826Z" + description: Jenkins - Build great things at any scale! The leading open source + automation server, Jenkins provides hundreds of plugins to support building, + deploying and automating any project. + digest: cedbedabc5d164c251d0322e80c5a35ed7f5805dba8911f26d01e19907eac6d6 + home: https://jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + urls: + - assets/jenkins/jenkins-4.3.29.tgz + version: 4.3.29 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/images: | @@ -21450,6 +21647,47 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.0 + created: "2023-06-28T17:16:25.539961722Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: ed17a12eaec13b44d9d7357356862a2e26dcb57111ccd254a13a2e9301b73de6 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/kafka + urls: + - assets/bitnami/kafka-23.0.1.tgz + version: 23.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -25922,6 +26160,32 @@ entries: - assets/metallb/metallb-0.13.7.tgz version: 0.13.7 minio-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Minio Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: minio-operator + apiVersion: v2 + appVersion: v5.0.6 + created: "2023-06-28T17:16:45.799302483Z" + description: A Helm chart for MinIO Operator + digest: 300b50641e16b37b985d287cfb3acc09d37d3aadbcdce0956f3e4acf60c9dcd9 + home: https://min.io + icon: https://min.io/resources/img/logo/MINIO_wordmark.png + keywords: + - storage + - object-storage + - S3 + maintainers: + - email: dev@minio.io + name: MinIO, Inc + name: minio-operator + sources: + - https://github.com/minio/operator + type: application + urls: + - assets/minio/minio-operator-5.0.6.tgz + version: 5.0.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Minio Operator @@ -27566,10 +27830,36 @@ entries: catalog.cattle.io/kube-version: '>= 1.22.0-0' catalog.cattle.io/release-name: nginx-ingress apiVersion: v2 - appVersion: 3.1.1 - created: "2023-05-08T19:55:58.069331722Z" + appVersion: 3.2.0 + created: "2023-06-28T17:16:43.176758986Z" description: NGINX Ingress Controller - digest: 0f3303951516b1a70cc367b7e1fd991783313aec400192688684a4f68a15e212 + digest: d206743aefb89d92486831968c9cc69935c55fe2cc9f83706a1c66ad45f47a41 + home: https://github.com/nginxinc/kubernetes-ingress + icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.2.0/deployments/helm-chart/chart-icon.png + keywords: + - ingress + - nginx + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: kubernetes@nginx.com + name: nginxinc + name: nginx-ingress + sources: + - https://github.com/nginxinc/kubernetes-ingress/tree/v3.2.0/deployments/helm-chart + type: application + urls: + - assets/f5/nginx-ingress-0.18.0.tgz + version: 0.18.0 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NGINX Ingress Controller + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/release-name: nginx-ingress + apiVersion: v2 + appVersion: 3.1.1 + created: "2023-06-28T17:16:28.352935261Z" + description: NGINX Ingress Controller + digest: 32bfcca299b65f59031a880838ff685e8175ea531b71062b5d44c4f10dc22d3b home: https://github.com/nginxinc/kubernetes-ingress icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.1.1/deployments/helm-chart/chart-icon.png keywords: @@ -34454,6 +34744,46 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.1.10 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.13 + created: "2023-06-28T17:16:47.020187912Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 6ccafb34f589ecb987774dda5ede07ddd02a47ab4bf4c6ebbf4b6cc839dcbe21 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.48.tgz + version: 4.0.48 - annotations: artifacthub.io/images: | - name: redpanda @@ -37208,6 +37538,40 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.4.1 + created: "2023-06-28T17:16:26.322487959Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: c83453e61a821fbf20f45b9a83ffc662428a75ead91113ca614ef131562a68c4 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-7.1.0.tgz + version: 7.1.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -38038,6 +38402,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.3.145 + created: "2023-06-28T17:16:47.130951527Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 1a1c8ec609b7d1b0132be2a69f10664c0d552452e81a17ba9b87697b00331515 + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.3.18.tgz + version: 1.3.18 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -39485,6 +39880,42 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.14.1 + created: "2023-06-28T17:16:47.463800909Z" + description: Sysdig Monitor and Secure agent + digest: 868a6f6ff44d35299924f934010d41df5ca8970b390899bb65b919c6d525a867 + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: lachlan@deis.com + name: lachie83 + - email: jorge.salamero@sysdig.com + name: bencer + - email: nestor.salceda@sysdig.com + name: nestorsalceda + - email: alvaro.iradier@sysdig.com + name: airadier + - email: carlos.arilla@sysdig.com + name: carillan81 + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.16.0.tgz + version: 1.16.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -43389,6 +43820,53 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.2 + created: "2023-06-28T17:16:27.114818345Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: d56391dfb9113fe06bd9292f3b1f0f5217769b07fa208bb9daa7c7f8be29f385 + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-16.1.20.tgz + version: 16.1.20 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -46052,6 +46530,32 @@ entries: - assets/bitnami/wordpress-15.2.6.tgz version: 15.2.6 yugabyte: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugabyte + charts.openshift.io/name: yugabyte + apiVersion: v2 + appVersion: 2.18.1.0-b84 + created: "2023-06-28T17:16:47.956673359Z" + description: YugabyteDB is the high-performance distributed SQL database for building + global, internet-scale apps. + digest: 8645d47eb6b3d3ba7153ecafe4d479ce76cbc574c35d815eb9015ea77784c4d0 + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugabyte + sources: + - https://github.com/yugabyte/yugabyte-db + urls: + - assets/yugabyte/yugabyte-2.18.1.tgz + version: 2.18.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB @@ -46421,6 +46925,32 @@ entries: - assets/yugabyte/yugabyte-2.14.3.tgz version: 2.14.3 yugaware: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB Anywhere + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugaware + charts.openshift.io/name: yugaware + apiVersion: v2 + appVersion: 2.18.1.0-b84 + created: "2023-06-28T17:16:47.991598366Z" + description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB + cluster with multiple pods provided by Kubernetes or OpenShift and logically + grouped together to form one logical distributed database. + digest: 53bf5d8cc3682d533ccd2db69d768d473ba10a002c20d5db64b692ae315e50fe + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugaware + urls: + - assets/yugabyte/yugaware-2.18.1.tgz + version: 2.18.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB Anywhere