andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  argo/argo-cd:
    - 5.49.0
  bitnami/wordpress:
    - 18.0.12
  cert-manager/cert-manager:
    - v1.13.2
  crowdstrike/falcon-sensor:
    - 1.22.1
  external-secrets/external-secrets:
    - 0.9.8
  hashicorp/vault:
    - 0.26.1
  loft/loft:
    - 3.3.1
  nats/nats:
    - 1.1.3
  new-relic/nri-bundle:
    - 5.0.43
  redpanda/redpanda:
    - 5.6.37
  stackstate/stackstate-k8s-agent:
    - 1.0.51
```
pull/932/head
github-actions[bot] 2023-10-31 13:41:58 +00:00
parent 0771e64a07
commit d47dfdbd11
103 changed files with 1097 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.47.0.tgz
View File

Binary file not shown.

BIN
assets/argo/argo-cd-5.49.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-18.0.12.tgz Normal file
View File

Binary file not shown.

BIN
assets/cert-manager/cert-manager-v1.13.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/crowdstrike/falcon-sensor-1.22.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/external-secrets/external-secrets-0.9.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/vault-0.25.0.tgz
View File

Binary file not shown.

BIN
assets/hashicorp/vault-0.26.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/loft/loft-3.3.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-1.1.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.43.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.6.37.tgz Normal file
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.51.tgz Normal file
View File

Binary file not shown.

6
charts/argo/argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: add terminationGracePeriodSeconds
description: Add notification cluster role support
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -11,7 +11,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
appVersion: v2.8.4
appVersion: v2.8.5
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@ -33,4 +33,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 5.47.0
version: 5.49.0

1
charts/argo/argo-cd/README.md
View File

@ -1160,6 +1160,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|-----|------|---------|-------------|
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource |
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |

22
charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
rules:
{{- with .Values.notifications.clusterRoleRules.rules }}
{{- toYaml . | nindent 2 }}
{{- end }}
- apiGroups:
- "argoproj.io"
resources:
- "applications"
verbs:
- get
- list
- watch
- update
- patch
{{- end }}

16
charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.notificationsServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

8
charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml
View File

@ -78,13 +78,19 @@ spec:
configMapKeyRef:
key: notificationscontroller.log.level
name: argocd-cmd-params-cm
optional: true
optional: true
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
{{- with .Values.notifications.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}

8
charts/argo/argo-cd/values.yaml
View File

@ -326,7 +326,7 @@ configs:
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
@ -2997,6 +2997,12 @@ notifications:
# -- Whether helm chart creates notifications controller config map
create: true
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- List of custom rules for the notifications controller's ClusterRole resource
rules: []
# -- Contains centrally managed global application subscriptions
## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
subscriptions: []

4
charts/bitnami/wordpress/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
- name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r90
- name: wordpress
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r4
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5
licenses: Apache-2.0
apiVersion: v2
appVersion: 6.3.2
@ -47,4 +47,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 18.0.11
version: 18.0.12

2
charts/bitnami/wordpress/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.3.2-debian-11-r4
tag: 6.3.2-debian-11-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

4
charts/cert-manager/cert-manager/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
catalog.cattle.io/namespace: cert-manager
catalog.cattle.io/release-name: cert-manager
apiVersion: v1
appVersion: v1.13.1
appVersion: v1.13.2
description: A Helm chart for cert-manager
home: https://github.com/cert-manager/cert-manager
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png
@ -27,4 +27,4 @@ maintainers:
name: cert-manager
sources:
- https://github.com/cert-manager/cert-manager
version: v1.13.1
version: v1.13.2

16
charts/cert-manager/cert-manager/README.md
View File

@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou
This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.
```bash
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml
```
To install the chart with the release name `my-release`:
@ -29,7 +29,7 @@ To install the chart with the release name `my-release`:
$ helm repo add jetstack https://charts.jetstack.io
## Install the cert-manager helm chart
$ helm install my-release --namespace cert-manager --version v1.13.1 jetstack/cert-manager
$ helm install my-release --namespace cert-manager --version v1.13.2 jetstack/cert-manager
```
In order to begin issuing certificates, you will need to set up a ClusterIssuer
@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als
delete the previously installed CustomResourceDefinition resources:
```console
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml
```
## Configuration
@ -86,7 +86,7 @@ The following table lists the configurable parameters of the cert-manager chart
| `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | |
| `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` |
| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` |
| `image.tag` | Image tag | `v1.13.1` |
| `image.tag` | Image tag | `v1.13.2` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `replicaCount` | Number of cert-manager replicas | `1` |
| `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod |
@ -171,7 +171,7 @@ The following table lists the configurable parameters of the cert-manager chart
| `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` |
| `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` |
| `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` |
| `webhook.image.tag` | Webhook image tag | `v1.13.1` |
| `webhook.image.tag` | Webhook image tag | `v1.13.2` |
| `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` |
| `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` |
| `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
@ -210,13 +210,13 @@ The following table lists the configurable parameters of the cert-manager chart
| `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` |
| `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` |
| `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` |
| `cainjector.image.tag` | cainjector image tag | `v1.13.1` |
| `cainjector.image.tag` | cainjector image tag | `v1.13.2` |
| `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` |
| `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
| `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) |
| `cainjector.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` |
| `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` |
| `acmesolver.image.tag` | acmesolver image tag | `v1.13.1` |
| `acmesolver.image.tag` | acmesolver image tag | `v1.13.2` |
| `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` |
| `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` |
| `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
@ -232,7 +232,7 @@ The following table lists the configurable parameters of the cert-manager chart
| `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` |
| `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` |
| `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` |
| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.1` |
| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.2` |
| `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` |
| `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` |
| `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | |

2
charts/cert-manager/cert-manager/templates/webhook-deployment.yaml
View File

@ -75,7 +75,7 @@ spec:
{{ if not $config.securePort -}}
- --secure-port={{ .Values.webhook.securePort }}
{{- end }}
{{- if .Values.featureGates }}
{{- if .Values.webhook.featureGates }}
- --feature-gates={{ .Values.webhook.featureGates }}
{{- end }}
{{- $tlsConfig := default $config.tlsConfig "" }}

4
charts/crowdstrike/falcon-sensor/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>1.22.0-0'
catalog.cattle.io/release-name: falcon-sensor
apiVersion: v2
appVersion: 1.21.2
appVersion: 1.22.1
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@ -24,4 +24,4 @@ name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
version: 1.21.2
version: 1.22.1

9
charts/crowdstrike/falcon-sensor/templates/daemonset.yaml
View File

@ -108,6 +108,15 @@ spec:
- name: falconstore-dir
mountPath: /host_opt
{{- end }}
resources:
requests:
cpu: 10m
ephemeral-storage: 10Mi
memory: 50Mi
limits:
cpu: 10m
ephemeral-storage: 10Mi
memory: 50Mi
securityContext:
runAsUser: 0
privileged: true

18
charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml
View File

@ -100,6 +100,15 @@ spec:
- name: opt-crowdstrike
mountPath: /host_opt
{{- end }}
resources:
requests:
cpu: 10m
ephemeral-storage: 10Mi
memory: 50Mi
limits:
cpu: 10m
ephemeral-storage: 10Mi
memory: 50Mi
securityContext:
runAsUser: 0
privileged: true
@ -124,6 +133,15 @@ spec:
- sleep 10
command:
- /bin/bash
resources:
requests:
cpu: 10m
ephemeral-storage: 10Mi
memory: 50Mi
limits:
cpu: 10m
ephemeral-storage: 10Mi
memory: 50Mi
securityContext:
privileged: false
readOnlyRootFilesystem: true

4
charts/external-secrets/external-secrets/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: external-secrets
apiVersion: v2
appVersion: v0.9.7
appVersion: v0.9.8
description: External secret management for Kubernetes
home: https://github.com/external-secrets/external-secrets
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
@ -17,4 +17,4 @@ maintainers:
name: mcavoyk
name: external-secrets
type: application
version: 0.9.7
version: 0.9.8

2
charts/external-secrets/external-secrets/README.md
View File

@ -4,7 +4,7 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.7](https://img.shields.io/badge/Version-0.9.7-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.8](https://img.shields.io/badge/Version-0.9.8-informational?style=flat-square)
External secret management for Kubernetes

66
charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml
View File

@ -79,16 +79,28 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
enum:
- Auto
- Base64
- Base64URL
- None
type: string
key:
description: Key is the key used in the Provider, mandatory
type: string
metadataPolicy:
default: None
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
enum:
- None
- Fetch
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
@ -151,16 +163,28 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
enum:
- Auto
- Base64
- Base64URL
- None
type: string
key:
description: Key is the key used in the Provider, mandatory
type: string
metadataPolicy:
default: None
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
enum:
- None
- Fetch
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
@ -177,10 +201,18 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
enum:
- Auto
- Base64
- Base64URL
- None
type: string
name:
description: Finds secrets based on the name.
@ -215,6 +247,15 @@ spec:
- source
- target
type: object
transform:
description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
properties:
template:
description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
type: string
required:
- template
type: object
type: object
type: array
sourceRef:
@ -307,9 +348,16 @@ spec:
type: object
engineVersion:
default: v2
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
enum:
- v1
- v2
type: string
mergePolicy:
default: Replace
enum:
- Replace
- Merge
type: string
metadata:
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
@ -335,6 +383,9 @@ spec:
type: string
templateAs:
default: Values
enum:
- Values
- KeysAndValues
type: string
required:
- key
@ -357,6 +408,9 @@ spec:
type: string
templateAs:
default: Values
enum:
- Values
- KeysAndValues
type: string
required:
- key
@ -370,6 +424,10 @@ spec:
type: object
target:
default: Data
enum:
- Data
- Annotations
- Labels
type: string
type: object
type: array
@ -409,12 +467,16 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
items:
type: string
type: array
refreshTime:
description: The time in which the controller should reconcile it's objects and recheck namespaces for labels.
description: The time in which the controller should reconcile its objects and recheck namespaces for labels.
type: string
required:
- externalSecretSpec
- namespaceSelector
type: object
status:
description: ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.

8
charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml
View File

@ -657,7 +657,7 @@ spec:
description: Oracle configures this store to sync secrets using Oracle Vault provider
properties:
auth:
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
properties:
secretRef:
description: SecretRef to pass through sensitive information.
@ -703,6 +703,9 @@ spec:
- tenancy
- user
type: object
principalType:
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
type: string
region:
description: Region is the region where vault is located.
type: string
@ -2221,6 +2224,9 @@ spec:
- tenancy
- user
type: object
principalType:
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
type: string
region:
description: Region is the region where vault is located.
type: string

71
charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml
View File

@ -62,6 +62,9 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
key:
description: Key is the key used in the Provider, mandatory
@ -90,6 +93,9 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
key:
description: Key is the key used in the Provider, mandatory
@ -126,6 +132,10 @@ spec:
creationPolicy:
default: Owner
description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
enum:
- Owner
- Merge
- None
type: string
immutable:
description: Immutable defines if the final secret will be immutable
@ -143,6 +153,9 @@ spec:
engineVersion:
default: v1
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
enum:
- v1
- v2
type: string
metadata:
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
@ -288,16 +301,28 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
enum:
- Auto
- Base64
- Base64URL
- None
type: string
key:
description: Key is the key used in the Provider, mandatory
type: string
metadataPolicy:
default: None
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
enum:
- None
- Fetch
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
@ -360,16 +385,28 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
enum:
- Auto
- Base64
- Base64URL
- None
type: string
key:
description: Key is the key used in the Provider, mandatory
type: string
metadataPolicy:
default: None
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
enum:
- None
- Fetch
type: string
property:
description: Used to select a specific property of the Provider value (if a map), if supported
@ -386,10 +423,18 @@ spec:
conversionStrategy:
default: Default
description: Used to define a conversion Strategy
enum:
- Default
- Unicode
type: string
decodingStrategy:
default: None
description: Used to define a decoding Strategy
enum:
- Auto
- Base64
- Base64URL
- None
type: string
name:
description: Finds secrets based on the name.
@ -424,6 +469,15 @@ spec:
- source
- target
type: object
transform:
description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
properties:
template:
description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
type: string
required:
- template
type: object
type: object
type: array
sourceRef:
@ -516,9 +570,16 @@ spec:
type: object
engineVersion:
default: v2
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
enum:
- v1
- v2
type: string
mergePolicy:
default: Replace
enum:
- Replace
- Merge
type: string
metadata:
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
@ -544,6 +605,9 @@ spec:
type: string
templateAs:
default: Values
enum:
- Values
- KeysAndValues
type: string
required:
- key
@ -566,6 +630,9 @@ spec:
type: string
templateAs:
default: Values
enum:
- Values
- KeysAndValues
type: string
required:
- key
@ -579,6 +646,10 @@ spec:
type: object
target:
default: Data
enum:
- Data
- Annotations
- Labels
type: string
type: object
type: array

3
charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml
View File

@ -80,6 +80,9 @@ spec:
deletionPolicy:
default: None
description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".'
enum:
- Delete
- None
type: string
refreshInterval:
description: The Interval to which External Secrets will try to push a secret definition

8
charts/external-secrets/external-secrets/templates/crds/secretstore.yaml
View File

@ -657,7 +657,7 @@ spec:
description: Oracle configures this store to sync secrets using Oracle Vault provider
properties:
auth:
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
properties:
secretRef:
description: SecretRef to pass through sensitive information.
@ -703,6 +703,9 @@ spec:
- tenancy
- user
type: object
principalType:
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
type: string
region:
description: Region is the region where vault is located.
type: string
@ -2221,6 +2224,9 @@ spec:
- tenancy
- user
type: object
principalType:
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
type: string
region:
description: Region is the region where vault is located.
type: string

10
charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.9.7
helm.sh/chart: external-secrets-0.9.7
app.kubernetes.io/version: v0.9.8
helm.sh/chart: external-secrets-0.9.8
name: RELEASE-NAME-external-secrets-cert-controller
namespace: NAMESPACE
spec:
@ -24,8 +24,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-cert-controller
app.kubernetes.io/version: v0.9.7
helm.sh/chart: external-secrets-0.9.7
app.kubernetes.io/version: v0.9.8
helm.sh/chart: external-secrets-0.9.8
spec:
automountServiceAccountToken: true
containers:
@ -38,7 +38,7 @@ should match snapshot of default values:
- --secret-namespace=NAMESPACE
- --metrics-addr=:8080
- --healthz-addr=:8081
image: ghcr.io/external-secrets/external-secrets:v0.9.7
image: ghcr.io/external-secrets/external-secrets:v0.9.8
imagePullPolicy: IfNotPresent
name: cert-controller
ports:

10
charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.9.7
helm.sh/chart: external-secrets-0.9.7
app.kubernetes.io/version: v0.9.8
helm.sh/chart: external-secrets-0.9.8
name: RELEASE-NAME-external-secrets
namespace: NAMESPACE
spec:
@ -24,14 +24,14 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets
app.kubernetes.io/version: v0.9.7
helm.sh/chart: external-secrets-0.9.7
app.kubernetes.io/version: v0.9.8
helm.sh/chart: external-secrets-0.9.8
spec:
automountServiceAccountToken: true
containers:
- args:
- --concurrent=1
image: ghcr.io/external-secrets/external-secrets:v0.9.7
image: ghcr.io/external-secrets/external-secrets:v0.9.8
imagePullPolicy: IfNotPresent
name: external-secrets
ports:

8
charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap
View File

@ -662,7 +662,7 @@ should match snapshot of default values:
description: Oracle configures this store to sync secrets using Oracle Vault provider
properties:
auth:
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
properties:
secretRef:
description: SecretRef to pass through sensitive information.
@ -708,6 +708,9 @@ should match snapshot of default values:
- tenancy
- user
type: object
principalType:
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
type: string
region:
description: Region is the region where vault is located.
type: string
@ -2226,6 +2229,9 @@ should match snapshot of default values:
- tenancy
- user
type: object
principalType:
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
type: string
region:
description: Region is the region where vault is located.
type: string

14
charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap
View File

@ -7,8 +7,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.7
helm.sh/chart: external-secrets-0.9.7
app.kubernetes.io/version: v0.9.8
helm.sh/chart: external-secrets-0.9.8
name: RELEASE-NAME-external-secrets-webhook
namespace: NAMESPACE
spec:
@ -24,8 +24,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.7
helm.sh/chart: external-secrets-0.9.7
app.kubernetes.io/version: v0.9.8
helm.sh/chart: external-secrets-0.9.8
spec:
automountServiceAccountToken: true
containers:
@ -37,7 +37,7 @@ should match snapshot of default values:
- --check-interval=5m
- --metrics-addr=:8080
- --healthz-addr=:8081
image: ghcr.io/external-secrets/external-secrets:v0.9.7
image: ghcr.io/external-secrets/external-secrets:v0.9.8
imagePullPolicy: IfNotPresent
name: webhook
ports:
@ -81,8 +81,8 @@ should match snapshot of default values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: external-secrets-webhook
app.kubernetes.io/version: v0.9.7
app.kubernetes.io/version: v0.9.8
external-secrets.io/component: webhook
helm.sh/chart: external-secrets-0.9.7
helm.sh/chart: external-secrets-0.9.8
name: RELEASE-NAME-external-secrets-webhook
namespace: NAMESPACE

28
charts/hashicorp/vault/CHANGELOG.md
View File

@ -1,5 +1,33 @@
## Unreleased
## 0.26.1 (October 30, 2023)
Bugs:
* Fix templating of `server.ha.replicas` when set via override file. The `0.26.0` chart would ignore `server.ha.replicas` and always deploy 3 server replicas when `server.ha.enabled=true` unless overridden by command line when issuing the helm command: `--set server.ha.replicas=<some_number>`. Fixed in [GH-961](https://github.com/hashicorp/vault-helm/pull/961)
## 0.26.0 (October 27, 2023)
Changes:
* Default `vault` version updated to 1.15.1
* Default `vault-k8s` version updated to 1.3.1
* Default `vault-csi-provider` version updated to 1.4.1
* Tested with Kubernetes versions 1.24-1.28
* server: OpenShift default readiness probe returns 204 when uninitialized [GH-966](https://github.com/hashicorp/vault-helm/pull/966)
Features:
* server: Add support for dual stack clusters [GH-833](https://github.com/hashicorp/vault-helm/pull/833)
* server: Support `hostAliases` for the StatefulSet pods [GH-955](https://github.com/hashicorp/vault-helm/pull/955)
* server: Add `server.service.active.annotations` and `server.service.standby.annotations` [GH-896](https://github.com/hashicorp/vault-helm/pull/896)
* server: Add long-lived service account token option [GH-923](https://github.com/hashicorp/vault-helm/pull/923)
Bugs:
* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909)
Improvements:
* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909)
* server: use vault.fullname in Helm test [GH-912](https://github.com/hashicorp/vault-helm/pull/912)
* server: Allow scaling HA replicas to zero [GH-943](https://github.com/hashicorp/vault-helm/pull/943)
## 0.25.0 (June 26, 2023)
Changes:

4
charts/hashicorp/vault/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
catalog.cattle.io/release-name: vault
charts.openshift.io/name: HashiCorp Vault
apiVersion: v2
appVersion: 1.14.0
appVersion: 1.15.1
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
@ -25,4 +25,4 @@ sources:
- https://github.com/hashicorp/vault-helm
- https://github.com/hashicorp/vault-k8s
- https://github.com/hashicorp/vault-csi-provider
version: 0.25.0
version: 0.26.1

4
charts/hashicorp/vault/README.md
View File

@ -10,7 +10,7 @@ cases of Vault on Kubernetes depending on the values provided.
For full documentation on this Helm chart along with all the ways you can
use Vault with Kubernetes, please see the
[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
[Vault and Kubernetes documentation](https://developer.hashicorp.com/vault/docs/platform/k8s).
## Prerequisites
@ -39,5 +39,5 @@ $ helm install vault hashicorp/vault
Please see the many options supported in the `values.yaml` file. These are also
fully documented directly on the [Vault
website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more
detailed installation instructions.

2
charts/hashicorp/vault/templates/NOTES.txt
View File

@ -4,7 +4,7 @@ Thank you for installing HashiCorp Vault!
Now that you have deployed Vault, you should look over the docs on using
Vault with Kubernetes available here:
https://www.vaultproject.io/docs/
https://developer.hashicorp.com/vault/docs
Your release is named {{ .Release.Name }}. To learn more about the release, try:

51
charts/hashicorp/vault/templates/_helpers.tpl
View File

@ -36,6 +36,13 @@ Expand the name of the chart.
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden
*/}}
{{- define "vault.namespace" -}}
{{- default .Release.Namespace .Values.global.namespace -}}
{{- end -}}
{{/*
Compute if the csi driver is enabled.
*/}}
@ -75,6 +82,17 @@ Compute if the server serviceaccount is enabled.
(eq (.Values.global.enabled | toString) "true"))) -}}
{{- end -}}
{{/*
Compute if the server serviceaccount should have a token created and mounted to the serviceaccount.
*/}}
{{- define "vault.serverServiceAccountSecretCreationEnabled" -}}
{{- $_ := set . "serverServiceAccountSecretCreationEnabled"
(and
(eq (.Values.server.serviceAccount.create | toString) "true")
(eq (.Values.server.serviceAccount.createSecret | toString) "true")) -}}
{{- end -}}
{{/*
Compute if the server auth delegator serviceaccount is enabled.
*/}}
@ -149,7 +167,11 @@ Set's the replica count based on the different modes configured by user
{{ if eq .mode "standalone" }}
{{- default 1 -}}
{{ else if eq .mode "ha" }}
{{- .Values.server.ha.replicas | default 3 -}}
{{- if or (kindIs "int64" .Values.server.ha.replicas) (kindIs "float64" .Values.server.ha.replicas) -}}
{{- .Values.server.ha.replicas -}}
{{ else }}
{{- 3 -}}
{{- end -}}
{{ else }}
{{- default 1 -}}
{{ end }}
@ -688,6 +710,33 @@ Sets extra vault server Service annotations
{{- end }}
{{- end -}}
{{/*
Sets extra vault server Service (active) annotations
*/}}
{{- define "vault.service.active.annotations" -}}
{{- if .Values.server.service.active.annotations }}
{{- $tp := typeOf .Values.server.service.active.annotations }}
{{- if eq $tp "string" }}
{{- tpl .Values.server.service.active.annotations . | nindent 4 }}
{{- else }}
{{- toYaml .Values.server.service.active.annotations | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Sets extra vault server Service annotations
*/}}
{{- define "vault.service.standby.annotations" -}}
{{- if .Values.server.service.standby.annotations }}
{{- $tp := typeOf .Values.server.service.standby.annotations }}
{{- if eq $tp "string" }}
{{- tpl .Values.server.service.standby.annotations . | nindent 4 }}
{{- else }}
{{- toYaml .Values.server.service.standby.annotations | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Sets PodSecurityPolicy annotations
*/}}

4
charts/hashicorp/vault/templates/csi-agent-configmap.yaml
View File

@ -9,7 +9,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "vault.fullname" . }}-csi-provider-agent-config
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
@ -21,7 +21,7 @@ data:
{{- if .Values.global.externalVaultAddr }}
"address" = "{{ .Values.global.externalVaultAddr }}"
{{- else }}
"address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}"
"address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}"
{{- end }}
}

2
charts/hashicorp/vault/templates/csi-clusterrolebinding.yaml
View File

@ -20,5 +20,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "vault.fullname" . }}-csi-provider
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
{{- end }}

4
charts/hashicorp/vault/templates/csi-daemonset.yaml
View File

@ -9,7 +9,7 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "vault.fullname" . }}-csi-provider
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
app.kubernetes.io/instance: {{ .Release.Name }}
@ -71,7 +71,7 @@ spec:
{{- else if .Values.global.externalVaultAddr }}
value: "{{ .Values.global.externalVaultAddr }}"
{{- else }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
{{- end }}
volumeMounts:
- name: providervol

1
charts/hashicorp/vault/templates/csi-role.yaml
View File

@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "vault.fullname" . }}-csi-provider-role
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
app.kubernetes.io/instance: {{ .Release.Name }}

3
charts/hashicorp/vault/templates/csi-rolebinding.yaml
View File

@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "vault.fullname" . }}-csi-provider-rolebinding
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
app.kubernetes.io/instance: {{ .Release.Name }}
@ -20,5 +21,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "vault.fullname" . }}-csi-provider
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
{{- end }}

2
charts/hashicorp/vault/templates/csi-serviceaccount.yaml
View File

@ -9,7 +9,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "vault.fullname" . }}-csi-provider
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/injector-certs-secret.yaml
View File

@ -10,7 +10,7 @@ apiVersion: v1
kind: Secret
metadata:
name: vault-injector-certs
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/injector-clusterrolebinding.yaml
View File

@ -20,5 +20,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "vault.fullname" . }}-agent-injector
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
{{ end }}

6
charts/hashicorp/vault/templates/injector-deployment.yaml
View File

@ -10,7 +10,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "vault.fullname" . }}-agent-injector
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}
@ -64,7 +64,7 @@ spec:
{{- else if .Values.injector.externalVaultAddr }}
value: "{{ .Values.injector.externalVaultAddr }}"
{{- else }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
{{- end }}
- name: AGENT_INJECT_VAULT_AUTH_PATH
value: {{ .Values.injector.authPath }}
@ -79,7 +79,7 @@ spec:
- name: AGENT_INJECT_TLS_AUTO
value: {{ template "vault.fullname" . }}-agent-injector-cfg
- name: AGENT_INJECT_TLS_AUTO_HOSTS
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }}.svc
{{- end }}
- name: AGENT_INJECT_LOG_FORMAT
value: {{ .Values.injector.logFormat | default "standard" }}

2
charts/hashicorp/vault/templates/injector-disruptionbudget.yaml
View File

@ -8,7 +8,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "vault.fullname" . }}-agent-injector
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector

2
charts/hashicorp/vault/templates/injector-mutating-webhook.yaml
View File

@ -28,7 +28,7 @@ webhooks:
clientConfig:
service:
name: {{ template "vault.fullname" . }}-agent-injector-svc
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
path: "/mutate"
caBundle: {{ .Values.injector.certs.caBundle | quote }}
rules:

2
charts/hashicorp/vault/templates/injector-psp-role.yaml
View File

@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "vault.fullname" . }}-agent-injector-psp
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/injector-psp-rolebinding.yaml
View File

@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "vault.fullname" . }}-agent-injector-psp
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/injector-role.yaml
View File

@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}

4
charts/hashicorp/vault/templates/injector-rolebinding.yaml
View File

@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}
@ -22,6 +22,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "vault.fullname" . }}-agent-injector
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
{{- end }}
{{- end }}

2
charts/hashicorp/vault/templates/injector-service.yaml
View File

@ -9,7 +9,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.fullname" . }}-agent-injector-svc
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/injector-serviceaccount.yaml
View File

@ -9,7 +9,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "vault.fullname" . }}-agent-injector
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/prometheus-servicemonitor.yaml
View File

@ -45,5 +45,5 @@ spec:
insecureSkipVerify: true
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
- {{ include "vault.namespace" . }}
{{ end }}

2
charts/hashicorp/vault/templates/server-clusterrolebinding.yaml
View File

@ -25,5 +25,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "vault.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
{{ end }}

2
charts/hashicorp/vault/templates/server-config-configmap.yaml
View File

@ -12,7 +12,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "vault.fullname" . }}-config
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}

2
charts/hashicorp/vault/templates/server-discovery-role.yaml
View File

@ -10,7 +10,7 @@ SPDX-License-Identifier: MPL-2.0
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
name: {{ template "vault.fullname" . }}-discovery-role
labels:
helm.sh/chart: {{ include "vault.chart" . }}

4
charts/hashicorp/vault/templates/server-discovery-rolebinding.yaml
View File

@ -15,7 +15,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "vault.fullname" . }}-discovery-rolebinding
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
@ -28,7 +28,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ template "vault.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
{{ end }}
{{ end }}
{{ end }}

2
charts/hashicorp/vault/templates/server-disruptionbudget.yaml
View File

@ -13,7 +13,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "vault.fullname" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}

13
charts/hashicorp/vault/templates/server-ha-active-service.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.fullname" . }}-active
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
@ -22,11 +22,20 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
vault-active: "true"
annotations:
{{ template "vault.service.annotations" .}}
{{- template "vault.service.active.annotations" . }}
{{- template "vault.service.annotations" . }}
spec:
{{- if .Values.server.service.type}}
type: {{ .Values.server.service.type }}
{{- end}}
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
{{- if .Values.server.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
{{- end }}
{{- if .Values.server.service.ipFamilies }}
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
{{- end }}
{{- end }}
{{- if .Values.server.service.clusterIP }}
clusterIP: {{ .Values.server.service.clusterIP }}
{{- end }}

13
charts/hashicorp/vault/templates/server-ha-standby-service.yaml
View File

@ -14,18 +14,27 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.fullname" . }}-standby
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
{{ template "vault.service.annotations" .}}
{{- template "vault.service.standby.annotations" . }}
{{- template "vault.service.annotations" . }}
spec:
{{- if .Values.server.service.type}}
type: {{ .Values.server.service.type }}
{{- end}}
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
{{- if .Values.server.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
{{- end }}
{{- if .Values.server.service.ipFamilies }}
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
{{- end }}
{{- end }}
{{- if .Values.server.service.clusterIP }}
clusterIP: {{ .Values.server.service.clusterIP }}
{{- end }}

10
charts/hashicorp/vault/templates/server-headless-service.yaml
View File

@ -12,7 +12,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.fullname" . }}-internal
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
@ -22,6 +22,14 @@ metadata:
annotations:
{{ template "vault.service.annotations" .}}
spec:
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
{{- if .Values.server.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
{{- end }}
{{- if .Values.server.service.ipFamilies }}
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
{{- end }}
{{- end }}
clusterIP: None
publishNotReadyAddresses: true
ports:

2
charts/hashicorp/vault/templates/server-ingress.yaml
View File

@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "vault.fullname" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}

2
charts/hashicorp/vault/templates/server-psp-role.yaml
View File

@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "vault.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/server-psp-rolebinding.yaml
View File

@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "vault.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

2
charts/hashicorp/vault/templates/server-route.yaml
View File

@ -14,7 +14,7 @@ kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ template "vault.fullname" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}

10
charts/hashicorp/vault/templates/server-service.yaml
View File

@ -12,7 +12,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.fullname" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
@ -24,6 +24,14 @@ spec:
{{- if .Values.server.service.type}}
type: {{ .Values.server.service.type }}
{{- end}}
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
{{- if .Values.server.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
{{- end }}
{{- if .Values.server.service.ipFamilies }}
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
{{- end }}
{{- end }}
{{- if .Values.server.service.clusterIP }}
clusterIP: {{ .Values.server.service.clusterIP }}
{{- end }}

21
charts/hashicorp/vault/templates/server-serviceaccount-secret.yaml Normal file
View File

@ -0,0 +1,21 @@
{{/*
Copyright (c) HashiCorp, Inc.
SPDX-License-Identifier: MPL-2.0
*/}}
{{ template "vault.serverServiceAccountSecretCreationEnabled" . }}
{{- if .serverServiceAccountSecretCreationEnabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "vault.serviceAccount.name" . }}-token
namespace: {{ include "vault.namespace" . }}
annotations:
kubernetes.io/service-account.name: {{ template "vault.serviceAccount.name" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
type: kubernetes.io/service-account-token
{{ end }}

2
charts/hashicorp/vault/templates/server-serviceaccount.yaml
View File

@ -9,7 +9,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "vault.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}

6
charts/hashicorp/vault/templates/server-statefulset.yaml
View File

@ -12,7 +12,7 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "vault.fullname" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
@ -61,6 +61,10 @@ spec:
{{ template "vault.volumes" . }}
- name: home
emptyDir: {}
{{- if .Values.server.hostAliases }}
hostAliases:
{{ toYaml .Values.server.hostAliases | nindent 8}}
{{- end }}
{{- if .Values.server.extraInitContainers }}
initContainers:
{{ toYaml .Values.server.extraInitContainers | nindent 8}}

6
charts/hashicorp/vault/templates/tests/server-test.yaml
View File

@ -9,8 +9,8 @@ SPDX-License-Identifier: MPL-2.0
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-server-test"
namespace: {{ .Release.Namespace }}
name: {{ template "vault.fullname" . }}-server-test
namespace: {{ include "vault.namespace" . }}
annotations:
"helm.sh/hook": test
spec:
@ -21,7 +21,7 @@ spec:
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
env:
- name: VAULT_ADDR
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
{{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
command:
- /bin/sh

10
charts/hashicorp/vault/templates/ui-service.yaml
View File

@ -12,7 +12,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.fullname" . }}-ui
namespace: {{ .Release.Namespace }}
namespace: {{ include "vault.namespace" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}-ui
@ -20,6 +20,14 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- template "vault.ui.annotations" . }}
spec:
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
{{- if .Values.ui.serviceIPFamilyPolicy }}
ipFamilyPolicy: {{ .Values.ui.serviceIPFamilyPolicy }}
{{- end }}
{{- if .Values.ui.serviceIPFamilies }}
ipFamilies: {{ .Values.ui.serviceIPFamilies | toYaml | nindent 2 }}
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

9
charts/hashicorp/vault/values.openshift.yaml
View File

@ -9,13 +9,16 @@ global:
injector:
image:
repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
tag: "1.2.1-ubi"
tag: "1.3.1-ubi"
agentImage:
repository: "registry.connect.redhat.com/hashicorp/vault"
tag: "1.14.0-ubi"
tag: "1.15.1-ubi"
server:
image:
repository: "registry.connect.redhat.com/hashicorp/vault"
tag: "1.14.0-ubi"
tag: "1.15.1-ubi"
readinessProbe:
path: "/v1/sys/health?uninitcode=204"

39
charts/hashicorp/vault/values.schema.json
View File

@ -228,6 +228,9 @@
"enabled": {
"type": "boolean"
},
"namespace": {
"type": "string"
},
"externalVaultAddr": {
"type": "string"
},
@ -737,6 +740,9 @@
}
}
},
"hostAliases": {
"type": "array"
},
"image": {
"type": "object",
"properties": {
@ -916,6 +922,12 @@
"properties": {
"enabled": {
"type": "boolean"
},
"annotations": {
"type": [
"object",
"string"
]
}
}
},
@ -950,6 +962,12 @@
"properties": {
"enabled": {
"type": "boolean"
},
"annotations": {
"type": [
"object",
"string"
]
}
}
},
@ -964,6 +982,14 @@
},
"standbyNodePort": {
"type": "integer"
},
"ipFamilyPolicy": {
"type": "string"
},
"ipFamilies": {
"type": [
"array"
]
}
}
},
@ -982,6 +1008,9 @@
"extraLabels": {
"type": "object"
},
"createSecret": {
"type": "boolean"
},
"name": {
"type": "string"
},
@ -1137,6 +1166,16 @@
},
"targetPort": {
"type": "integer"
},
"serviceIPFamilyPolicy": {
"type": [
"string"
]
},
"serviceIPFamilies": {
"type": [
"array"
]
}
}
}

91
charts/hashicorp/vault/values.yaml
View File

@ -8,6 +8,9 @@ global:
# will enable or disable all the components within this chart by default.
enabled: true
# The namespace to deploy to. Defaults to the `helm` installation namespace.
namespace: ""
# Image pull secret to use for registry authentication.
# Alternatively, the value may be specified as an array of strings.
imagePullSecrets: []
@ -65,7 +68,7 @@ injector:
# image sets the repo and tag of the vault-k8s image to use for the injector.
image:
repository: "hashicorp/vault-k8s"
tag: "1.2.1"
tag: "1.3.1"
pullPolicy: IfNotPresent
# agentImage sets the repo and tag of the Vault image to use for the Vault Agent
@ -73,7 +76,7 @@ injector:
# required.
agentImage:
repository: "hashicorp/vault"
tag: "1.14.0"
tag: "1.15.1"
# The default values for the injected Vault Agent containers.
agentDefaults:
@ -374,7 +377,7 @@ server:
image:
repository: "hashicorp/vault"
tag: "1.14.0"
tag: "1.15.1"
# Overrides the default Image Pull Policy
pullPolicy: IfNotPresent
@ -442,6 +445,12 @@ server:
# hosts:
# - chart-example.local
# hostAliases is a list of aliases to be added to /etc/hosts. Specified as a YAML list.
hostAliases: []
# - ip: 127.0.0.1
# hostnames:
# - chart-example.local
# OpenShift only - create a route to expose the service
# By default the created route will be of type passthrough
route:
@ -462,7 +471,7 @@ server:
# authDelegator enables a cluster role binding to be attached to the service
# account. This cluster role binding can be used to setup Kubernetes auth
# method. https://www.vaultproject.io/docs/auth/kubernetes.html
# method. See https://developer.hashicorp.com/vault/docs/auth/kubernetes
authDelegator:
enabled: true
@ -649,13 +658,21 @@ server:
service:
enabled: true
# Enable or disable the vault-active service, which selects Vault pods that
# have labelled themselves as the cluster leader with `vault-active: "true"`
# have labeled themselves as the cluster leader with `vault-active: "true"`.
active:
enabled: true
# Extra annotations for the service definition. This can either be YAML or a
# YAML-formatted multi-line templated string map of the annotations to apply
# to the active service.
annotations: {}
# Enable or disable the vault-standby service, which selects Vault pods that
# have labelled themselves as a cluster follower with `vault-active: "false"`
# have labeled themselves as a cluster follower with `vault-active: "false"`.
standby:
enabled: true
# Extra annotations for the service definition. This can either be YAML or a
# YAML-formatted multi-line templated string map of the annotations to apply
# to the standby service.
annotations: {}
# If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}`
# When disabled, services may select Vault pods not deployed from the chart.
# Does not affect the headless vault-internal service with `ClusterIP: None`
@ -673,6 +690,21 @@ server:
# or NodePort.
#type: ClusterIP
# The IP family and IP families options are to set the behaviour in a dual-stack environment.
# Omitting these values will let the service fall back to whatever the CNI dictates the defaults
# should be.
# These are only supported for kubernetes versions >=1.23.0
#
# Configures the service's supported IP family policy, can be either:
# SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
# PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service.
# RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges.
ipFamilyPolicy: ""
# Sets the families that should be supported and the order in which they should be applied to ClusterIP as well.
# Can be IPv4 and/or IPv6.
ipFamilies: []
# Do not wait for pods to be ready before including them in the services'
# targets. Does not apply to the headless service, which is used for
# cluster-internal communication.
@ -709,7 +741,7 @@ server:
# This configures the Vault Statefulset to create a PVC for data
# storage when using the file or raft backend storage engines.
# See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
# See https://developer.hashicorp.com/vault/docs/configuration/storage to know more
dataStorage:
enabled: true
# Size of the PVC created
@ -728,7 +760,7 @@ server:
# logs. Once Vault is deployed, initialized, and unsealed, Vault must
# be configured to use this for audit logs. This will be mounted to
# /vault/audit
# See https://www.vaultproject.io/docs/audit/index.html to know more
# See https://developer.hashicorp.com/vault/docs/audit to know more
auditStorage:
enabled: false
# Size of the PVC created
@ -747,7 +779,7 @@ server:
# and no initialization. This is useful for experimenting with Vault without
# needing to unseal, store keys, et. al. All data is lost on restart - do not
# use dev mode for anything other than experimenting.
# See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
# See https://developer.hashicorp.com/vault/docs/concepts/dev-server to know more
dev:
enabled: false
@ -769,7 +801,7 @@ server:
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
# https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: |
ui = true
@ -812,12 +844,12 @@ server:
replicas: 3
# Set the api_addr configuration for Vault HA
# See https://www.vaultproject.io/docs/configuration#api_addr
# See https://developer.hashicorp.com/vault/docs/configuration#api_addr
# If set to null, this will be set to the Pod IP Address
apiAddr: null
# Set the cluster_addr confuguration for Vault HA
# See https://www.vaultproject.io/docs/configuration#cluster_addr
# See https://developer.hashicorp.com/vault/docs/configuration#cluster_addr
# If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
clusterAddr: null
@ -835,7 +867,7 @@ server:
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
# https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: |
ui = true
@ -862,7 +894,7 @@ server:
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
# https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: |
ui = true
@ -914,6 +946,12 @@ server:
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Create a Secret API object to store a non-expiring token for the service account.
# Prior to v1.24.0, Kubernetes used to generate this secret for each service account by default.
# Kubernetes now recommends using short-lived tokens from the TokenRequest API or projected volumes instead if possible.
# For more details, see https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets
# serviceAccount.create must be equal to 'true' in order to use this feature.
createSecret: false
# Extra annotations for the serviceAccount definition. This can either be
# YAML or a YAML-formatted multi-line templated string map of the
# annotations to apply to the serviceAccount.
@ -970,6 +1008,21 @@ ui:
externalPort: 8200
targetPort: 8200
# The IP family and IP families options are to set the behaviour in a dual-stack environment.
# Omitting these values will let the service fall back to whatever the CNI dictates the defaults
# should be.
# These are only supported for kubernetes versions >=1.23.0
#
# Configures the service's supported IP family, can be either:
# SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
# PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service.
# RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges.
serviceIPFamilyPolicy: ""
# Sets the families that should be supported and the order in which they should be applied to ClusterIP as well
# Can be IPv4 and/or IPv6.
serviceIPFamilies: []
# The externalTrafficPolicy can be set to either Cluster or Local
# and is only valid for LoadBalancer and NodePort service types.
# The default value is Cluster.
@ -1001,7 +1054,7 @@ csi:
image:
repository: "hashicorp/vault-csi-provider"
tag: "1.4.0"
tag: "1.4.1"
pullPolicy: IfNotPresent
# volumes is a list of volumes made available to all containers. These are rendered
@ -1086,7 +1139,7 @@ csi:
image:
repository: "hashicorp/vault"
tag: "1.14.0"
tag: "1.15.1"
pullPolicy: IfNotPresent
logFormat: standard
@ -1143,7 +1196,7 @@ csi:
debug: false
# Pass arbitrary additional arguments to vault-csi-provider.
# See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
# See https://developer.hashicorp.com/vault/docs/platform/k8s/csi/configurations#command-line-arguments
# for the available command line flags.
extraArgs: []
@ -1152,8 +1205,8 @@ csi:
# the Vault configuration. There are a few examples included in the `config` sections above.
#
# For more information see:
# https://www.vaultproject.io/docs/configuration/telemetry
# https://www.vaultproject.io/docs/internals/telemetry
# https://developer.hashicorp.com/vault/docs/configuration/telemetry
# https://developer.hashicorp.com/vault/docs/internals/telemetry
serverTelemetry:
# Enable support for the Prometheus Operator. Currently, this chart does not support
# authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included

2
charts/loft/loft/Chart.yaml
View File

@ -28,4 +28,4 @@ name: loft
sources:
- https://github.com/loft-sh/loft
type: application
version: 3.3.0
version: 3.3.1

4
charts/nats/nats/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.16-0'
catalog.cattle.io/release-name: nats
apiVersion: v2
appVersion: 2.10.3
appVersion: 2.10.4
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
Technology.
home: http://github.com/nats-io/k8s
@ -18,4 +18,4 @@ maintainers:
name: The NATS Authors
url: https://github.com/nats-io
name: nats
version: 1.1.2
version: 1.1.3

2
charts/nats/nats/values.yaml
View File

@ -308,7 +308,7 @@ config:
container:
image:
repository: nats
tag: 2.10.3-alpine
tag: 2.10.4-alpine
pullPolicy:
registry:

16
charts/new-relic/nri-bundle/Chart.lock
View File

@ -1,25 +1,25 @@
dependencies:
- name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
version: 3.23.3
version: 3.23.4
- name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.17
- name: newrelic-prometheus-agent
repository: https://newrelic.github.io/newrelic-prometheus-configurator
version: 1.5.1
version: 1.6.0
- name: nri-metadata-injection
repository: https://newrelic.github.io/k8s-metadata-injection
version: 4.10.2
version: 4.11.0
- name: newrelic-k8s-metrics-adapter
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
version: 1.4.3
version: 1.5.0
- name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 5.12.1
- name: nri-kube-events
repository: https://newrelic.github.io/nri-kube-events
version: 3.2.6
version: 3.3.0
- name: newrelic-logging
repository: https://newrelic.github.io/helm-charts
version: 1.18.1
@ -31,6 +31,6 @@ dependencies:
version: 0.1.4
- name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.3.3
digest: sha256:c543d1a04d2e80cc532d335b7c13104007c19ca20fc64a625ca1f0c4e27ae681
generated: "2023-10-25T15:02:36.960563782Z"
version: 2.4.0
digest: sha256:513fd7c4b9475bfa329ebe349022b95481f456b4facad64b82921bb8926361e1
generated: "2023-10-31T08:04:17.666576471Z"

14
charts/new-relic/nri-bundle/Chart.yaml
View File

@ -7,7 +7,7 @@ dependencies:
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
name: newrelic-infrastructure
repository: file://./charts/newrelic-infrastructure
version: 3.23.3
version: 3.23.4
- condition: prometheus.enabled,nri-prometheus.enabled
name: nri-prometheus
repository: file://./charts/nri-prometheus
@ -15,15 +15,15 @@ dependencies:
- condition: newrelic-prometheus-agent.enabled
name: newrelic-prometheus-agent
repository: file://./charts/newrelic-prometheus-agent
version: 1.5.1
version: 1.6.0
- condition: webhook.enabled,nri-metadata-injection.enabled
name: nri-metadata-injection
repository: file://./charts/nri-metadata-injection
version: 4.10.2
version: 4.11.0
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
name: newrelic-k8s-metrics-adapter
repository: file://./charts/newrelic-k8s-metrics-adapter
version: 1.4.3
version: 1.5.0
- condition: ksm.enabled,kube-state-metrics.enabled
name: kube-state-metrics
repository: file://./charts/kube-state-metrics
@ -31,7 +31,7 @@ dependencies:
- condition: kubeEvents.enabled,nri-kube-events.enabled
name: nri-kube-events
repository: file://./charts/nri-kube-events
version: 3.2.6
version: 3.3.0
- condition: logging.enabled,newrelic-logging.enabled
name: newrelic-logging
repository: file://./charts/newrelic-logging
@ -48,7 +48,7 @@ dependencies:
- condition: newrelic-infra-operator.enabled
name: newrelic-infra-operator
repository: file://./charts/newrelic-infra-operator
version: 2.3.3
version: 2.4.0
description: Groups together the individual charts for the New Relic Kubernetes solution
for a more comfortable deployment.
home: https://github.com/newrelic/helm-charts
@ -89,4 +89,4 @@ sources:
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
version: 5.0.42
version: 5.0.43

4
charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 0.11.3
appVersion: 0.12.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -32,4 +32,4 @@ name: newrelic-infra-operator
sources:
- https://github.com/newrelic/newrelic-infra-operator
- https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator
version: 2.3.3
version: 2.4.0

4
charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 3.18.3
appVersion: 3.18.4
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -35,4 +35,4 @@ sources:
- https://github.com/newrelic/nri-kubernetes/
- https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
- https://github.com/newrelic/infrastructure-agent/
version: 3.23.3
version: 3.23.4

4
charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 0.6.4
appVersion: 0.7.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -20,4 +20,4 @@ name: newrelic-k8s-metrics-adapter
sources:
- https://github.com/newrelic/newrelic-k8s-metrics-adapter
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter
version: 1.4.3
version: 1.5.0

4
charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml
View File

@ -1,5 +1,5 @@
annotations:
configuratorVersion: 1.8.1
configuratorVersion: 1.9.0
apiVersion: v2
appVersion: v2.37.8
dependencies:
@ -31,4 +31,4 @@ maintainers:
url: https://github.com/xqi-nr
name: newrelic-prometheus-agent
type: application
version: 1.5.1
version: 1.6.0

4
charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 2.2.13
appVersion: 2.3.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -35,4 +35,4 @@ sources:
- https://github.com/newrelic/nri-kube-events/
- https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events
- https://github.com/newrelic/infrastructure-agent/
version: 3.2.6
version: 3.3.0

2
charts/new-relic/nri-bundle/charts/nri-kube-events/README.md
View File

@ -1,6 +1,6 @@
# nri-kube-events
![Version: 3.2.6](https://img.shields.io/badge/Version-3.2.6-informational?style=flat-square) ![AppVersion: 2.2.13](https://img.shields.io/badge/AppVersion-2.2.13-informational?style=flat-square)
![Version: 3.3.0](https://img.shields.io/badge/Version-3.3.0-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square)
A Helm chart to deploy the New Relic Kube Events router

4
charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.18.4
appVersion: 1.19.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@ -22,4 +22,4 @@ name: nri-metadata-injection
sources:
- https://github.com/newrelic/k8s-metadata-injection
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
version: 4.10.2
version: 4.11.0

2
charts/redpanda/redpanda/Chart.lock
View File

@ -6,4 +6,4 @@ dependencies:
repository: https://charts.redpanda.com
version: 0.1.7
digest: sha256:2be209fa1660b3c8a030bb35e9e7fa25dcb81aa456ce7a73c2ab1ae6eebb3d04
generated: "2023-10-27T18:34:04.296697929Z"
generated: "2023-10-30T17:31:44.018230015Z"

4
charts/redpanda/redpanda/Chart.yaml
View File

@ -10,7 +10,7 @@ annotations:
artifacthub.io/links: |
- name: Documentation
url: https://docs.redpanda.com
- name: "Helm (>= 3.6.0)"
- name: "Helm (>= 3.8.0)"
url: https://helm.sh/docs/intro/install/
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Redpanda
@ -37,4 +37,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
version: 5.6.35
version: 5.6.37

12
charts/redpanda/redpanda/templates/_helpers.tpl
View File

@ -202,7 +202,10 @@ Use AppVersion if image.tag is not set
Input can be: b | B | k | K | m | M | g | G | Ki | Mi | Gi
Or number without suffix
*/}}
{{- $si := . | toString -}}
{{- $si := . -}}
{{- if not (typeIs "string" . ) -}}
{{- $si = int64 $si | toString -}}
{{- end -}}
{{- $bytes := 0 -}}
{{- if or (hasSuffix "B" $si) (hasSuffix "b" $si) -}}
{{- $bytes = $si | trimSuffix "B" | trimSuffix "b" | float64 | floor -}}
@ -423,6 +426,13 @@ than 1 core.
{{- end -}}
{{- end -}}
{{- define "fail-on-unsupported-helm-version" -}}
{{- $helmVer := (fromYaml (toYaml .Capabilities.HelmVersion)).version -}}
{{- if semverCompare "<3.8.0-0" $helmVer -}}
{{- fail (printf "helm version %s is not supported. Please use helm version v3.8.0 or newer." $helmVer) -}}
{{- end -}}
{{- end -}}
{{- define "redpanda-atleast-22-2-0" -}}
{{- toJson (dict "bool" (or (not (eq .Values.image.repository "docker.redpanda.com/redpandadata/redpanda")) (include "redpanda.semver" . | semverCompare ">=22.2.0-0 || <0.0.1-0"))) -}}
{{- end -}}

1
charts/redpanda/redpanda/templates/statefulset.yaml
View File

@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- include "fail-on-unsupported-helm-version" . -}}
{{- include "fail-on-insecure-sasl-logging" . -}}
{{- $values := .Values }}

2
charts/stackstate/stackstate-k8s-agent/Chart.yaml
View File

@ -21,4 +21,4 @@ maintainers:
- email: ops@stackstate.com
name: Stackstate
name: stackstate-k8s-agent
version: 1.0.49
version: 1.0.51

8
charts/stackstate/stackstate-k8s-agent/README.md
View File

@ -2,7 +2,7 @@
Helm chart for the StackState Agent.
Current chart version is `1.0.49`
Current chart version is `1.0.51`
**Homepage:** <https://github.com/StackVista/stackstate-agent>
@ -61,7 +61,7 @@ stackstate/stackstate-k8s-agent
| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod |
| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
| checksAgent.image.tag | string | `"e36d1c88"` | Default container image tag. |
| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. |
| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
@ -121,7 +121,7 @@ stackstate/stackstate-k8s-agent
| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. |
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. |
| clusterAgent.image.tag | string | `"e36d1c88"` | Default container image tag. |
| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. |
| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
@ -178,7 +178,7 @@ stackstate/stackstate-k8s-agent
| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container |
| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
| nodeAgent.containers.agent.image.tag | string | `"e36d1c88"` | Default container image tag. |
| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. |
| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |

Some files were not shown because too many files have changed in this diff Show More